Explain lifetime format

Add the text "TTL-style unit suffixes or ISO 8601 duration formats",
just like we do at other places that are duration option types.

Also, in the dnssec-policy "keys" example, use a TTL-style unit too.

(cherry picked from commit b5a757c4525aa29a9bdb6037dbe40dd079394d8c)

diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst
index 1ca866c47d2826fd49a61adeaa42fa38c3b41b08..4bb477a7a5bc5d3b40277830ff9c77835b481ce9 100644 (file)
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@@ -5025,7 +5025,7 @@ The following options can be specified in a ``dnssec-policy`` statement:
 
         keys {
             ksk key-directory lifetime unlimited algorithm rsasha256 2048;
-            zsk lifetime P30D algorithm 8;
+            zsk lifetime 30d algorithm 8;
             csk lifetime P6MT12H3M15S algorithm ecdsa256;
         };
 
@@ -5044,7 +5044,11 @@ The following options can be specified in a ``dnssec-policy`` statement:
     keys in hardware security modules or separate directories.
 
     The ``lifetime`` parameter specifies how long a key may be used
-    before rolling over.  In the example above, the first key has an
+    before rolling over. For convenience, TTL-style time-unit suffixes
+    can be used to specify the key lifetime. It also accepts ISO 8601
+    duration formats.
+
+    In the example above, the first key has an
     unlimited lifetime, the second key may be used for 30 days, and the
     third key has a rather peculiar lifetime of 6 months, 12 hours, 3
     minutes, and 15 seconds.  A lifetime of 0 seconds is the same as