Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISC Open Source Projects
BIND
Commits
c00929ed
Commit
c00929ed
authored
Oct 12, 2009
by
Evan Hunt
Browse files
additional doc improvement
parent
69677f86
Changes
2
Hide whitespace changes
Inline
Side-by-side
bin/dnssec/dnssec-signzone.docbook
View file @
c00929ed
...
...
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-signzone.docbook,v 1.4
1
2009/10/12 2
0:48:10
each Exp $ -->
<!-- $Id: dnssec-signzone.docbook,v 1.4
2
2009/10/12 2
3:02:31
each Exp $ -->
<refentry
id=
"man.dnssec-signzone"
>
<refentryinfo>
<date>
June 05, 2009
</date>
...
...
@@ -558,7 +558,9 @@
<listitem>
<para>
Only sign the DNSKEY RRset with key-signing keys, and omit
signatures from zone-signing keys.
signatures from zone-signing keys. (This is similar to the
<command>
dnskey-ksk-only yes;
</command>
zone option in
<command>
named
</command>
.)
</para>
</listitem>
</varlistentry>
...
...
@@ -569,7 +571,9 @@
<para>
Ignore KSK flag on key when determining what to sign. This
causes KSK-flagged keys to sign all records, not just the
DNSKEY RRset.
DNSKEY RRset. (This is similar to the
<command>
update-check-ksk no;
</command>
zone option in
<command>
named
</command>
.)
</para>
</listitem>
</varlistentry>
...
...
doc/arm/Bv9ARM-book.xml
View file @
c00929ed
...
...
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- File: $Id: Bv9ARM-book.xml,v 1.43
4
2009/10/12 2
2:54:54
each Exp $ -->
<!-- File: $Id: Bv9ARM-book.xml,v 1.43
5
2009/10/12 2
3:02:32
each Exp $ -->
<book xmlns:xi="http://www.w3.org/2001/XInclude">
<title>BIND 9 Administrator Reference Manual</title>
...
...
@@ -6459,7 +6459,9 @@ options {
used to sign the DNSKEY RRset at the zone apex.
However, if this option is set to <literal>no</literal>,
then the KSK bit is ignored; KSKs are treated as if they
were ZSKs and are used to sign the entire zone.
were ZSKs and are used to sign the entire zone. This is
similar to the <command>dnssec-signzone -z</command>
command line option.
</para>
<para>
When this option is set to <literal>yes</literal>, there
...
...
@@ -6482,6 +6484,10 @@ options {
to sign the DNSKEY RRset at the zone apex. Zone-signing
keys (keys without the KSK bit set) will be used to sign
the remainder of the zone, but not the DNSKEY RRset.
This is similar to the
<command>dnssec-signzone -x</command> command line option.
</para>
<para>
The default is <command>no</command>. If
<command>update-check-ksk</command> is set to
<literal>no</literal>, this option is ignored.
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment