Update signatures-refresh documentation

Mention in the ARM the new restriction about signatures-refresh.
2025-08-31 14:35:26 +00:00 · 2022-05-06 16:56:13 +02:00
parent 82fd89107f
commit 74d2e7704f
1 changed files with 3 additions and 1 deletions
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@@ -5351,7 +5351,9 @@ The following options can be specified in a ``dnssec-policy`` statement:
    refreshed.  The signature is renewed when the time until the
    expiration time is less than the specified interval.  The default is
    ``P5D`` (5 days), meaning signatures that expire in 5 days or sooner
-    are refreshed.
+    are refreshed. The ``signatures-refresh`` value must be less than
+    90% of the minimum value of ``signatures-validity`` and
+    ``signatures-validity-dnskey``.

  ``signatures-validity``
    This indicates the validity period of an RRSIG record (subject to