Commit 8d307467 authored by Evan Hunt's avatar Evan Hunt

Doc the "managed-keys.bind" and "managed-keys.bind.jnl" file. [rt20235]

parent d2a8d002
2725. [doc] Added information about the file "managed-keys.bind"
to the ARM. [RT #20235]
2724. [bug] Updates to a existing node in secure zone using NSEC
were failing. [RT #20448]
......
......@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- File: $Id: Bv9ARM-book.xml,v 1.437 2009/10/16 02:59:41 each Exp $ -->
<!-- File: $Id: Bv9ARM-book.xml,v 1.438 2009/10/22 02:04:07 each Exp $ -->
<book xmlns:xi="http://www.w3.org/2001/XInclude">
<title>BIND 9 Administrator Reference Manual</title>
......@@ -9232,6 +9232,21 @@ deny-answer-aliases { "example.net"; };
<command>managed-keys</command> may only be set at the top
level of <filename>named.conf</filename>, not within a view.
</para>
<para>
In the current implementation, the managed keys database is
stored as a master-format zone file called
<filename>managed-keys.bind</filename>. When the key database
is changed, the zone is updated. As with any other dynamic
zone, changes will be written into a journal file,
<filename>managed-keys.bind.jnl</filename>. They are committed
to the master file as soon as possible afterward; in the case
of the managed key database, this will usually occur within 30
seconds. So, whenever <command>named</command> is using
automatic key maintenace, those two files can be expected to
exist in the working directory. (For this reason among others,
the working directory should be always be writable by
<command>named</command>.)
</para>
<para>
If the <command>dnssec-lookaside</command> option is
set to <userinput>auto</userinput>, <command>named</command>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment