Update documentation for release 1.2.0

LetsDNS · Jul 21, 2023 · f47166b · f47166b
1 parent 518f09d
commit f47166b
Show file tree

Hide file tree

Showing 5 changed files with 19 additions and 1 deletion.
diff --git a/Makefile b/Makefile
@@ -3,7 +3,7 @@
 PYPI_REPO	?= testpypi
 SED_INPLACE	?= /opt/local/bin/gsed -i''
 VENV		= $(shell realpath .venv)
-VERSION		?= $(shell echo "1.1.0.dev$$(date -u +'%j%H%M' | sed -e 's/^0//')")
+VERSION		?= $(shell echo "1.2.0.dev$$(date -u +'%j%H%M' | sed -e 's/^0//')")
 
 .PHONY:	clean dist help prep push pypi-upload setver
 

diff --git a/docs/source/_static/mx.ini b/docs/source/_static/mx.ini
@@ -1,6 +1,7 @@
 [DEFAULT]
 cert_ca_path = /usr/local/share/ca-certificates/Lets_Encrypt_R3.crt
 keyfile = /var/lib/dehydrated/letsdns.json
+key_algorithm = hmac-sha256
 nameserver = ns1.example.com
 ttl = 1200
 

diff --git a/docs/source/_static/www.ini b/docs/source/_static/www.ini
@@ -4,6 +4,7 @@ cert_queued_path = /var/lib/dehydrated/certs/example.com/cert.pem
 cert_ca_path = /usr/local/share/ca-certificates/Lets_Encrypt_R3.crt
 domain = example.com
 keyfile = /var/lib/dehydrated/letsdns.json
+key_algorithm = hmac-sha256
 nameserver = ns1.example.com
 tcp_ports = 443
 

diff --git a/docs/source/changelog.rst b/docs/source/changelog.rst
@@ -1,6 +1,11 @@
 Changelog
 =========
 
+1.2.0 (2023-07-22):
+
+* Enhancement: Support various TSIG key algorithms via the new `key_algorithm`
+  configuration option. Suggested by kub3let.
+
 1.0.1 (2022-08-06):
 
 * Documentation: Elaborate on primary use case, describe configuration in more detail.

diff --git a/docs/source/config.rst b/docs/source/config.rst
@@ -6,6 +6,7 @@ available at Python.org. Please note that LetsDNS uses `extended interpolation`_
 [DEFAULT] configuration section are inherited by all other sections.
 
 .. _BIND 9: https://bind9.readthedocs.io/en/latest/
+.. _dnspython: https://dnspython.readthedocs.io/en/latest/
 .. _dynamic action: dynaction.html
 .. _extended interpolation: https://docs.python.org/3/library/configparser.html#interpolation-of-values
 .. _Hetzner DNS API: https://dns.hetzner.com/api-docs
@@ -85,6 +86,16 @@ horizontal dash).
   ``key "mykey" { algorithm hmac-sha256; secret "c2VjcmV0Cg=="; };``
   the matching JSON content is ``{"mykey": "c2VjcmV0Cg=="}``.
 
+- key_algorithm = *algorithm-name*
+
+  TSIG algorithm used for the secret key. The specified name MUST be supported
+  by the `dnspython`_ library. Typical values are `hmac-sha256`, like in the
+  previous BIND 9 example, or `hmac-sha512`. If you do not specify this option,
+  the dnspython library will pick an internal default. This default may not match
+  your keyfile, possibly resulting in a dnspython error like "dns.tsig.PeerBadKey:
+  The peer didn't know the key we used". It is therefore recommended to explicitly
+  define an algorithm.
+
 - nameserver = *hostname | ip-address*
 
   Host name or IP address for your nameserver. Name resolution is