From: Evan Hunt Date: Fri, 6 Nov 2009 21:36:22 +0000 (+0000) Subject: 2755. [doc] Clarify documentation of keyset- files in X-Git-Tag: v9.6.1-P2~2^2~14 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b514948e9d5f0d26829b092811f92d96a1e0a46a;p=thirdparty%2Fbind9.git 2755. [doc] Clarify documentation of keyset- files in dnssec-signzone man page. [RT #19810] --- diff --git a/CHANGES b/CHANGES index 7eb56692944..d323230208b 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +2755. [doc] Clarify documentation of keyset- files in + dnssec-signzone man page. [RT #19810] + 2754. [bug] Secure-to-insecure transitions failed when zone was signed with NSEC3. [RT #20587] diff --git a/bin/dnssec/dnssec-signzone.docbook b/bin/dnssec/dnssec-signzone.docbook index ae1c19716c2..f204fcd60d7 100644 --- a/bin/dnssec/dnssec-signzone.docbook +++ b/bin/dnssec/dnssec-signzone.docbook @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> - + June 08, 2009 @@ -92,10 +92,10 @@ dnssec-signzone signs a zone. It generates NSEC and RRSIG records and produces a signed version of the - zone. The security status of delegations from the signed zone - (that is, whether the child zones are secure or not) is - determined by the presence or absence of a - keyset file for each child zone. + zone. It also generates a keyset- file containing + the key-signing keys for the zone, and if signing a zone which + contains delegations, it can optionally generate DS records for + the child zones from their keyset- files. @@ -155,8 +155,10 @@ -g - Generate DS records for child zones from keyset files. - Existing DS records will be removed. + If the zone contains any delegations, and there are + keyset- files for any of the child zones, + then DS records for the child zones will be generated from the + keys in those files. Existing DS records will be removed.