start of changes

diff --git a/input/howto/dns.mdwn b/input/howto/dns.mdwn
index ca8cfe6..aa14a29 100644 (file)
--- a/input/howto/dns.mdwn
+++ b/input/howto/dns.mdwn
@@ -1,39 +1,21 @@
-# debian.org DNS
+# how to update DNS resource records
 
-For most zones the hidden primary is draghi, with ravel, senfl, klecker
-and orff being the public facing secondaries.
+## updating standard resource records
 
-Domain information lives in a git on draghi, and pushing to it will cause
-the zone to be compiled and reloaded automatically.  Repository lives at
-ssh://dns.debian.org/git/domains.git - public read only mirror available
-using http.
+For most zones, the hidden primary DNS server is denis, with ravel, senfl,
+klecker and orff being the public-facing secondary DNS servers.
 
-Some subdomains (and when I say subdomains, I really only mean www) are
-served by the geodns setup on geo1, 2, and 3.  They have a seperate repo
-ssh://dns.debian.org/git/dsa-geodomains.git and an entirely seperate workflow.
+Zone files are managed via a [git repository][1].  Pushing commits into the git
+repository will invoke a post-commit hook that causes the recompilation and
+reload of the zone files.
 
-At least it's consistent.
+Some subdomains (specifically www.debian.org and security.debian.org) are
+served by the autodns/geodns setup on geo{1,2,3}.  Their zone files are managed
+by a separate [git repository][2].
 
-# DNSSEC
+## updating DNSSEC records
 
-Adding DNSSEC KSK and ZSK for zones is done by running
-/srv/dns.debian.org/bin/maintkeydb with the following options:
+TODO
 
-./bin/maintkeydb create both NSEC3RSASHA1 default your.ip6.arpa
-
-Use RSASHA1 instead of NSEC3RSASHA1 for IPv4 address space.
-
-After that a "; wzf: dnssec = 1" needs to be added to the zone file.
-
-## DLV
-
-In order to publish our trust anchors in the ISC DLV, add
-"; dlv-submit = yes" to the zonefile, then run the dlv-submit-many script
-in /org/dns.debian.org/dlv-sync.
-
-In order to authenticate our control of that zone to ISC you'll have to
-manually add a DLV cookie to the respective zone.  After adding it you either
-need to wait a day or so for ISC to re-check by themselves (re-run the script
-for status information) or trigger a re-check on their website.
-
-Once they have verified the cookie it can be removed from the zone again.
+[1]: ssh://git@ubergit.debian.org/dsa/domains
+[2]: ssh://git@ubergit.debian.org/dsa/auto-dns

diff --git a/input/howto/new-machine.creole b/input/howto/new-machine.creole
index cd5bbe8..542d1c7 100644 (file)
--- a/input/howto/new-machine.creole
+++ b/input/howto/new-machine.creole
@@ -1,4 +1,4 @@
-== setup/integrate a new machine ==
+= how to add a new machine =
 
 Note: this has recently been changed to rely more on [[puppet|howto/puppet-setup]].  If stuff breaks fix it.
 

diff --git a/input/index.mdwn b/input/index.mdwn
index a478d97..9aa9b96 100644 (file)
--- a/input/index.mdwn
+++ b/input/index.mdwn
@@ -1,8 +1,8 @@
 # Debian System Administrators
 
-The Debian System Debian Administrator team (DSA) is responsible for
+The Debian System Debian Administration (DSA) team is responsible for
 Debian's infrastructure.  This wiki is focussed on system administration
-documention, primarily in the form of HOWTOs, for the team.
+documention, primarily in the form of HOWTOs, for users and administrators.
 
 To contact us, mail debian-admin@lists.debian.org.
 
@@ -35,8 +35,8 @@ ticket.
 
 ## documentation for team members
 
-* [[howto/dns]]
-* [[howto/new-machine]]: how to add a machine
+* [how to update dns resource records](howto/dns)
+* [how to add a new machine](howto/new-machine)
 * [[howto/decomission]]: how to decomission a machine
 * [[howto/puppet-setup]]
 * [[howto/upgrade-to-lenny]]