mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 06:25:31 +00:00
Code Issues Releases Wiki Activity

[master] document default DNSKEY TTL

Browse Source 
- see RT #38268
This commit is contained in:
Evan Hunt
2015-01-13 09:54:57 -08:00
parent 82cf456943
commit 03f979494f
3 changed files with 15 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
bin/dnssec/dnssec-keygen.docbook
View File

@@ -306,8 +306,10 @@
into a DNSKEY RR. If the key is imported into a zone,
this is the TTL that will be used for it, unless there was
already a DNSKEY RRset in place, in which case the existing TTL
would take precedence. Setting the default TTL to
<literal>0</literal> or <literal>none</literal> removes it.
would take precedence. If this value is not set and there
is no existing DNSKEY RRset, the TTL will default to the
SOA TTL. Setting the default TTL to <literal>0</literal>
or <literal>none</literal> is the same as leaving it unset.
</para>
</listitem>
</varlistentry>

6
bin/dnssec/dnssec-settime.docbook
View File

@@ -126,8 +126,10 @@
into a DNSKEY RR. If the key is imported into a zone,
this is the TTL that will be used for it, unless there was
already a DNSKEY RRset in place, in which case the existing TTL
would take precedence. Setting the default TTL to
<literal>0</literal> or <literal>none</literal> removes it.
would take precedence. If this value is not set and there
is no existing DNSKEY RRset, the TTL will default to the
SOA TTL. Setting the default TTL to <literal>0</literal>
or <literal>none</literal> removes it from the key.
</para>
</listitem>
</varlistentry>

9
doc/arm/dnssec.xml
View File

@@ -15,8 +15,6 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec.xml,v 1.7 2011/10/13 23:47:10 tbox Exp $ -->
<sect1 id="dnssec.dynamic.zones">
<title>DNSSEC, Dynamic Zones, and Automatic Signing</title>
<para>As of BIND 9.7.0 it is possible to change a dynamic zone
@@ -127,6 +125,13 @@
key changes, however.)
</para>
<para>
When new keys are added to a zone, the TTL is set to match that
of any existing DNSKEY RRset. If there is no existing DNSKEY RRset,
then the TTL will be set to the TTL specified when the key was
created (using the <command>dnssec-keygen -L</command> option), if
any, or to the SOA TTL.
</para>
<para>
If you wish the zone to be signed using NSEC3 instead of NSEC,
submit an NSEC3PARAM record via dynamic update prior to the
scheduled publication and activation of the keys. If you wish the