+2755. [doc] Clarify documentation of keyset- files in
+ dnssec-signzone man page. [RT #19810]
+
2754. [bug] Secure-to-insecure transitions failed when zone
was signed with NSEC3. [RT #20587]
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-signzone.docbook,v 1.31.44.7 2009/06/22 05:05:01 marka Exp $ -->
+<!-- $Id: dnssec-signzone.docbook,v 1.31.44.8 2009/11/06 21:36:22 each Exp $ -->
<refentry id="man.dnssec-signzone">
<refentryinfo>
<date>June 08, 2009</date>
<para><command>dnssec-signzone</command>
signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
- zone. The security status of delegations from the signed zone
- (that is, whether the child zones are secure or not) is
- determined by the presence or absence of a
- <filename>keyset</filename> file for each child zone.
+ zone. It also generates a <filename>keyset-</filename> file containing
+ the key-signing keys for the zone, and if signing a zone which
+ contains delegations, it can optionally generate DS records for
+ the child zones from their <filename>keyset-</filename> files.
</para>
</refsect1>
<term>-g</term>
<listitem>
<para>
- Generate DS records for child zones from keyset files.
- Existing DS records will be removed.
+ If the zone contains any delegations, and there are
+ <filename>keyset-</filename> files for any of the child zones,
+ then DS records for the child zones will be generated from the
+ keys in those files. Existing DS records will be removed.
</para>
</listitem>
</varlistentry>
projects / thirdparty / bind9.git / commitdiff
