Commit 33ceecdd authored by Matthijs Mekking's avatar Matthijs Mekking 🏡

Update changes, documentation

(cherry picked from commit 47e42d57)
parent 29cde9e9
Pipeline #36114 passed with stages
in 24 minutes and 51 seconds
5366. [bug] Fix a race condition with the keymgr when the same
zone plus dnssec-policy is configured in multiple
views. [GL #1653]
5365. [bug] Algorithm rollover was stuck on submitting DS
because keymgr thought it would move to an invalid
state. Fixed by when checking the current key,
......
......@@ -11099,6 +11099,13 @@ example.com CNAME rpz-tcp-only.
roll, which cryptographic algorithms to use, and how often RRSIG
records need to be refreshed.
</para>
<para>
Keys are not shared among zones, which means that one set of keys
per zone will be generated even if they have the same policy.
If multiple views are configured with different versions of the
same zone, each separate version will use the same set of signing
keys.
</para>
<para>
Multiple key and signing policies can be configured. To
attach a policy to a zone, add a <command>dnssec-policy</command>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment