doc: teenage days of IXFR and DNSSEC are over

- IXFR is no longer experimental - DNSSEC is no longer experimental, but technical preview

doc: teenage days of IXFR and DNSSEC are over
b066c887 · Jan Včelák · ca91a96d · b066c887 · b066c887 · b066c887
Commit b066c887 authored 11 years ago by Jan Včelák
--- a/doc/configuration.texi
+++ b/doc/configuration.texi
@@ -13,7 +13,7 @@ In this chapter we provide suggested configurations and explain the meaning of i
 * Enabling zone semantic checks::
 * Creating IXFR differences from zone file changes::
 * Using Response Rate Limiting::
-* Automatic DNSSEC signing (experimental)::
+* Automatic DNSSEC signing::
 @end menu

 @node Minimal configuration
@@ -192,24 +192,7 @@ message to its primary master specified by @code{xfr-in} directive. When it rece
 the response from primary master, it forwards it back to the originator. This finishes the transaction.

 However, if the zone is configured as master (i.e. not having any @code{xfr-in} directive), it accepts
-such an UPDATE and processes it. As of 1.2, there are a few limitations with DNSSEC signed zones described below. Other than that, UPDATE of unsigned zones works as expected without any limitations.
-
-@itemize @bullet
-@item
-Knot DNS doesn't automatically sign incoming RR if the zone is signed.
-As a workaround, it accepts DNSSEC-related records. However, it may prove challenging
-to create such an UPDATE that it correctly adds/replaces signed RRs, so this
-feature should be treated as experimental until correct signing is implemented.
-
-@item
-As for the reason in a previous point, removing RRSIG with no specified rdata makes it impossible
-to determine whether the user meant a RRSIG for an NSEC3 record or other one.
-Since they are stored separately, it is advisable to always specify RRSIG along with at least the types it covers.
-
-@item
-Deleting a last RR also removes its RRSIG.
-
-@end itemize
+such an UPDATE and processes it.

 @node Remote control interface
 @section Remote control interface
@@ -246,7 +229,7 @@ which checks are enabled by default and which are optional.

 @node Creating IXFR differences from zone file changes
 @section Creating IXFR differences from zone file changes
-If Knot is being run as a master server, experimental feature @code{ixfr-from-differences}
+If Knot is being run as a master server, feature @code{ixfr-from-differences}
 can be enabled to create IXFR differences from changes made to the master zone file.
 See @ref{Controlling running daemon} for more information. For more about @code{zones} statement see @ref{zones}.

@@ -276,14 +259,14 @@ system @{
 @}
 @end example

-@node Automatic DNSSEC signing (experimental)
-@section Automatic DNSSEC signing (experimental)
+@node Automatic DNSSEC signing
+@section Automatic DNSSEC signing

 Knot DNS 1.4 is the first release to include automatic DNSSEC signing feature.
-Automatic DNSSEC signing is currently highly experimental and there is a lot of
-issues we are working on and limitations we will try to eliminate. By all
-means, anything in the current implementation can change including
-configuration options. We have no intention to maintain backward compatibility.
+Automatic DNSSEC signing is currently technical preview and there are some
+limitations we will try to eliminate. The concept of key management and
+configuration is likely to change in future without maintaining backward
+compatibility.

 @subsection Example configuration


--- a/doc/introduction.texi
+++ b/doc/introduction.texi
@@ -29,8 +29,7 @@ Knot DNS supports the following DNS features:

 @itemize
 @item TCP/UDP protocols
-@item AXFR - master, slave
-@item IXFR - master (primary master experimental), slave
+@item AXFR, IXFR - master, slave
 @item TSIG
 @item ENDS0
 @item DNSSEC, including NSEC3

--- a/doc/reference.texi
+++ b/doc/reference.texi
@@ -831,7 +831,7 @@ Most checks are disabled by default.
 @subsubsection ixfr-from-differences
 @vindex ixfr-from-differences

-EXPERIMENTAL: option @code{ixfr-from-differences} is only relevant if you are running Knot DNS as a master for this zone.
+Option @code{ixfr-from-differences} is only relevant if you are running Knot DNS as a master for this zone.
 By turning the feature on you tell Knot to create differences from changes you made to a zone file upon server reload.
 See @ref{Controlling running daemon} for more information.

@@ -882,7 +882,7 @@ Default value: not set
 @subsubsection dnssec-enable
 @vindex dnssec-enable

-EXPERIMENTAL: Enable automatic DNSSEC signing for the zone.
+PREVIEW: Enable automatic DNSSEC signing for the zone.

 Default value (in @code{zones} section): off

@@ -926,7 +926,7 @@ zones @{
  example.com @{
    storage "samples";
    file "example.com.zone";
-    ixfr-from-differences off; #experimental
+    ixfr-from-differences off;
    disable-any off;
    semantic-checks on;
    notify-timeout 60;

--- a/doc/running.texi
+++ b/doc/running.texi
@@ -155,9 +155,7 @@ $ knotc -c master.conf reload  # reconfigure and load updated zones

 If you want @emph{IXFR-out} differences created from changes you make to a zone file, enable @ref{ixfr-from-differences}
 in @code{zones} statement, then reload your server as seen above.
-If @emph{SOA}'s @emph{serial} is not changed no differences will be created. Please note
-that this feature is in @emph{experimental} stage and should be used with care.
-If you encounter a bug using this feature, please send it to Knot developers (@pxref{Submitting a bugreport}).
+If @emph{SOA}'s @emph{serial} is not changed no differences will be created.

 If you want to force refresh the slave zones, you can do this with the @code{knotc refresh} action.
 @example

--- a/man/knot.conf.5.in
+++ b/man/knot.conf.5.in
@@ -217,7 +217,7 @@ serves as an example of the configuration for knotc(8) and knotd(8).
  # default: ${localstatedir}/lib/knot, configured with --with-storage
  storage "/var/lib/knot";

-  # Build differences from zone file changes. EXPERIMENTAL feature.
+  # Build differences from zone file changes
  # Possible values: on|off
  # Default value: off
  ixfr-from-differences off;
@@ -256,7 +256,7 @@ serves as an example of the configuration for knotc(8) and knotd(8).
  # f.e. 1k, 100M, 2G
  ixfr-fslimit 1G;

-  # Enable DNSSEC online signing (EXPERIMENTAL)
+  # Enable DNSSEC online signing (technical preview)
  # Possible values: on | off;
  # Default value: off
  dnssec-enable off;
@@ -331,7 +331,7 @@ serves as an example of the configuration for knotc(8) and knotd(8).
    # Default value: inherited from zones section
    dnssec-keydir "keys";

-    # Enable DNSSEC online signing (EXPERIMENTAL)
+    # Enable DNSSEC online signing (technical preview)
    # Possible values: on | off;
    # Default value: inherited from zones section
    dnssec-enable off;