rename 'zone-max-ttl' to 'max-zone-ttl' for consistency

diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook
index 5c609d5ee743df9a99ec377088cf0a0b376b506e..87c92540082926265d8d705b91d1a1e4c75762a3 100644 (file)
--- a/bin/named/named.conf.docbook
+++ b/bin/named/named.conf.docbook
@@ -13,7 +13,7 @@
 
 <refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.named.conf">
   <info>
-    <date>2019-08-12</date>
+    <date>2019-12-12</date>
   </info>
   <refentryinfo>
     <corpname>ISC</corpname>
@@ -111,6 +111,26 @@ dlz <replaceable>string</replaceable> {
 </literallayout>
   </refsection>
 
+  <refsection><info><title>DNSSEC-POLICY</title></info>
+    <literallayout class="normal">
+dnssec-policy <replaceable>string</replaceable> {
+       dnskey-ttl <replaceable>duration</replaceable>;
+       keys { ( csk | ksk | zsk ) ( key-directory ) lifetime <replaceable>duration</replaceable>
+           algorithm <replaceable>integer</replaceable> [ <replaceable>integer</replaceable> ]; ... };
+       max-zone-ttl <replaceable>duration</replaceable>;
+       parent-ds-ttl <replaceable>duration</replaceable>;
+       parent-propagation-delay <replaceable>duration</replaceable>;
+       parent-registration-delay <replaceable>duration</replaceable>;
+       publish-safety <replaceable>duration</replaceable>;
+       retire-safety <replaceable>duration</replaceable>;
+       signatures-refresh <replaceable>duration</replaceable>;
+       signatures-validity <replaceable>duration</replaceable>;
+       signatures-validity-dnskey <replaceable>duration</replaceable>;
+       zone-propagation-delay <replaceable>duration</replaceable>;
+};
+</literallayout>
+  </refsection>
+
   <refsection><info><title>DYNDB</title></info>
     <literallayout class="normal">
 dyndb <replaceable>string</replaceable> <replaceable>quoted_string</replaceable> {
@@ -148,7 +168,7 @@ logging {
   </refsection>
 
   <refsection><info><title>MANAGED-KEYS</title></info>
-  <para>Deprecated - see TRUST-ANCHORS.</para>
+  <para>Deprecated - see DNSSEC-KEYS.</para>
     <literallayout class="normal">
 managed-keys { <replaceable>string</replaceable> ( static-key
     | initial-key | static-ds |
@@ -246,6 +266,7 @@ options {
        dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
        dnssec-loadkeys-interval <replaceable>integer</replaceable>;
        dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
+       dnssec-policy <replaceable>string</replaceable>;
        dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
        dnssec-update-mode ( maintain | no-resign );
        dnssec-validation ( yes | no | auto );
@@ -395,8 +416,8 @@ options {
            <replaceable>integer</replaceable>;
        response-policy { zone <replaceable>string</replaceable> [ add-soa <replaceable>boolean</replaceable> ] [ log
            <replaceable>boolean</replaceable> ] [ max-policy-ttl <replaceable>duration</replaceable> ] [ min-update-interval
-           <replaceable>duration</replaceable> ] [ policy ( cname | disabled | drop | given | no-op |
-           nodata | nxdomain | passthru | tcp-only <replaceable>quoted_string</replaceable> ) ] [
+           <replaceable>duration</replaceable> ] [ policy ( cname | disabled | drop | given | no-op
+           | nodata | nxdomain | passthru | tcp-only <replaceable>quoted_string</replaceable> ) ] [
            recursive-only <replaceable>boolean</replaceable> ] [ nsip-enable <replaceable>boolean</replaceable> ] [
            nsdname-enable <replaceable>boolean</replaceable> ]; ... } [ add-soa <replaceable>boolean</replaceable> ] [
            break-dnssec <replaceable>boolean</replaceable> ] [ max-policy-ttl <replaceable>duration</replaceable> ] [
@@ -529,7 +550,7 @@ trust-anchors { <replaceable>string</replaceable> ( static-key |
   </refsection>
 
   <refsection><info><title>TRUSTED-KEYS</title></info>
-  <para>Deprecated - see TRUST-ANCHORS.</para>
+  <para>Deprecated - see DNSSEC-KEYS.</para>
     <literallayout class="normal">
 trusted-keys { <replaceable>string</replaceable> <replaceable>integer</replaceable>
     <replaceable>integer</replaceable> <replaceable>integer</replaceable>
@@ -610,6 +631,7 @@ view <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
        dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
        dnssec-loadkeys-interval <replaceable>integer</replaceable>;
        dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
+       dnssec-policy <replaceable>string</replaceable>;
        dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
        dnssec-update-mode ( maintain | no-resign );
        dnssec-validation ( yes | no | auto );
@@ -733,8 +755,8 @@ view <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
            <replaceable>integer</replaceable>;
        response-policy { zone <replaceable>string</replaceable> [ add-soa <replaceable>boolean</replaceable> ] [ log
            <replaceable>boolean</replaceable> ] [ max-policy-ttl <replaceable>duration</replaceable> ] [ min-update-interval
-           <replaceable>duration</replaceable> ] [ policy ( cname | disabled | drop | given | no-op |
-           nodata | nxdomain | passthru | tcp-only <replaceable>quoted_string</replaceable> ) ] [
+           <replaceable>duration</replaceable> ] [ policy ( cname | disabled | drop | given | no-op
+           | nodata | nxdomain | passthru | tcp-only <replaceable>quoted_string</replaceable> ) ] [
            recursive-only <replaceable>boolean</replaceable> ] [ nsip-enable <replaceable>boolean</replaceable> ] [
            nsdname-enable <replaceable>boolean</replaceable> ]; ... } [ add-soa <replaceable>boolean</replaceable> ] [
            break-dnssec <replaceable>boolean</replaceable> ] [ max-policy-ttl <replaceable>duration</replaceable> ] [
@@ -1014,26 +1036,6 @@ zone <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
 </literallayout>
   </refsection>
 
-  <refsection><info><title>DNSSEC-POLICY</title></info>
-
-    <literallayout class="normal">
-dnssec-policy <replaceable>string</replaceable> {
-       dnskey-ttl <replaceable>duration</replaceable>;
-       keys { ( csk | ksk | zsk ) key-directory lifetime <replaceable>duration</replaceable> algorithm <replaceable>integer</replaceable> [ <replaceable>integer</replaceable> ] ; ... };
-       parent-ds-ttl <replaceable>duration</replaceable>;
-       parent-propagation-delay <replaceable>duration</replaceable>;
-       parent-registration-delay <replaceable>duration</replaceable>;
-       publish-safety <replaceable>duration</replaceable>;
-       retire-safety <replaceable>duration</replaceable>;
-       signatures-refresh <replaceable>duration</replaceable>;
-       signatures-validity <replaceable>duration</replaceable>;
-       signatures-validity-dnskey <replaceable>duration</replaceable>;
-       zone-max-ttl <replaceable>duration</replaceable>;
-       zone-propagation-delay <replaceable>duration</replaceable>;
-};
-</literallayout>
-  </refsection>
-
   <refsection><info><title>FILES</title></info>
 
     <para><filename>/etc/named.conf</filename>

diff --git a/bin/tests/system/checkconf/good-kasp.conf b/bin/tests/system/checkconf/good-kasp.conf
index 35abe1e6ca2839678fff99af5f63b36ad69c5825..b4d3c1e562530531ce8a5d4b3ea2cd4801f15ee4 100644 (file)
--- a/bin/tests/system/checkconf/good-kasp.conf
+++ b/bin/tests/system/checkconf/good-kasp.conf
@@ -21,16 +21,16 @@ dnssec-policy "test" {
                zsk key-directory lifetime P30D algorithm 13;
                csk key-directory lifetime P30D algorithm 8 2048;
        };
+       max-zone-ttl 86400;
+       parent-ds-ttl 7200;
+       parent-propagation-delay PT1H;
+       parent-registration-delay P1D;
        publish-safety PT3600S;
        retire-safety PT3600S;
        signatures-refresh P3D;
        signatures-validity P2W;
        signatures-validity-dnskey P14D;
-       zone-max-ttl 86400;
        zone-propagation-delay PT5M;
-       parent-ds-ttl 7200;
-       parent-propagation-delay PT1H;
-       parent-registration-delay P1D;
 };
 options {
        dnssec-policy "default";

diff --git a/bin/tests/system/checkconf/good.conf b/bin/tests/system/checkconf/good.conf
index 37d3de6504e06f5f3b894017969d09527e3eb2bb..2eb2850f105bafd940066766584be8102aaa41ac 100644 (file)
--- a/bin/tests/system/checkconf/good.conf
+++ b/bin/tests/system/checkconf/good.conf
@@ -21,16 +21,16 @@ dnssec-policy "test" {
                zsk key-directory lifetime P30D algorithm 13;
                csk key-directory lifetime P30D algorithm 8 2048;
        };
+       max-zone-ttl 86400;
+       parent-ds-ttl 7200;
+       parent-propagation-delay PT1H;
+       parent-registration-delay P1D;
        publish-safety PT3600S;
        retire-safety PT3600S;
        signatures-refresh P3D;
        signatures-validity P2W;
        signatures-validity-dnskey P14D;
-       zone-max-ttl 86400;
        zone-propagation-delay PT5M;
-       parent-ds-ttl 7200;
-       parent-propagation-delay PT1H;
-       parent-registration-delay P1D;
 };
 options {
        avoid-v4-udp-ports {

diff --git a/bin/tests/system/kasp/ns3/policies/autosign.conf b/bin/tests/system/kasp/ns3/policies/autosign.conf
index 664693a445f2b930bfb25155bbde9a18a737c316..751783ee0e1de57aa3f728e6ee2c37c0f16b808d 100644 (file)
--- a/bin/tests/system/kasp/ns3/policies/autosign.conf
+++ b/bin/tests/system/kasp/ns3/policies/autosign.conf
@@ -39,7 +39,7 @@ dnssec-policy "zsk-prepub" {
        };
 
        zone-propagation-delay PT1H;
-       zone-max-ttl 1d;
+       max-zone-ttl 1d;
 };
 
 dnssec-policy "ksk-doubleksk" {
@@ -58,7 +58,7 @@ dnssec-policy "ksk-doubleksk" {
        };
 
        zone-propagation-delay PT1H;
-       zone-max-ttl 1d;
+       max-zone-ttl 1d;
 
        parent-ds-ttl 3600;
        parent-registration-delay P1D;
@@ -80,7 +80,7 @@ dnssec-policy "csk-roll" {
        };
 
        zone-propagation-delay 1h;
-       zone-max-ttl P1D;
+       max-zone-ttl P1D;
 
        parent-ds-ttl 1h;
        parent-registration-delay 1d;
@@ -102,7 +102,7 @@ dnssec-policy "csk-roll2" {
        };
 
        zone-propagation-delay PT1H;
-       zone-max-ttl 1d;
+       max-zone-ttl 1d;
 
        parent-ds-ttl PT1H;
        parent-registration-delay P1W;

diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index 75731470c21e064caeea35df39fe0e994a1fa86f..1fd3e16e63eb75e29ba868aa4daf78a6f57d93be 100644 (file)
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -11209,22 +11209,23 @@ example.com                 CNAME   rpz-tcp-only.
            </varlistentry>
 
            <varlistentry>
-             <term><command>zone-max-ttl</command></term>
+             <term><command>max-zone-ttl</command></term>
              <listitem>
                <para>
-                 Like <command>max-zone-ttl</command>, specifies the
-                 maximum permissible TTL value in seconds. When loading a
-                 zone file using a <option>masterfile-format</option> or
+                 Like the <command>max-zone-ttl</command> zone option,
+                 this specifies the maximum permissible TTL value in
+                 seconds for the zone. When loading a zone file using
+                 a <option>masterfile-format</option> of
                  <constant>text</constant> or <constant>raw</constant>,
                  any record encountered with a TTL higher than
-                 <option>zone-max-ttl</option> will be capped to the
+                 <option>max-zone-ttl</option> will be capped to the
                  maximum permissible TTL value.
                </para>
                <para>
                  This is needed in DNSSEC-maintained zones because when
                  rolling to a new DNSKEY, the old key needs to remain
                  available until RRSIG records have expired from caches.
-                 The <option>zone-max-ttl</option> option guarantees that
+                 The <option>max-zone-ttl</option> option guarantees that
                  the largest TTL in the zone will be no higher than the
                  set value.
                </para>
@@ -11235,8 +11236,8 @@ example.com                 CNAME   rpz-tcp-only.
                </para>
                <para>
                  The default value is <constant>PT24H</constant> (24 hours).
-                 A <option>zone-max-ttl</option> of zero is treated as if
-                 the default value is in use.
+                 A <option>max-zone-ttl</option> of zero is treated as if
+                 the default value were in use.
                </para>
              </listitem>
            </varlistentry>

diff --git a/doc/arm/dnssec-policy.grammar.xml b/doc/arm/dnssec-policy.grammar.xml
index ae3839cbf4389f0d347011cf24ff5fafbdff2aba..d3e21a491832fa187ed0c0c1195f675c1576f6ef 100644 (file)
--- a/doc/arm/dnssec-policy.grammar.xml
+++ b/doc/arm/dnssec-policy.grammar.xml
@@ -15,6 +15,7 @@
 <command>dnssec-policy</command> <replaceable>string</replaceable> {
     <command>dnskey-ttl</command> <replaceable>duration</replaceable>;
     <command>keys</command> { ( csk | ksk | zsk ) key-directory lifetime <replaceable>duration</replaceable> algorithm <replaceable>integer</replaceable> [ <replaceable>integer</replaceable> ] ; ... };
+    <command>max-zone-ttl</command> <replaceable>duration</replaceable>;
     <command>parent-ds-ttl</command> <replaceable>duration</replaceable>;
     <command>parent-propagation-delay</command> <replaceable>duration</replaceable>;
     <command>parent-registration-delay</command> <replaceable>duration</replaceable>;
@@ -23,7 +24,6 @@
     <command>signatures-refresh</command> <replaceable>duration</replaceable>;
     <command>signatures-validity</command> <replaceable>duration</replaceable>;
     <command>signatures-validity-dnskey</command> <replaceable>duration</replaceable>;
-    <command>zone-max-ttl</command> <replaceable>duration</replaceable>;
     <command>zone-propagation-delay</command> <replaceable>duration</replaceable>;
 };
 </programlisting>

diff --git a/doc/arm/options.grammar.xml b/doc/arm/options.grammar.xml
index 64a95defb4994aa213669f76b67a314eb570c700..f1e393fae85f560929bea6e3cc7496900130788f 100644 (file)
--- a/doc/arm/options.grammar.xml
+++ b/doc/arm/options.grammar.xml
@@ -90,6 +90,7 @@
        <command>dnssec-dnskey-kskonly</command> <replaceable>boolean</replaceable>;
        <command>dnssec-loadkeys-interval</command> <replaceable>integer</replaceable>;
        <command>dnssec-must-be-secure</command> <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
+       <command>dnssec-policy</command> <replaceable>string</replaceable>;
        <command>dnssec-secure-to-insecure</command> <replaceable>boolean</replaceable>;
        <command>dnssec-update-mode</command> ( maintain | no-resign );
        <command>dnssec-validation</command> ( yes | no | auto );
@@ -239,8 +240,8 @@
            <replaceable>integer</replaceable>;
        <command>response-policy</command> { zone <replaceable>string</replaceable> [ add-soa <replaceable>boolean</replaceable> ] [ log
            <replaceable>boolean</replaceable> ] [ max-policy-ttl <replaceable>duration</replaceable> ] [ min-update-interval
-           <replaceable>duration</replaceable> ] [ policy ( cname | disabled | drop | given | no-op |
-           <command>nodata</command> | nxdomain | passthru | tcp-only <replaceable>quoted_string</replaceable> ) ] [
+           <replaceable>duration</replaceable> ] [ policy ( cname | disabled | drop | given | no-op
+           | nodata | nxdomain | passthru | tcp-only <replaceable>quoted_string</replaceable> ) ] [
            <command>recursive-only</command> <replaceable>boolean</replaceable> ] [ nsip-enable <replaceable>boolean</replaceable> ] [
            <command>nsdname-enable</command> <replaceable>boolean</replaceable> ]; ... } [ add-soa <replaceable>boolean</replaceable> ] [
            <command>break-dnssec</command> <replaceable>boolean</replaceable> ] [ max-policy-ttl <replaceable>duration</replaceable> ] [

diff --git a/doc/design/dnssec-policy b/doc/design/dnssec-policy
index 73f032b77d10925cd661d6a818278faa1237628a..ae16195518a6f70c36fde948a1fbe708afe31bb3 100644 (file)
--- a/doc/design/dnssec-policy
+++ b/doc/design/dnssec-policy
@@ -156,7 +156,7 @@ dnssec-policy "nsec3" {
     zone-soa-ttl 3600;
     zone-soa-minimum 3600;
     zone-soa-serial-update-method unixtime;
-    zone-max-ttl 24h;
+    max-zone-ttl 24h;
 
     // Parent properties
     parent-propagation-delay PT24H;

diff --git a/doc/misc/dnssec-policy.default.conf b/doc/misc/dnssec-policy.default.conf
index d94b2550f02dfe6ac11130c50a52dd55aad1b9bd..58283f2a0e4ccfc7140c2e733c16cff0010dcaa6 100644 (file)
--- a/doc/misc/dnssec-policy.default.conf
+++ b/doc/misc/dnssec-policy.default.conf
@@ -16,7 +16,7 @@ dnssec-policy "default" {
        signatures-validity-dnskey 14d;
        
        // Zone parameters
-       zone-max-ttl 86400;
+       max-zone-ttl 86400;
        zone-propagation-delay 300;
 
        // Parent parameters

diff --git a/doc/misc/options b/doc/misc/options
index c660e49c6d3348715d8b3745633255239830ccf6..57b2a4393a6964ac68ebc934975617623f52c806 100644 (file)
--- a/doc/misc/options
+++ b/doc/misc/options
@@ -25,6 +25,7 @@ dnssec-policy <string> {
         dnskey-ttl <duration>;
         keys { ( csk | ksk | zsk ) ( key-directory ) lifetime <duration>
             algorithm <integer> [ <integer> ]; ... };
+        max-zone-ttl <duration>;
         parent-ds-ttl <duration>;
         parent-propagation-delay <duration>;
         parent-registration-delay <duration>;
@@ -33,7 +34,6 @@ dnssec-policy <string> {
         signatures-refresh <duration>;
         signatures-validity <duration>;
         signatures-validity-dnskey <duration>;
-        zone-max-ttl <duration>;
         zone-propagation-delay <duration>;
 }; // may occur multiple times
 
@@ -206,7 +206,7 @@ options {
         fstrm-set-output-queue-model ( mpsc | spsc ); // not configured
         fstrm-set-output-queue-size <integer>; // not configured
         fstrm-set-reopen-interval <duration>; // not configured
-        geoip-directory ( <quoted_string> | none ); // not configured
+        geoip-directory ( <quoted_string> | none );
         geoip-use-ecs <boolean>; // obsolete
         glue-cache <boolean>;
         has-old-clients <boolean>; // ancient
@@ -227,7 +227,7 @@ options {
         listen-on-v6 [ port <integer> ] [ dscp
             <integer> ] {
             <address_match_element>; ... }; // may occur multiple times
-        lmdb-mapsize <sizeval>; // non-operational
+        lmdb-mapsize <sizeval>;
         lock-file ( <quoted_string> | none );
         maintain-ixfr-base <boolean>; // ancient
         managed-keys-directory <quoted_string>;
@@ -581,7 +581,7 @@ view <string> [ <class> ] {
         }; // may occur multiple times
         key-directory <quoted_string>;
         lame-ttl <duration>;
-        lmdb-mapsize <sizeval>; // non-operational
+        lmdb-mapsize <sizeval>;
         maintain-ixfr-base <boolean>; // ancient
         managed-keys { <string> (
             static-key | initial-key

diff --git a/doc/misc/options.active b/doc/misc/options.active
index 58a9c90afffee4a6a5a4dad9b971ff6758fbfabf..0adfbfa9ec5d23547e1a51ed1077c59f5d7543c1 100644 (file)
--- a/doc/misc/options.active
+++ b/doc/misc/options.active
@@ -25,6 +25,7 @@ dnssec-policy <string> {
         dnskey-ttl <duration>;
         keys { ( csk | ksk | zsk ) ( key-directory ) lifetime <duration>
             algorithm <integer> [ <integer> ]; ... };
+        max-zone-ttl <duration>;
         parent-ds-ttl <duration>;
         parent-propagation-delay <duration>;
         parent-registration-delay <duration>;
@@ -33,7 +34,6 @@ dnssec-policy <string> {
         signatures-refresh <duration>;
         signatures-validity <duration>;
         signatures-validity-dnskey <duration>;
-        zone-max-ttl <duration>;
         zone-propagation-delay <duration>;
 }; // may occur multiple times
 
@@ -188,7 +188,7 @@ options {
         fstrm-set-output-queue-model ( mpsc | spsc ); // not configured
         fstrm-set-output-queue-size <integer>; // not configured
         fstrm-set-reopen-interval <duration>; // not configured
-        geoip-directory ( <quoted_string> | none ); // not configured
+        geoip-directory ( <quoted_string> | none );
         glue-cache <boolean>;
         heartbeat-interval <integer>;
         hostname ( <quoted_string> | none );
@@ -205,7 +205,7 @@ options {
         listen-on-v6 [ port <integer> ] [ dscp
             <integer> ] {
             <address_match_element>; ... }; // may occur multiple times
-        lmdb-mapsize <sizeval>; // non-operational
+        lmdb-mapsize <sizeval>;
         lock-file ( <quoted_string> | none );
         managed-keys-directory <quoted_string>;
         masterfile-format ( map | raw | text );
@@ -522,7 +522,7 @@ view <string> [ <class> ] {
         }; // may occur multiple times
         key-directory <quoted_string>;
         lame-ttl <duration>;
-        lmdb-mapsize <sizeval>; // non-operational
+        lmdb-mapsize <sizeval>;
         managed-keys { <string> (
             static-key | initial-key
             | static-ds | initial-ds

diff --git a/lib/dns/keymgr.c b/lib/dns/keymgr.c
index 43d95f08751d2febaecc8bc645d69cc02108efdb..3f0b3d372b6cc928fa0ee2c9e8333ef867037b1e 100644 (file)
--- a/lib/dns/keymgr.c
+++ b/lib/dns/keymgr.c
@@ -1042,7 +1042,7 @@ keymgr_transition_time(dns_dnsseckey_t* key, int type,
                         * TTLsig is the maximum TTL of all zone RRSIG
                         * records.  This translates to:
                         *
-                        *     Dsgn + zone-propragation-delay + zone-max-ttl.
+                        *     Dsgn + zone-propragation-delay + max-zone-ttl.
                         *
                         * We will also add the retire-safety interval.
                         */

diff --git a/lib/isccfg/kaspconf.c b/lib/isccfg/kaspconf.c
index 75350ffa68bb868f3164723842fb396c849e871f..036761bdb0ed6a6adae07daa8e4bfb194a0f7acf 100644 (file)
--- a/lib/isccfg/kaspconf.c
+++ b/lib/isccfg/kaspconf.c
@@ -191,7 +191,7 @@ cfg_kasp_fromconfig(const cfg_obj_t *config, isc_mem_t* mctx,
        ISC_INSIST(!(dns_kasp_keylist_empty(kasp)));
 
        /* Configuration: Zone settings */
-       dns_kasp_setzonemaxttl(kasp, get_duration(maps, "zone-max-ttl",
+       dns_kasp_setzonemaxttl(kasp, get_duration(maps, "max-zone-ttl",
                                                  DNS_KASP_ZONE_MAXTTL));
        dns_kasp_setzonepropagationdelay(kasp, get_duration(maps,
                                                       "zone-propagation-delay",

diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
index e8838a24a1232d8d1708a25947ba5da7e8aba339..e8812e9e308c37564af143679434dcf5567542f6 100644 (file)
--- a/lib/isccfg/namedconf.c
+++ b/lib/isccfg/namedconf.c
@@ -2078,16 +2078,16 @@ static cfg_clausedef_t
 dnssecpolicy_clauses[] = {
        { "dnskey-ttl", &cfg_type_duration, 0 },
        { "keys", &cfg_type_kaspkeys, 0 },
+       { "max-zone-ttl", &cfg_type_duration, 0 },
+       { "parent-ds-ttl", &cfg_type_duration, 0 },
+       { "parent-propagation-delay", &cfg_type_duration, 0 },
+       { "parent-registration-delay", &cfg_type_duration, 0 },
        { "publish-safety", &cfg_type_duration, 0 },
        { "retire-safety", &cfg_type_duration, 0 },
        { "signatures-refresh", &cfg_type_duration, 0 },
        { "signatures-validity", &cfg_type_duration, 0 },
        { "signatures-validity-dnskey", &cfg_type_duration, 0 },
-       { "zone-max-ttl", &cfg_type_duration, 0 },
        { "zone-propagation-delay", &cfg_type_duration, 0 },
-       { "parent-ds-ttl", &cfg_type_duration, 0 },
-       { "parent-propagation-delay", &cfg_type_duration, 0 },
-       { "parent-registration-delay", &cfg_type_duration, 0 },
        { NULL, NULL, 0 }
 };