.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dnssec-signzone.8,v 1.4 2000/07/26 00:47:17 bwelling Exp $
+.\" $Id: dnssec-signzone.8,v 1.5 2000/07/26 20:58:11 bwelling Exp $
.\"
.Dd Jun 30, 2000
.Dt DNSSEC-SIGNZONE 8
defaults to an expire time of 30 days from the start time of the SIG
records.
.Pp
+When a previously signed zone is passed as input to
+.Nm dnssec-signzone ,
+records may be resigned. Whether or not to resign records is configurable
+by using the
+.Fl c
+option, which specifies the cycle period as an offset from the current time
+(in seconds). If a SIG record expires after the cycle period, it is retained.
+Otherwise, it is considered to be expiring soon, and
.Nm dnssec-signzone
-can automatically re-sign records if their signatures expire before
-the expiry date that applies for the current zone signing activity.
-This would apply to a zone that has previously been signed.
-The decision to generate a new SIG record is determined by the cycle
-time.
-If the current SIG record expires after the cycle time, it is left
-alone.
-If it expires before the cycle time, the SIG record is considered to
-be close to expiry.
-Therefore
-.Nm dnssec-signzone
-creates a new SIG record to replace then one that is about to expire.
+will remove it and generate a new SIG record to replace it.
.Pp
-The default cycle time is quarter of the difference between the
-signature end and start dates for the current invocation of
-.Nm dnssec-signzone .
-So if the
+The default cycle period is one quarter of the difference between the
+specified signature end and start dates. So if the
.Fl e
and
.Fl s
options are not specified,
.Nm dnssec-signzone
-generates signatures that are valid for 30 days from the current
-date by default.
-The cycle time would be 7.5 days from the current date.
-Therefore any SIG records that
-were due to expire in that time would be replaced with new ones.
-.Pp
-The
-.Fl c
-option can be used to change the cycle time.
-.Ar cycle-time
-indicates the number of seconds from the current time that should be
-used to
-set the cycle time and
-determine when fresh SIG records should be generated.
+generates signatures that are valid for 30 days from the current date
+by default, with a cycle period of 7.5 days. Therefore, if any SIG records
+are due to expire in less than 7.5 days, they would be replaced
+with new ones.
.Pp
The
.Fl p
.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dnssec-signzone.8,v 1.4 2000/07/26 00:47:17 bwelling Exp $
+.\" $Id: dnssec-signzone.8,v 1.5 2000/07/26 20:58:11 bwelling Exp $
.\"
.Dd Jun 30, 2000
.Dt DNSSEC-SIGNZONE 8
defaults to an expire time of 30 days from the start time of the SIG
records.
.Pp
+When a previously signed zone is passed as input to
+.Nm dnssec-signzone ,
+records may be resigned. Whether or not to resign records is configurable
+by using the
+.Fl c
+option, which specifies the cycle period as an offset from the current time
+(in seconds). If a SIG record expires after the cycle period, it is retained.
+Otherwise, it is considered to be expiring soon, and
.Nm dnssec-signzone
-can automatically re-sign records if their signatures expire before
-the expiry date that applies for the current zone signing activity.
-This would apply to a zone that has previously been signed.
-The decision to generate a new SIG record is determined by the cycle
-time.
-If the current SIG record expires after the cycle time, it is left
-alone.
-If it expires before the cycle time, the SIG record is considered to
-be close to expiry.
-Therefore
-.Nm dnssec-signzone
-creates a new SIG record to replace then one that is about to expire.
+will remove it and generate a new SIG record to replace it.
.Pp
-The default cycle time is quarter of the difference between the
-signature end and start dates for the current invocation of
-.Nm dnssec-signzone .
-So if the
+The default cycle period is one quarter of the difference between the
+specified signature end and start dates. So if the
.Fl e
and
.Fl s
options are not specified,
.Nm dnssec-signzone
-generates signatures that are valid for 30 days from the current
-date by default.
-The cycle time would be 7.5 days from the current date.
-Therefore any SIG records that
-were due to expire in that time would be replaced with new ones.
-.Pp
-The
-.Fl c
-option can be used to change the cycle time.
-.Ar cycle-time
-indicates the number of seconds from the current time that should be
-used to
-set the cycle time and
-determine when fresh SIG records should be generated.
+generates signatures that are valid for 30 days from the current date
+by default, with a cycle period of 7.5 days. Therefore, if any SIG records
+are due to expire in less than 7.5 days, they would be replaced
+with new ones.
.Pp
The
.Fl p
projects / thirdparty / bind9.git / commitdiff
