From 68b63c08f81fa18d6176450d50594aac2f65e4e7 Mon Sep 17 00:00:00 2001 From: Peter van Dijk Date: Fri, 14 Feb 2020 20:52:08 +0100 Subject: [PATCH] add upgrade notes for the new NSEC(3) TTLs --- docs/dnssec/operational.rst | 2 ++ docs/upgrading.rst | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/docs/dnssec/operational.rst b/docs/dnssec/operational.rst index 30c52c9af7..8c532de1b3 100644 --- a/docs/dnssec/operational.rst +++ b/docs/dnssec/operational.rst @@ -228,6 +228,8 @@ AXFR-serving, a lot of signing needs to happen. Most best practices are documented in :rfc:`6781`. +.. _dnssec-ttl-notes: + Some notes on TTL usage ----------------------- diff --git a/docs/upgrading.rst b/docs/upgrading.rst index a2af8b9ebc..5de844bc50 100644 --- a/docs/upgrading.rst +++ b/docs/upgrading.rst @@ -11,6 +11,12 @@ upgrade notes if your version is older than 3.4.2. 4.2.x to 4.3.0 -------------- +NSEC(3) TTL changed +^^^^^^^^^^^^^^^^^^^ + +NSEC(3) records now use the negative TTL, instead of the SOA minimum TTL. +See :ref:`the DNSSEC TTL notes ` for more information. + Lua Netmask class methods changed ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -- 2.47.2