Commit 03f97949 authored by Evan Hunt's avatar Evan Hunt

[master] document default DNSKEY TTL

- see RT #38268
parent 82cf4569
......@@ -306,8 +306,10 @@
into a DNSKEY RR. If the key is imported into a zone,
this is the TTL that will be used for it, unless there was
already a DNSKEY RRset in place, in which case the existing TTL
would take precedence. Setting the default TTL to
<literal>0</literal> or <literal>none</literal> removes it.
would take precedence. If this value is not set and there
is no existing DNSKEY RRset, the TTL will default to the
SOA TTL. Setting the default TTL to <literal>0</literal>
or <literal>none</literal> is the same as leaving it unset.
</para>
</listitem>
</varlistentry>
......
......@@ -126,8 +126,10 @@
into a DNSKEY RR. If the key is imported into a zone,
this is the TTL that will be used for it, unless there was
already a DNSKEY RRset in place, in which case the existing TTL
would take precedence. Setting the default TTL to
<literal>0</literal> or <literal>none</literal> removes it.
would take precedence. If this value is not set and there
is no existing DNSKEY RRset, the TTL will default to the
SOA TTL. Setting the default TTL to <literal>0</literal>
or <literal>none</literal> removes it from the key.
</para>
</listitem>
</varlistentry>
......
......@@ -15,8 +15,6 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec.xml,v 1.7 2011/10/13 23:47:10 tbox Exp $ -->
<sect1 id="dnssec.dynamic.zones">
<title>DNSSEC, Dynamic Zones, and Automatic Signing</title>
<para>As of BIND 9.7.0 it is possible to change a dynamic zone
......@@ -127,6 +125,13 @@
key changes, however.)
</para>
<para>
When new keys are added to a zone, the TTL is set to match that
of any existing DNSKEY RRset. If there is no existing DNSKEY RRset,
then the TTL will be set to the TTL specified when the key was
created (using the <command>dnssec-keygen -L</command> option), if
any, or to the SOA TTL.
</para>
<para>
If you wish the zone to be signed using NSEC3 instead of NSEC,
submit an NSEC3PARAM record via dynamic update prior to the
scheduled publication and activation of the keys. If you wish the
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment