From: Matthijs Mekking <matthijs@isc.org>
Date: Tue, 22 Aug 2023 09:49:22 +0000 (+0200)
Subject: Explain lifetime format
X-Git-Tag: v9.19.17~20^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b5a757c4525aa29a9bdb6037dbe40dd079394d8c;p=thirdparty%2Fbind9.git

Explain lifetime format

Add the text "TTL-style unit suffixes or ISO 8601 duration formats",
just like we do at other places that are duration option types.

Also, in the dnssec-policy "keys" example, use a TTL-style unit too.
---

diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst
index 7db5efd6428..065f05ccce5 100644
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@@ -6188,7 +6188,7 @@ The following options can be specified in a :any:`dnssec-policy` statement:
 
         keys {
             ksk key-directory lifetime unlimited algorithm rsasha256 2048;
-            zsk lifetime P30D algorithm 8;
+            zsk lifetime 30d algorithm 8;
             csk lifetime P6MT12H3M15S algorithm ecdsa256;
         };
 
@@ -6207,7 +6207,11 @@ The following options can be specified in a :any:`dnssec-policy` statement:
     keys in hardware security modules or separate directories.
 
     The ``lifetime`` parameter specifies how long a key may be used
-    before rolling over.  In the example above, the first key has an
+    before rolling over. For convenience, TTL-style time-unit suffixes
+    can be used to specify the key lifetime. It also accepts ISO 8601
+    duration formats.
+
+    In the example above, the first key has an
     unlimited lifetime, the second key may be used for 30 days, and the
     third key has a rather peculiar lifetime of 6 months, 12 hours, 3
     minutes, and 15 seconds.  A lifetime of 0 seconds is the same as