From cb28a220ee404d80e961de3a917dad0ece0ea24d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Mon, 18 Jul 2022 13:17:49 +0200 Subject: [PATCH 1/2] Remove errorneous shell output redirection from dnssec-signzone example The > looked like shell output redirection. It was present since we imported DNSSEC Guide into the ARM. --- doc/dnssec-guide/signing.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/dnssec-guide/signing.rst b/doc/dnssec-guide/signing.rst index 826ea4ae75..6adb9f0174 100644 --- a/doc/dnssec-guide/signing.rst +++ b/doc/dnssec-guide/signing.rst @@ -1403,7 +1403,7 @@ it is in a file called ``zone.child.example``, using manually specified keys: # cd /etc/bind/keys/example.com/ # dnssec-signzone -A -t -N INCREMENT -o example.com -f /etc/bind/db/example.com.signed.db \ - > /etc/bind/db/example.com.db Kexample.com.+013+17694.key Kexample.com.+013+06817.key + /etc/bind/db/example.com.db Kexample.com.+013+17694.key Kexample.com.+013+06817.key Verifying the zone using the following algorithms: ECDSAP256SHA256. Zone fully signed: Algorithm: ECDSAP256SHA256: KSKs: 1 active, 0 stand-by, 0 revoked From 006ae7c43f5cb551570d5c81ff0c40df7c5736ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Mon, 18 Jul 2022 13:23:47 +0200 Subject: [PATCH 2/2] Avoid opt-out flag in dnssec-signzone examples Since !6413 we discourage opt-out, so we should not be advertising it in the examples. Even worse, it was just thrown into the command line without even mentioning its meaning in the surrounding text. Related: !6413 --- doc/dnssec-guide/signing.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/dnssec-guide/signing.rst b/doc/dnssec-guide/signing.rst index 6adb9f0174..7fb8e147de 100644 --- a/doc/dnssec-guide/signing.rst +++ b/doc/dnssec-guide/signing.rst @@ -1402,7 +1402,7 @@ it is in a file called ``zone.child.example``, using manually specified keys: .. code-block:: console # cd /etc/bind/keys/example.com/ - # dnssec-signzone -A -t -N INCREMENT -o example.com -f /etc/bind/db/example.com.signed.db \ + # dnssec-signzone -t -N INCREMENT -o example.com -f /etc/bind/db/example.com.signed.db \ /etc/bind/db/example.com.db Kexample.com.+013+17694.key Kexample.com.+013+06817.key Verifying the zone using the following algorithms: ECDSAP256SHA256. Zone fully signed: