Commit 463b3dde authored by Evan Hunt's avatar Evan Hunt

fixup! CHANGES, release notes

parent 49644d4e
Pipeline #25526 failed with stages
in 27 minutes and 22 seconds
......@@ -36,14 +36,22 @@
<listitem>
<para>
Two new keywords have been added to the
<command>dnssec-keys</command> statement,
<command>initial-ds</command> and <command>static-ds</command>,
to allow the use of trust anchors in DS format as instead of
DNSKEY format. This allows trust anchors to be configured for
keys that have not yet been published. This format is used by
IANA when announcing future root keys. (Note: Currently,
DNSKEY-format and DS-format trust anchors cannot both be used
for the same domain name.) [GL #6] [GL #622]
<command>dnssec-keys</command> statement:
<command>initial-ds</command> and <command>static-ds</command>.
These allow the use of trust anchors in DS format instead of
DNSKEY format. DS format allows trust anchors to be configured
for keys that have not yet been published; this is the format
used by IANA when announcing future root keys.
</para>
<para>
As with the <command>initial-key</command> and
<command>static-key</command> keywords, <command>initial-ds</command>
configures a dynamic trust anchor to be maintained via RFC 5011, and
<command>static-ds</command> configures a permanent trust anchor.
</para>
<para>
(Note: Currently, DNSKEY-format and DS-format trust anchors
cannot both be used for the same domain name.) [GL #6] [GL #622]
</para>
</listitem>
</itemizedlist>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment