mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 14:07:59 +00:00
Code Issues Releases Wiki Activity

Update inline-signing requirement to ARM

Browse Source 
This change was made in !6403, but the appropriate documentation
changes were not applied to the ARM.

(cherry picked from commit 5d454a7158)
This commit is contained in:
Matthijs Mekking
2022-09-27 11:57:53 +02:00
parent 2305d8770b
commit d1a01d88f9
1 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
doc/arm/reference.rst
View File

@@ -6339,12 +6339,16 @@ zone is generated even if they have the same policy. If multiple views
are configured with different versions of the same zone, each separate
version uses the same set of signing keys.
By default, :any:`dnssec-policy` assumes :any:`inline-signing`. This means that
a signed version of the zone is maintained separately and is written out to
a different file on disk (the zone's filename plus a ``.signed`` extension).
The :any:`dnssec-policy` statement requires dynamic DNS to be set up, or
:any:`inline-signing` to be enabled.
If :any:`inline-signing` is enabled, this means that a signed version of the
zone is maintained separately and is written out to a different file on disk
(the zone's filename plus a ``.signed`` extension).
If the zone is dynamic because it is configured with an :any:`update-policy` or
:any:`allow-update`, the DNSSEC records are written to the filename set in the original zone's :any:`file`, unless :any:`inline-signing` is explicitly set.
:any:`allow-update`, the DNSSEC records are written to the filename set in the
original zone's :any:`file`, unless :any:`inline-signing` is explicitly set.
Key rollover timing is computed for each key according to the key
lifetime defined in the KASP. The lifetime may be modified by zone TTLs