From: Willem Toorop Date: Tue, 22 Dec 2020 09:17:06 +0000 (+0100) Subject: Better ZONEMD documentation for ldns-verify-zone X-Git-Tag: 1.8.0-rc.1~44 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=83359bfda82929841ceb820a5d9b0610f430acab;p=thirdparty%2Fldns.git Better ZONEMD documentation for ldns-verify-zone --- diff --git a/examples/ldns-verify-zone.1.in b/examples/ldns-verify-zone.1.in index beef1fc1..244da8a0 100644 --- a/examples/ldns-verify-zone.1.in +++ b/examples/ldns-verify-zone.1.in @@ -13,6 +13,8 @@ RRSIG resource records are checked against the DNSKEY set at the zone apex. Each name is checked for an NSEC(3), if appropriate. +If ZONEMD resource records are present, one of them needs to match the zone content. + .SH OPTIONS .TP \fB-h\fR diff --git a/examples/ldns-verify-zone.c b/examples/ldns-verify-zone.c index 80a1be14..c0287cf0 100644 --- a/examples/ldns-verify-zone.c +++ b/examples/ldns-verify-zone.c @@ -709,6 +709,8 @@ static void print_usage(FILE *out, const char *progname) "and verifies all signatures\n"); fprintf(out, "It also checks the NSEC(3) chain, but it " "will error on opted-out delegations\n"); + fprintf(out, "It also checks whether ZONEMDs are present, and if so, " + "needs one of them to match the zone's data.\n"); fprintf(out, "\nOPTIONS:\n"); fprintf(out, "\t-h\t\tshow this text\n"); fprintf(out, "\t-a\t\tapex only, check only the zone apex\n");