Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
7
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Open sidebar
ISC Open Source Projects
BIND
Commits
c00929ed
Commit
c00929ed
authored
Oct 12, 2009
by
Evan Hunt
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
additional doc improvement
parent
69677f86
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
15 additions
and
5 deletions
+15
-5
bin/dnssec/dnssec-signzone.docbook
bin/dnssec/dnssec-signzone.docbook
+7
-3
doc/arm/Bv9ARM-book.xml
doc/arm/Bv9ARM-book.xml
+8
-2
No files found.
bin/dnssec/dnssec-signzone.docbook
View file @
c00929ed
...
...
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-signzone.docbook,v 1.4
1
2009/10/12 2
0:48:10
each Exp $ -->
<!-- $Id: dnssec-signzone.docbook,v 1.4
2
2009/10/12 2
3:02:31
each Exp $ -->
<refentry
id=
"man.dnssec-signzone"
>
<refentryinfo>
<date>
June 05, 2009
</date>
...
...
@@ -558,7 +558,9 @@
<listitem>
<para>
Only sign the DNSKEY RRset with key-signing keys, and omit
signatures from zone-signing keys.
signatures from zone-signing keys. (This is similar to the
<command>
dnskey-ksk-only yes;
</command>
zone option in
<command>
named
</command>
.)
</para>
</listitem>
</varlistentry>
...
...
@@ -569,7 +571,9 @@
<para>
Ignore KSK flag on key when determining what to sign. This
causes KSK-flagged keys to sign all records, not just the
DNSKEY RRset.
DNSKEY RRset. (This is similar to the
<command>
update-check-ksk no;
</command>
zone option in
<command>
named
</command>
.)
</para>
</listitem>
</varlistentry>
...
...
doc/arm/Bv9ARM-book.xml
View file @
c00929ed
...
...
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- File: $Id: Bv9ARM-book.xml,v 1.43
4
2009/10/12 2
2:54:54
each Exp $ -->
<!-- File: $Id: Bv9ARM-book.xml,v 1.43
5
2009/10/12 2
3:02:32
each Exp $ -->
<book xmlns:xi="http://www.w3.org/2001/XInclude">
<title>BIND 9 Administrator Reference Manual</title>
...
...
@@ -6459,7 +6459,9 @@ options {
used to sign the DNSKEY RRset at the zone apex.
However, if this option is set to <literal>no</literal>,
then the KSK bit is ignored; KSKs are treated as if they
were ZSKs and are used to sign the entire zone.
were ZSKs and are used to sign the entire zone. This is
similar to the <command>dnssec-signzone -z</command>
command line option.
</para>
<para>
When this option is set to <literal>yes</literal>, there
...
...
@@ -6482,6 +6484,10 @@ options {
to sign the DNSKEY RRset at the zone apex. Zone-signing
keys (keys without the KSK bit set) will be used to sign
the remainder of the zone, but not the DNSKEY RRset.
This is similar to the
<command>dnssec-signzone -x</command> command line option.
</para>
<para>
The default is <command>no</command>. If
<command>update-check-ksk</command> is set to
<literal>no</literal>, this option is ignored.
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment