[master] improved doc for "rndc signing -list"

3769. [doc] Improved documentation of "rndc signing -list". [RT #30652]
2025-08-31 22:45:39 +00:00 · 2014-02-28 21:29:19 -08:00
parent 72aa3b2a4e
commit 3ef4b7383a
3 changed files with 108 additions and 98 deletions
--- a/3
+++ b/3
@@ -1,3 +1,6 @@
+3769.	[doc]		Improved documentation of "rndc signing -list".
+			[RT #30652]
+
 3768.	[bug]		"dnssec-checkds" was missing the SHA-384 digest
 			algorithm. [RT #34000]

--- a/bin/rndc/rndc.docbook
+++ b/bin/rndc/rndc.docbook
@@ -672,8 +672,8 @@
        <term><userinput>signing <optional>( -list | -clear <replaceable>keyid/algorithm</replaceable> | -clear <literal>all</literal> | -nsec3param ( <replaceable>parameters</replaceable> | <literal>none</literal> ) ) </optional> <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional> </userinput></term>
        <listitem>
          <para>
-            List, edit, or remove the DNSSEC signing state for 
-            the specified zone.  The status of ongoing DNSSEC
+            List, edit, or remove the DNSSEC signing state records
+            for the specified zone.  The status of ongoing DNSSEC
            operations (such as signing or generating
            NSEC3 chains) is stored in the zone in the form
            of DNS resource records of type
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -8675,7 +8675,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
 	      <listitem>
 		<para>
 		  Specify a private RDATA type to be used when generating
-		  key signing records.  The default is
+		  signing state records.  The default is
 		  <literal>65534</literal>.
 		</para>
 		<para>
@@ -8683,13 +8683,20 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
 		  in a future version once there is a standard type.
 		</para>
 		<para>
-		  These records can be removed from the zone once named
-		  has completed signing the zone with the matching key
-		  using <command>nsupdate</command> or
-		  <command>rndc signing -clear</command>.
-		  <command>rndc signing -clear</command> is the only supported
-		  way to remove these records from
-		  <command>inline-signing</command> zones.
+		  Signing state records are used to internally by
+		  <command>named</command> to track the current state of
+		  a zone-signing process, i.e., whether it is still active
+		  or has been completed.  The records can be inspected
+		  using the command
+		  <command>rndc signing -list <replaceable>zone</replaceable></command>.
+		  Once <command>named</command> has finished signing
+		  a zone with a particular key, the signing state
+		  record associated with that key can be removed from
+		  the zone by running
+		  <command>rndc signing -clear <replaceable>keyid/algorithm</replaceable> <replaceable>zone</replaceable></command>.
+		  To clear all of the completed signing state
+		  records for a zone, use
+		  <command>rndc signing -clear all <replaceable>zone</replaceable></command>.
 		</para>
 	      </listitem>
 	    </varlistentry>