From: Petr Špaček Date: Thu, 16 Jun 2022 11:48:55 +0000 (+0200) Subject: Deduplicate key filename description in the DNSSEC Guide X-Git-Tag: v9.16.31~3^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dd46af7f59cf758bf9ef16d654c22978c58a298c;p=thirdparty%2Fbind9.git Deduplicate key filename description in the DNSSEC Guide Third time ... (cherry picked from commit 7e9680184121b19f26cf51d599a9579006c6381d) --- diff --git a/doc/dnssec-guide/signing.rst b/doc/dnssec-guide/signing.rst index c88937dfd6f..334498e2411 100644 --- a/doc/dnssec-guide/signing.rst +++ b/doc/dnssec-guide/signing.rst @@ -1148,17 +1148,7 @@ looking at the actual DNSKEY record, we can tell them apart: 256 is ZSK, and 257 is KSK. The name of the file also tells us something -about the contents. The file names are of the form: - -:: - - K++ - -The "zone name" is self-explanatory. The "algorithm ID" is a number assigned -to the algorithm used to construct the key: the number appears in the -DNSKEY resource record. In -our example, 8 means the algorithm RSASHA256. Finally, the "keyid" is -essentially a hash of the key itself. +about the contents. See chapter :ref:`zone_keys` for more details. Make sure these files are readable by ``named`` and make sure that the ``.private`` files are not readable by anyone else.