gnu: services: use seconds instead of duration strings.

* gnu/services/dns.scm (zone-file, knot-policy-configuration): Use numbers
instead of duration strings.
(verify-knot-policy-configuration): Fix typo.
* doc/guix.texi (DNS Services): Update documentation.
This commit is contained in:
Julien Lepiller 2017-06-10 11:59:18 +02:00
parent afd06f605b
commit f3853a259b
No known key found for this signature in database
GPG key ID: 43111F4520086A0C
2 changed files with 22 additions and 27 deletions

View file

@ -13907,26 +13907,21 @@ The serial number of the zone. As this is used to keep track of changes by
both slaves and resolvers, it is mandatory that it @emph{never} decreases.
Always increment it when you make a change in your zone.
@item @code{refresh} (default: @code{"2d"})
The frequency at which slaves will do a zone transfer. This value can be
a number of seconds or a number of some unit between:
@itemize
@item m: minute
@item h: hour
@item d: day
@item w: week
@end itemize
@item @code{refresh} (default: @code{(* 2 24 3600)})
The frequency at which slaves will do a zone transfer. This value is a number
of seconds. It can be computed by multiplications or with
@code{(string->duration)}.
@item @code{retry} (default: @code{"15m"})
@item @code{retry} (default: @code{(* 15 60)})
The period after which a slave will retry to contact its master when it fails
to do so a first time.
@item @code{expiry} (default: @code{"2w"})
@item @code{expiry} (default: @code{(* 14 24 3600)})
Default TTL of records. Existing records are considered correct for at most
this amount of time. After this period, resolvers will invalidate their cache
and check again that it still exists.
@item @code{nx} (default: @code{"1h"})
@item @code{nx} (default: @code{3600})
Default TTL of inexistant records. This delay is usually short because you want
your new domains to reach everyone quickly.
@ -14029,17 +14024,17 @@ algorithm, but would be unsecure for other algorithms.
The TTL value for DNSKEY records added into zone apex. The special
@code{'default} value means same as the zone SOA TTL.
@item @code{zsk-lifetime} (default: @code{"30d"})
@item @code{zsk-lifetime} (default: @code{(* 30 24 3600)})
The period between ZSK publication and the next rollover initiation.
@item @code{propagation-delay} (default: @code{"1d"})
@item @code{propagation-delay} (default: @code{(* 24 3600)})
An extra delay added for each key rollover step. This value should be high
enough to cover propagation of data from the master server to all slaves.
@item @code{rrsig-lifetime} (default: @code{"14d"})
@item @code{rrsig-lifetime} (default: @code{(* 14 24 3600)})
A validity period of newly issued signatures.
@item @code{rrsig-refresh} (default: @code{"7d"})
@item @code{rrsig-refresh} (default: @code{(* 7 24 3600)})
A period how long before a signature expiration the signature will be refreshed.
@item @code{nsec3?} (default: @code{#f})
@ -14052,7 +14047,7 @@ The number of additional times the hashing is performed.
The length of a salt field in octets, which is appended to the original owner
name before hashing.
@item @code{nsec3-salt-lifetime} (default: @code{"30d"})
@item @code{nsec3-salt-lifetime} (default: @code{(* 30 24 3600)})
The validity period of newly issued salt field.
@end table

View file

@ -99,13 +99,13 @@ (define-record-type* <zone-file>
(serial zone-file-serial
(default 1))
(refresh zone-file-refresh
(default "2d"))
(default (* 2 24 3600)))
(retry zone-file-retry
(default "15m"))
(default (* 15 60)))
(expiry zone-file-expiry
(default "2w"))
(default (* 2 7 24 3600)))
(nx zone-file-nx
(default "1h")))
(default 3600)))
(define-record-type* <knot-keystore-configuration>
knot-keystore-configuration make-knot-keystore-configuration
knot-keystore-configuration?
@ -136,13 +136,13 @@ (define-record-type* <knot-policy-configuration>
(dnskey-ttl knot-policy-configuration-dnskey-ttl
(default 'default))
(zsk-lifetime knot-policy-configuration-zsk-lifetime
(default "30d"))
(default (* 30 24 3600)))
(propagation-delay knot-policy-configuration-propagation-delay
(default "1d"))
(default (* 24 3600)))
(rrsig-lifetime knot-policy-configuration-rrsig-lifetime
(default "14d"))
(default (* 14 24 3600)))
(rrsig-refresh knot-policy-configuration-rrsig-refresh
(default "7d"))
(default (* 7 24 3600)))
(nsec3? knot-policy-configuration-nsec3?
(default #f))
(nsec3-iterations knot-policy-configuration-nsec3-iterations
@ -150,7 +150,7 @@ (define-record-type* <knot-policy-configuration>
(nsec3-salt-length knot-policy-configuration-nsec3-salt-length
(default 8))
(nsec3-salt-lifetime knot-policy-configuration-nsec3-salt-lifetime
(default "30d")))
(default (* 30 24 3600))))
(define-record-type* <knot-zone-configuration>
knot-zone-configuration make-knot-zone-configuration
@ -248,7 +248,7 @@ (define (verify-knot-keystore-configuration keystore)
(error-out "backend must be one of: 'pem or 'pkcs11")))
(define (verify-knot-policy-configuration policy)
(unless (knot-keystore-configuration? policy)
(unless (knot-policy-configuration? policy)
(error-out "policies must be a list of only knot-policy-configuration."))
(let ((id (knot-policy-configuration-id policy)))
(unless (and (string? id) (not (equal? id "")))