From: Matthijs Mekking Date: Fri, 6 May 2022 14:56:13 +0000 (+0200) Subject: Update signatures-refresh documentation X-Git-Tag: v9.19.2~12^2~3 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=74d2e7704fee7d1fa5e47615b29d1ef35b41dd9e;p=thirdparty%2Fbind9.git Update signatures-refresh documentation Mention in the ARM the new restriction about signatures-refresh. --- diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index 11a3467a6c5..7214c1fe46c 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -5351,7 +5351,9 @@ The following options can be specified in a ``dnssec-policy`` statement: refreshed. The signature is renewed when the time until the expiration time is less than the specified interval. The default is ``P5D`` (5 days), meaning signatures that expire in 5 days or sooner - are refreshed. + are refreshed. The ``signatures-refresh`` value must be less than + 90% of the minimum value of ``signatures-validity`` and + ``signatures-validity-dnskey``. ``signatures-validity`` This indicates the validity period of an RRSIG record (subject to