Add text about config file system and keys sections (and few other things)

doc/installation.xml

@@ -11,9 +11,9 @@
     <para>
       Knot DNS requires few libraries to be compiled:
       <itemizedlist>
-	<listitem><tt>OpenSSL</tt></listitem>
-	<listitem><tt>zlib</tt></listitem>
-	<listitem><tt>Userspace RCU</tt></listitem>
+	<listitem>OpenSSL</listitem>
+	<listitem>zlib</listitem>
+	<listitem>Userspace RCU</listitem>
       </itemizedlist>
     </para>
     <para>
@@ -39,7 +39,10 @@
 	library and liburcu-dev for development files.
       </para>
       <para>
-	Minimum supported version of Userspace RCU library is [TODO].
+	Minimum supported version of Userspace RCU library is 0.4.0,
+	but we recommend using latest available version.  It is
+	especially on non-Linux systems as we got some compatibility
+	patches accepted in later releases of Userspace RCU.
       </para>
     </section>
   </section>
@@ -55,20 +58,28 @@
       <para>
 	For all available options run:
 
-	<tt>./configure --help</tt>
+	<programlisting>
+	  ./configure --help
+	</programlisting>
       </para>
     </section>
     <section>
       <title>Compilation</title>
       <para>
-	After running <tt>./configure</tt> you can compile Knot DNS by
-	running <tt>make</tt> command, which will produce binaries and
+	After running ./configure you can compile Knot DNS by
+	running make command, which will produce binaries and
 	other related files.
+	<programlisting>
+	  make
+	</programlisting>
       </para>
       <para>
-	Knot DNS build process is safe to paralelize using <tt>make -j
-	N</tt>, where N is number of concurrent processes.  Using this
+	Knot DNS build process is safe to paralelize using "make -j
+	N", where N is number of concurrent processes.  Using this
 	option can increase speed of the compilation.
+	<programlisting>
+	  make -j N
+	</programlisting>
       </para>
     </section>
     <section>
@@ -77,10 +88,13 @@
 	When you have finished building the Knot DNS, it's time to
 	install the binaries and configuration files into the
 	operation system hierarchy.  You can do so by
-	executing <tt>make install</tt> command.  When installing as a
+	executing "make install" command.  When installing as a
 	non-root user you might have to gain elevated privileges by
-	switching to root user, e.g. <tt>sudo make install</tt>
-	or <tt>su -c 'make install'</tt>.
+	switching to root user, e.g. "sudo make install"
+	or "su -c 'make install'".
+	<programlisting>
+	  make install
+	</programlisting>
       </para>
     </section>
   </section>

doc/reference.xml

 <chapter>
   <title>Knot DNS Configuration Reference</title>
   <para>
-    [TODO]
+    This reference describe every configuration option in Knot DNS.
   </para>
+  <section xml:id="section">
+    <title>system</title>
+    <para>
+      The <emphasis>system</emphasis> statement contains general
+      options related to the operating system and other general
+      options which don't fit anywhere else.
+    </para>
+    <section>
+      <title>Options</title>
+      <para>
+	Contains zero or more:
+	<itemizedlist>
+	  <listitem><link xml:id="identity">identity</link> "<emphasis>identity</emphasis>";</listitem>
+	  <listitem><link xml:id="version">version</link> "<emphasis>version</emphasis>";</listitem>
+	  <listitem><link xml:id="nsid">nsid</link> "<emphasis>nsid</emphasis>";</listitem>
+	  <listitem><link xml:id="storage">storage</link> "<emphasis>directory</emphasis>";</listitem>
+	  <listitem><link xml:id="pidfile">pidfile</link> "<emphasis>pidfile</emphasis>";</listitem>
+	  <listitem><link xml:id="workers">workers</link> <emphasis>number</emphasis>;</listitem>
+	  <listitem><link xml:id="user">user</link> <emphasis>user</emphasis>[.<emphasis>group</emphasis>];</listitem>
+	</itemizedlist>
+      </para>
+    </section>
+    <section>
+      <title>Example:</title>
+      <para>
+	<programlisting>
+	  system {
+	    version "1.0.7";
+	    storage "/var/lib/knot";
+	  }
+	</programlisting>
+      </para>
+    </section>
+    <section>
+      <title>Statement Definition and Usage</title>
+      <section xml:id="identity">
+	<title>identity</title>
+	<para>
+	  Identity of the server (see RFC 4892). Not used yet.
+	</para>
+	<para>
+	  <programlisting>
+	    system {
+	      identity "Knot DNS";
+	    }
+	  </programlisting>
+	</para>
+      </section>
+      <section xml:id="version">
+	<title>version</title>
+	<para>
+	  Version of the server (see RFC 4892). Not used yet.
+	</para>
+	<para>
+	  <programlisting>
+	    system {
+	      version "1.0.5";
+	    }
+	  </programlisting>
+	</para>
+      </section>
+      <section xml:id="nsid">
+	<title>nsid</title>
+	<para>
+	  DNS Name Server Identifier (RFC 5001)
+	</para>
+	<para>
+	  Use a string format "text" or a hexstring f.e. 0x01ab00
+	</para>
+	<para>
+	  <programlisting>
+	    system {
+	      nsid 0x00cafe;
+	    }
+	  </programlisting>
+	</para>
+      </section>
+      <section xml:id="storage">
+	<title>storage</title>
+	<para>
+	  The working directory of the Knot DNS, it is used to store compiled zone files and it's also a default location of the pidfile.
+	</para>
+	<para>
+	  <programlisting>
+	    system {
+	      storage "/var/lib/knot";
+	    }
+	  </programlisting>
+	</para>
+      </section>
+      <section xml:id="pidfile">
+	<title>pidfile</title>
+	<para>
+	  Custom pidfile location.
+	</para>
+	<para>
+	  Default value: knot.pid in <link xml:id="storage">storage</link> directory)
+	</para>
+	<para>
+	  <programlisting>
+	    system {
+	      pidfile "/var/run/knot.pid";
+	  </programlisting>
+	</para>
+      </section>
+      <section xml:id="workers">
+	<title>workers</title>
+	<para>
+	   Number of workers (threads) per interface.  This option is used to force number of threads used per interface.
+	</para>
+	<para>
+	  Default value: unset (auto-estimates optimal value from the number of online CPUs)
+	</para>
+	<para>
+	  <programlisting>
+	    system {
+	      workers: 16
+	    }
+	  </programlisting>
+	</para>
+      </section>
+      <section xml:id="user">
+	<title>user</title>
+	<para>
+	  System user or user.group under which the Knot DNS is run after starting and binding to interfaces.
+	</para>
+	<para>
+	  Default value: root.root
+	</para>
+	<para>
+	  <programlisting>
+	    system {
+	      user knot.knot;
+	    }
+	  </programlisting>
+	</para>
+      </section>
+    </section>
+  </section>
+  <section xml:id="keys">
+    <title>keys</title>
+    <para>
+      The <emphasis>keys</emphasis> statement sets up the TSIG keys used to authenticate zone transfers.
+    </para>
+    <section>
+      <title>Options</title>
+      <para>
+	Contains one or more:
+	<itemizedlist>
+	  <listitem><emphasis><link xml:id="key_id">key_id</link></emphasis> <emphasis>algorithm</emphasis> "<emphasis>key-contents</emphasis>";</listitem>
+	</itemizedlist>
+      </para>
+    </section>
+    <section>
+      <title>Example</title>
+      <para>
+	<programlisting>
+	  keys {
+	    key0.server0 hmac-md5 "Wg==";
+	    foobar.example.com. hmac-sha256 "RQ==";
+	  }
+	</programlisting>
+      </para>
+    </section>
+    <section>
+      <title>Statement Definition and Usage</title>
+      <section xml:id="key_id">
+	<title><emphasis>key_id</emphasis></title>
+	<para>
+	  The <emphasis>key_id</emphasis> statement defines a secret shared key for use with TSIG.  It consists of
+	</para>
+	<para>
+	  You will need to use bind or ldns utils to generate TSIG keys.  Knot DNS doesn't have it's own generation utilities yet.
+	  <programlisting>
+	    $ dnssec-keygen -a HMAC-SHA256 -b 256 -n HOST foobar.example.com
+	    Kfoobar.example.com.+163+21239
+	    $ cat Kfoobar.example.com.+163+21239.key 
+	    foobar.example.com. IN KEY 512 3 163 rqv2WRyDgIUaHcJi03Zssor9jtG1kOpb3dPywxZfTeo=
+	  </programlisting>
+	</para>
+	<para>
+	  Key generated in previous paragraph would be written as:
+	  <programlisting>
+	    keys {
+	      foobar.example.com. hmac-sha256 "rqv2WRyDgIUaHcJi03Zssor9jtG1kOpb3dPywxZfTeo=";
+	    }
+	  </programlisting>
+	</para>
+      </section>	
+    </section>
+  </section>
 </chapter>