commit 8e86ac27a90925e6ac85330e8d28413253811e48
parent 14b985ed77ec496346a181a957fbeb4d98cdba96
Author: Martin Schanzenbach <schanzen@gnunet.org>
Date: Thu, 11 Sep 2025 15:04:53 +0200
update zone migration information
Diffstat:
1 file changed, 32 insertions(+), 7 deletions(-)
diff --git a/users/gns.rst b/users/gns.rst
@@ -762,6 +762,28 @@ having the following lines in the gnunet.conf configuration file:
DNS Migration
~~~~~~~~~~~~~
+The following tools facilitate DNS to GNS zone migrations.
+
+The Zoneimport mechanism through ``gnunet-zoneimport`` allows you to mirror delegations in a TLD. We provide an example for AFNIC's ``.fr``.
+Why would you do it this way instead of a zone transfer using AXFR?
+Because some TLD authorities, such as AFNIC, do not support AXFR and only publish a list
+of delegated names.
+In such cases, ``gnunet-zoneimport`` comes in handy. While not perfect in terms
+of mirroring record updates and expirations, it is better than not being able to
+mirror the ``.fr`` TLD at all.
+In general, if the naming authority supports AXFR, then you should consider using Ascension (see below).
+If you are the naming authority, then you should consider manually managing synchronization
+between DNS and GNS or use the ``gnunet-namestore-zonefile`` tool to import DNS zonefiles
+into GNS.
+
+Note that the namestore by default also populates the namecache. This
+pre-population is cryptographically expensive. Thus, on systems that
+only serve to import a large (millions of records) DNS zone and that do
+not have a local gns service in use, it is thus advisable to disable the
+namecache by setting the option *DISABLE* to *YES* in section
+*[namecache]*.
+
+
Zoneimport
""""""""""
@@ -780,12 +802,16 @@ resolver. In the GNS configuration, non-local zones can be configured to
be intercepted by specifying *.tld = PUBLICKEY* in the configuration
file in the *[gns]* section.
-Note that the namestore by default also populates the namecache. This
-pre-population is cryptographically expensive. Thus, on systems that
-only serve to import a large (millions of records) DNS zone and that do
-not have a local gns service in use, it is thus advisable to disable the
-namecache by setting the option *DISABLE* to *YES* in section
-*[namecache]*.
+For example, assuming you have the AFNIC NomsDeDomainEnPointFr CSV file you can execute:
+
+::
+
+ $ cat OPENDATA_A-NomsDeDomaineEnPointFr.csv | cut -d';' -f 1 | tail -n+2 | gnunet-zoneimport 194.0.9.1
+
+This reads the first value of each line in the CSV as the domain name to import.
+The first line is skipped because it (usually) is a header, not an entry.
+The authoritative DNS server for ``fr`` is provided as IP.
+Note that you need to provide authoritative DNS servers.
Zonefile
""""""""
@@ -900,4 +926,3 @@ using DNS zone transfer (AXFR). It asks the administrator which zones to
migrate into GNS and installs a systemd unit file to keep the zone up to
date. If you want to migrate different zones you might want to check the
unit file from the package as a guide.
-
