additional doc improvement

c00929ed · Evan Hunt · 69677f86 · c00929ed · c00929ed
Commit c00929ed authored Oct 12, 2009 by Evan Hunt
Hide whitespace changes
Inline Side-by-side

Showing with 15 additions and 5 deletions

bin/dnssec/dnssec-signzone.docbook bin/dnssec/dnssec-signzone.docbook +7 -3

doc/arm/Bv9ARM-book.xml doc/arm/Bv9ARM-book.xml +8 -2

No files found.
--- a/bin/dnssec/dnssec-signzone.docbook
+++ b/bin/dnssec/dnssec-signzone.docbook
@@ -18,7 +18,7 @@
 - PERFORMANCE OF THIS SOFTWARE.
 -->

-<!-- $Id: dnssec-signzone.docbook,v 1.41 2009/10/12 20:48:10 each Exp $ -->
+<!-- $Id: dnssec-signzone.docbook,v 1.42 2009/10/12 23:02:31 each Exp $ -->
 <refentry id="man.dnssec-signzone">
  <refentryinfo>
    <date>June 05, 2009</date>
@@ -558,7 +558,9 @@
        <listitem>
          <para>
            Only sign the DNSKEY RRset with key-signing keys, and omit
-            signatures from zone-signing keys.
+            signatures from zone-signing keys.  (This is similar to the
+            <command>dnskey-ksk-only yes;</command> zone option in
+            <command>named</command>.)
          </para>
        </listitem>
      </varlistentry>
@@ -569,7 +571,9 @@
          <para>
            Ignore KSK flag on key when determining what to sign.  This
            causes KSK-flagged keys to sign all records, not just the
-            DNSKEY RRset.
+            DNSKEY RRset.  (This is similar to the
+            <command>update-check-ksk no;</command> zone option in
+            <command>named</command>.)
          </para>
        </listitem>
      </varlistentry>

--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -18,7 +18,7 @@
 - PERFORMANCE OF THIS SOFTWARE.
 -->

-<!-- File: $Id: Bv9ARM-book.xml,v 1.434 2009/10/12 22:54:54 each Exp $ -->
+<!-- File: $Id: Bv9ARM-book.xml,v 1.435 2009/10/12 23:02:32 each Exp $ -->
 <book xmlns:xi="http://www.w3.org/2001/XInclude">
  <title>BIND 9 Administrator Reference Manual</title>

@@ -6459,7 +6459,9 @@ options {
                  used to sign the DNSKEY RRset at the zone apex.
                  However, if this option is set to <literal>no</literal>,
                  then the KSK bit is ignored; KSKs are treated as if they
-                  were ZSKs and are used to sign the entire zone.
+                  were ZSKs and are used to sign the entire zone.  This is
+                  similar to the <command>dnssec-signzone -z</command>
+                  command line option.
 		</para>
 		<para>
                  When this option is set to <literal>yes</literal>, there
@@ -6482,6 +6484,10 @@ options {
                  to sign the DNSKEY RRset at the zone apex.  Zone-signing
                  keys (keys without the KSK bit set) will be used to sign
                  the remainder of the zone, but not the DNSKEY RRset.
+                  This is similar to the
+                  <command>dnssec-signzone -x</command> command line option.
+		</para>
+		<para>
 		  The default is <command>no</command>.  If
                  <command>update-check-ksk</command> is set to
                  <literal>no</literal>, this option is ignored.