add upgrade notes for the new NSEC(3) TTLs

author Peter van Dijk <peter.van.dijk@powerdns.com>

Fri, 14 Feb 2020 19:52:08 +0000 (20:52 +0100)

committer Peter van Dijk <peter.van.dijk@powerdns.com>

Fri, 14 Feb 2020 19:52:08 +0000 (20:52 +0100)
author Peter van Dijk <peter.van.dijk@powerdns.com>
Fri, 14 Feb 2020 19:52:08 +0000 (20:52 +0100)
committer Peter van Dijk <peter.van.dijk@powerdns.com>
Fri, 14 Feb 2020 19:52:08 +0000 (20:52 +0100)
diff --git a/docs/dnssec/operational.rst b/docs/dnssec/operational.rst

index 30c52c9af7ac23dfaff1b62bc9222d0dc093692d..8c532de1b356774499046f2d318a23d415e5e152 100644 (file)
--- a/docs/dnssec/operational.rst
+++ b/docs/dnssec/operational.rst
@@ -228,6 +228,8 @@ AXFR-serving, a lot of signing needs to happen.
  
  Most best practices are documented in :rfc:`6781`.
  
+.. _dnssec-ttl-notes:
+
  Some notes on TTL usage
  -----------------------
  
diff --git a/docs/upgrading.rst b/docs/upgrading.rst

index a2af8b9ebc193f44689e17d31ac977bf13bf4767..5de844bc50be8182564889d6d9ca96f460dec12a 100644 (file)
--- a/docs/upgrading.rst
+++ b/docs/upgrading.rst
@@ -11,6 +11,12 @@ upgrade notes if your version is older than 3.4.2.
  4.2.x to 4.3.0
  --------------
  
+NSEC(3) TTL changed
+^^^^^^^^^^^^^^^^^^^
+
+NSEC(3) records now use the negative TTL, instead of the SOA minimum TTL.
+See :ref:`the DNSSEC TTL notes <dnssec-ttl-notes>`  for more information.
+
  Lua Netmask class methods changed
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
author	Peter van Dijk <peter.van.dijk@powerdns.com>
	Fri, 14 Feb 2020 19:52:08 +0000 (20:52 +0100)
committer	Peter van Dijk <peter.van.dijk@powerdns.com>
	Fri, 14 Feb 2020 19:52:08 +0000 (20:52 +0100)
docs/dnssec/operational.rst		patch \| blob \| blame \| history
docs/upgrading.rst		patch \| blob \| blame \| history