mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-28 21:17:54 +00:00
Code Issues Releases Wiki Activity

additional doc improvement

Browse Source
This commit is contained in:
Evan Hunt 2009-10-12 23:02:32 +00:00
parent 69677f863f
commit c00929ed9f
2 changed files with 15 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
bin/dnssec/dnssec-signzone.docbook
View File

@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE. - PERFORMANCE OF THIS SOFTWARE.
--> -->
<!-- $Id: dnssec-signzone.docbook,v 1.41 2009/10/12 20:48:10 each Exp $ --> <!-- $Id: dnssec-signzone.docbook,v 1.42 2009/10/12 23:02:31 each Exp $ -->
<refentry id="man.dnssec-signzone"> <refentry id="man.dnssec-signzone">
<refentryinfo> <refentryinfo>
<date>June 05, 2009</date> <date>June 05, 2009</date>
@ -558,7 +558,9 @@
<listitem> <listitem>
<para> <para>
Only sign the DNSKEY RRset with key-signing keys, and omit Only sign the DNSKEY RRset with key-signing keys, and omit
signatures from zone-signing keys. signatures from zone-signing keys. (This is similar to the
<command>dnskey-ksk-only yes;</command> zone option in
<command>named</command>.)
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -569,7 +571,9 @@
<para> <para>
Ignore KSK flag on key when determining what to sign. This Ignore KSK flag on key when determining what to sign. This
causes KSK-flagged keys to sign all records, not just the causes KSK-flagged keys to sign all records, not just the
DNSKEY RRset. DNSKEY RRset. (This is similar to the
<command>update-check-ksk no;</command> zone option in
<command>named</command>.)
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>

10
doc/arm/Bv9ARM-book.xml
View File

@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE. - PERFORMANCE OF THIS SOFTWARE.
--> -->
<!-- File: $Id: Bv9ARM-book.xml,v 1.434 2009/10/12 22:54:54 each Exp $ --> <!-- File: $Id: Bv9ARM-book.xml,v 1.435 2009/10/12 23:02:32 each Exp $ -->
<book xmlns:xi="http://www.w3.org/2001/XInclude"> <book xmlns:xi="http://www.w3.org/2001/XInclude">
<title>BIND 9 Administrator Reference Manual</title> <title>BIND 9 Administrator Reference Manual</title>
@ -6459,7 +6459,9 @@ options {
used to sign the DNSKEY RRset at the zone apex. used to sign the DNSKEY RRset at the zone apex.
However, if this option is set to <literal>no</literal>, However, if this option is set to <literal>no</literal>,
then the KSK bit is ignored; KSKs are treated as if they then the KSK bit is ignored; KSKs are treated as if they
were ZSKs and are used to sign the entire zone. were ZSKs and are used to sign the entire zone. This is
similar to the <command>dnssec-signzone -z</command>
command line option.
</para> </para>
<para> <para>
When this option is set to <literal>yes</literal>, there When this option is set to <literal>yes</literal>, there
@ -6482,6 +6484,10 @@ options {
to sign the DNSKEY RRset at the zone apex. Zone-signing to sign the DNSKEY RRset at the zone apex. Zone-signing
keys (keys without the KSK bit set) will be used to sign keys (keys without the KSK bit set) will be used to sign
the remainder of the zone, but not the DNSKEY RRset. the remainder of the zone, but not the DNSKEY RRset.
This is similar to the
<command>dnssec-signzone -x</command> command line option.
</para>
<para>
The default is <command>no</command>. If The default is <command>no</command>. If
<command>update-check-ksk</command> is set to <command>update-check-ksk</command> is set to
<literal>no</literal>, this option is ignored. <literal>no</literal>, this option is ignored.