From: Matthijs Mekking <matthijs@isc.org>
Date: Thu, 18 Jun 2020 15:10:34 +0000 (+0200)
Subject: Update notes, changes for #1612
X-Git-Tag: v9.17.3~26^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e273b95a8b2e2e232391da967e5cc2bd0b65fda5;p=thirdparty%2Fbind9.git

Update notes, changes for #1612
---

diff --git a/CHANGES b/CHANGES
index 1d53a4f525f..19b891cad02 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+5451.	[func]		Add 'rndc dnssec -status' command. [GL #1612]
+
 5450.	[placeholder]
 
 5449.	[bug]		Fix a socket shutdown race in netmgr udp. [GL #1938]
diff --git a/doc/man/rndc.8in b/doc/man/rndc.8in
index 01f5ab37292..6403302a593 100644
--- a/doc/man/rndc.8in
+++ b/doc/man/rndc.8in
@@ -164,7 +164,7 @@ See also \fBrndc addzone\fP and \fBrndc modzone\fP\&.
 .TP
 \fBdnssec\fP [\fB\-status\fP \fIzone\fP [\fIclass\fP [\fIview\fP]]
 Show the DNSSEC signing state for the specified zone.  Requires the
-zone to have a \fBdnssec-policy\fP.
+zone to have a "dnssec\-policy".
 .TP
 \fBdnstap\fP ( \fB\-reopen\fP | \fB\-roll\fP [\fInumber\fP] )
 Close and re\-open DNSTAP output files. \fBrndc dnstap \-reopen\fP allows
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index ce8ddc72b43..7d161d4709f 100644
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -29,6 +29,10 @@ New Features
 Feature Changes
 ~~~~~~~~~~~~~~~
 
+- New ``rndc`` command ``rndc dnssec -status`` that shows the current
+  DNSSEC policy and keys in use, the key states and rollover status.
+  [GL #1612]
+
 - Disable and disallow static linking of BIND 9 binaries and libraries
   as BIND 9 modules require ``dlopen()`` support and static linking also
   prevents using security features like read-only relocations (RELRO) or