gnu: services: use seconds instead of duration strings.

* gnu/services/dns.scm (zone-file, knot-policy-configuration): Use numbers
instead of duration strings.
(verify-knot-policy-configuration): Fix typo.
* doc/guix.texi (DNS Services): Update documentation.
This commit is contained in:
Julien Lepiller 2017-06-10 11:59:18 +02:00
parent afd06f605b
commit f3853a259b
No known key found for this signature in database
GPG key ID: 43111F4520086A0C
2 changed files with 22 additions and 27 deletions

View file

@ -13907,26 +13907,21 @@ The serial number of the zone. As this is used to keep track of changes by
both slaves and resolvers, it is mandatory that it @emph{never} decreases. both slaves and resolvers, it is mandatory that it @emph{never} decreases.
Always increment it when you make a change in your zone. Always increment it when you make a change in your zone.
@item @code{refresh} (default: @code{"2d"}) @item @code{refresh} (default: @code{(* 2 24 3600)})
The frequency at which slaves will do a zone transfer. This value can be The frequency at which slaves will do a zone transfer. This value is a number
a number of seconds or a number of some unit between: of seconds. It can be computed by multiplications or with
@itemize @code{(string->duration)}.
@item m: minute
@item h: hour
@item d: day
@item w: week
@end itemize
@item @code{retry} (default: @code{"15m"}) @item @code{retry} (default: @code{(* 15 60)})
The period after which a slave will retry to contact its master when it fails The period after which a slave will retry to contact its master when it fails
to do so a first time. to do so a first time.
@item @code{expiry} (default: @code{"2w"}) @item @code{expiry} (default: @code{(* 14 24 3600)})
Default TTL of records. Existing records are considered correct for at most Default TTL of records. Existing records are considered correct for at most
this amount of time. After this period, resolvers will invalidate their cache this amount of time. After this period, resolvers will invalidate their cache
and check again that it still exists. and check again that it still exists.
@item @code{nx} (default: @code{"1h"}) @item @code{nx} (default: @code{3600})
Default TTL of inexistant records. This delay is usually short because you want Default TTL of inexistant records. This delay is usually short because you want
your new domains to reach everyone quickly. your new domains to reach everyone quickly.
@ -14029,17 +14024,17 @@ algorithm, but would be unsecure for other algorithms.
The TTL value for DNSKEY records added into zone apex. The special The TTL value for DNSKEY records added into zone apex. The special
@code{'default} value means same as the zone SOA TTL. @code{'default} value means same as the zone SOA TTL.
@item @code{zsk-lifetime} (default: @code{"30d"}) @item @code{zsk-lifetime} (default: @code{(* 30 24 3600)})
The period between ZSK publication and the next rollover initiation. The period between ZSK publication and the next rollover initiation.
@item @code{propagation-delay} (default: @code{"1d"}) @item @code{propagation-delay} (default: @code{(* 24 3600)})
An extra delay added for each key rollover step. This value should be high An extra delay added for each key rollover step. This value should be high
enough to cover propagation of data from the master server to all slaves. enough to cover propagation of data from the master server to all slaves.
@item @code{rrsig-lifetime} (default: @code{"14d"}) @item @code{rrsig-lifetime} (default: @code{(* 14 24 3600)})
A validity period of newly issued signatures. A validity period of newly issued signatures.
@item @code{rrsig-refresh} (default: @code{"7d"}) @item @code{rrsig-refresh} (default: @code{(* 7 24 3600)})
A period how long before a signature expiration the signature will be refreshed. A period how long before a signature expiration the signature will be refreshed.
@item @code{nsec3?} (default: @code{#f}) @item @code{nsec3?} (default: @code{#f})
@ -14052,7 +14047,7 @@ The number of additional times the hashing is performed.
The length of a salt field in octets, which is appended to the original owner The length of a salt field in octets, which is appended to the original owner
name before hashing. name before hashing.
@item @code{nsec3-salt-lifetime} (default: @code{"30d"}) @item @code{nsec3-salt-lifetime} (default: @code{(* 30 24 3600)})
The validity period of newly issued salt field. The validity period of newly issued salt field.
@end table @end table

View file

@ -99,13 +99,13 @@ (define-record-type* <zone-file>
(serial zone-file-serial (serial zone-file-serial
(default 1)) (default 1))
(refresh zone-file-refresh (refresh zone-file-refresh
(default "2d")) (default (* 2 24 3600)))
(retry zone-file-retry (retry zone-file-retry
(default "15m")) (default (* 15 60)))
(expiry zone-file-expiry (expiry zone-file-expiry
(default "2w")) (default (* 2 7 24 3600)))
(nx zone-file-nx (nx zone-file-nx
(default "1h"))) (default 3600)))
(define-record-type* <knot-keystore-configuration> (define-record-type* <knot-keystore-configuration>
knot-keystore-configuration make-knot-keystore-configuration knot-keystore-configuration make-knot-keystore-configuration
knot-keystore-configuration? knot-keystore-configuration?
@ -136,13 +136,13 @@ (define-record-type* <knot-policy-configuration>
(dnskey-ttl knot-policy-configuration-dnskey-ttl (dnskey-ttl knot-policy-configuration-dnskey-ttl
(default 'default)) (default 'default))
(zsk-lifetime knot-policy-configuration-zsk-lifetime (zsk-lifetime knot-policy-configuration-zsk-lifetime
(default "30d")) (default (* 30 24 3600)))
(propagation-delay knot-policy-configuration-propagation-delay (propagation-delay knot-policy-configuration-propagation-delay
(default "1d")) (default (* 24 3600)))
(rrsig-lifetime knot-policy-configuration-rrsig-lifetime (rrsig-lifetime knot-policy-configuration-rrsig-lifetime
(default "14d")) (default (* 14 24 3600)))
(rrsig-refresh knot-policy-configuration-rrsig-refresh (rrsig-refresh knot-policy-configuration-rrsig-refresh
(default "7d")) (default (* 7 24 3600)))
(nsec3? knot-policy-configuration-nsec3? (nsec3? knot-policy-configuration-nsec3?
(default #f)) (default #f))
(nsec3-iterations knot-policy-configuration-nsec3-iterations (nsec3-iterations knot-policy-configuration-nsec3-iterations
@ -150,7 +150,7 @@ (define-record-type* <knot-policy-configuration>
(nsec3-salt-length knot-policy-configuration-nsec3-salt-length (nsec3-salt-length knot-policy-configuration-nsec3-salt-length
(default 8)) (default 8))
(nsec3-salt-lifetime knot-policy-configuration-nsec3-salt-lifetime (nsec3-salt-lifetime knot-policy-configuration-nsec3-salt-lifetime
(default "30d"))) (default (* 30 24 3600))))
(define-record-type* <knot-zone-configuration> (define-record-type* <knot-zone-configuration>
knot-zone-configuration make-knot-zone-configuration knot-zone-configuration make-knot-zone-configuration
@ -248,7 +248,7 @@ (define (verify-knot-keystore-configuration keystore)
(error-out "backend must be one of: 'pem or 'pkcs11"))) (error-out "backend must be one of: 'pem or 'pkcs11")))
(define (verify-knot-policy-configuration policy) (define (verify-knot-policy-configuration policy)
(unless (knot-keystore-configuration? policy) (unless (knot-policy-configuration? policy)
(error-out "policies must be a list of only knot-policy-configuration.")) (error-out "policies must be a list of only knot-policy-configuration."))
(let ((id (knot-policy-configuration-id policy))) (let ((id (knot-policy-configuration-id policy)))
(unless (and (string? id) (not (equal? id ""))) (unless (and (string? id) (not (equal? id "")))