mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-02 23:55:27 +00:00
Code Issues Releases Wiki Activity

[master] improved doc for "rndc signing -list"

Browse Source 
3769.   [doc]           Improved documentation of "rndc signing -list".
                        [RT #30652]
This commit is contained in:
Evan Hunt
2014-02-28 21:29:19 -08:00
parent 72aa3b2a4e
commit 3ef4b7383a
3 changed files with 108 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@@ -1,3 +1,6 @@
3769. [doc] Improved documentation of "rndc signing -list".
[RT #30652]
3768. [bug] "dnssec-checkds" was missing the SHA-384 digest 3768. [bug] "dnssec-checkds" was missing the SHA-384 digest
algorithm. [RT #34000] algorithm. [RT #34000]

4
bin/rndc/rndc.docbook
View File

@@ -672,8 +672,8 @@
<term><userinput>signing <optional>( -list | -clear <replaceable>keyid/algorithm</replaceable> | -clear <literal>all</literal> | -nsec3param ( <replaceable>parameters</replaceable> | <literal>none</literal> ) ) </optional> <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional> </userinput></term> <term><userinput>signing <optional>( -list | -clear <replaceable>keyid/algorithm</replaceable> | -clear <literal>all</literal> | -nsec3param ( <replaceable>parameters</replaceable> | <literal>none</literal> ) ) </optional> <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional> </userinput></term>
<listitem> <listitem>
<para> <para>
List, edit, or remove the DNSSEC signing state for List, edit, or remove the DNSSEC signing state records
the specified zone. The status of ongoing DNSSEC for the specified zone. The status of ongoing DNSSEC
operations (such as signing or generating operations (such as signing or generating
NSEC3 chains) is stored in the zone in the form NSEC3 chains) is stored in the zone in the form
of DNS resource records of type of DNS resource records of type

23
doc/arm/Bv9ARM-book.xml
View File

@@ -8675,7 +8675,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
<listitem> <listitem>
<para> <para>
Specify a private RDATA type to be used when generating Specify a private RDATA type to be used when generating
key signing records. The default is signing state records. The default is
<literal>65534</literal>. <literal>65534</literal>.
</para> </para>
<para> <para>
@@ -8683,13 +8683,20 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
in a future version once there is a standard type. in a future version once there is a standard type.
</para> </para>
<para> <para>
These records can be removed from the zone once named Signing state records are used to internally by
has completed signing the zone with the matching key <command>named</command> to track the current state of
using <command>nsupdate</command> or a zone-signing process, i.e., whether it is still active
<command>rndc signing -clear</command>. or has been completed. The records can be inspected
<command>rndc signing -clear</command> is the only supported using the command
way to remove these records from <command>rndc signing -list <replaceable>zone</replaceable></command>.
<command>inline-signing</command> zones. Once <command>named</command> has finished signing
a zone with a particular key, the signing state
record associated with that key can be removed from
the zone by running
<command>rndc signing -clear <replaceable>keyid/algorithm</replaceable> <replaceable>zone</replaceable></command>.
To clear all of the completed signing state
records for a zone, use
<command>rndc signing -clear all <replaceable>zone</replaceable></command>.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>