From: Matthijs Mekking <matthijs@isc.org>
Date: Mon, 30 Sep 2024 09:39:57 +0000 (+0200)
Subject: Restore text about sig validity and SOA expire
X-Git-Tag: v9.21.2~8^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b09230004bf7e64fe678851854bf4044f52c72c1;p=thirdparty%2Fbind9.git

Restore text about sig validity and SOA expire

When `sig-validity-interval` was obsoleted, the text that the signature
validity interval should be multiples of the SOA expire interval was
removed. Restore this text to the description of the
`signatures-validity` option.
---

diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst
index cc1a1b43c35..1c363f6662d 100644
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@@ -6458,6 +6458,10 @@ keys
     This indicates the validity period of an RRSIG record (subject to
     inception offset and jitter). The default is ``P2W`` (2 weeks).
 
+    The :any:`signatures-validity` should be at least several multiples
+    of the SOA expire interval, to allow for reasonable interaction between
+    the various timer and expiry dates.
+
 .. namedconf:statement:: signatures-validity-dnskey
    :tags: dnssec
    :short: Indicates the validity period of DNSKEY records.