Update changes, documentation

diff --git a/CHANGES b/CHANGES
index fac15650254df270f64d8765a7b96b26fe758233..a17ba33d5cdea41db1a14e6eac52046b81d21867 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+5366.  [bug]           Fix a race condition with the keymgr when the same
+                       zone plus dnssec-policy is configured in multiple
+                       views. [GL #1653]
+
 5365.  [bug]           Algorithm rollover was stuck on submitting DS
                        because keymgr thought it would move to an invalid
                        state.  Fixed by when checking the current key,

diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index a006816a29122c53f108a25e0e8214cea0b10b2c..108732fb27541987c810bbe9baa5e1b016d3720c 100644 (file)
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -11132,6 +11132,13 @@ example.com                 CNAME   rpz-tcp-only.
            roll, which cryptographic algorithms to use, and how often RRSIG
            records need to be refreshed.
          </para>
+         <para>
+           Keys are not shared among zones, which means that one set of keys
+           per zone will be generated even if they have the same policy.
+           If multiple views are configured with different versions of the
+           same zone, each separate version will use the same set of signing
+           keys.
+         </para>
          <para>
            Multiple key and signing policies can be configured.  To
            attach a policy to a zone, add a <command>dnssec-policy</command>