Update signatures-refresh documentation

author Matthijs Mekking <matthijs@isc.org>

Fri, 6 May 2022 14:56:13 +0000 (16:56 +0200)

committer Matthijs Mekking <matthijs@isc.org>

Tue, 31 May 2022 15:16:46 +0000 (17:16 +0200)
author Matthijs Mekking <matthijs@isc.org>
Fri, 6 May 2022 14:56:13 +0000 (16:56 +0200)
committer Matthijs Mekking <matthijs@isc.org>
Tue, 31 May 2022 15:16:46 +0000 (17:16 +0200)
diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst

index 0d6d23f7bf0c90ff07c799e657c6a64f9cca825e..a21cef9c2adce39177e8f7509af9fb8f08e2e1ce 100644 (file)
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@@ -5357,7 +5357,9 @@ The following options can be specified in a ``dnssec-policy`` statement:
      refreshed.  The signature is renewed when the time until the
      expiration time is less than the specified interval.  The default is
      ``P5D`` (5 days), meaning signatures that expire in 5 days or sooner
-    are refreshed.
+    are refreshed. The ``signatures-refresh`` value must be less than
+    90% of the minimum value of ``signatures-validity`` and
+    ``signatures-validity-dnskey``.
  
    ``signatures-validity``
      This indicates the validity period of an RRSIG record (subject to
author	Matthijs Mekking <matthijs@isc.org>
	Fri, 6 May 2022 14:56:13 +0000 (16:56 +0200)
committer	Matthijs Mekking <matthijs@isc.org>
	Tue, 31 May 2022 15:16:46 +0000 (17:16 +0200)