Commit 47e42d57 authored by Matthijs Mekking's avatar Matthijs Mekking 🏡

Update changes, documentation

parent e0bdff7e
Pipeline #36096 passed with stages
in 36 minutes and 32 seconds
5366. [bug] Fix a race condition with the keymgr when the same
zone plus dnssec-policy is configured in multiple
views. [GL #1653]
5365. [bug] Algorithm rollover was stuck on submitting DS
because keymgr thought it would move to an invalid
state. Fixed by when checking the current key,
......
......@@ -11132,6 +11132,13 @@ example.com CNAME rpz-tcp-only.
roll, which cryptographic algorithms to use, and how often RRSIG
records need to be refreshed.
</para>
<para>
Keys are not shared among zones, which means that one set of keys
per zone will be generated even if they have the same policy.
If multiple views are configured with different versions of the
same zone, each separate version will use the same set of signing
keys.
</para>
<para>
Multiple key and signing policies can be configured. To
attach a policy to a zone, add a <command>dnssec-policy</command>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment