Add inline-signing to config examples

Add 'inline-signing yes;' to configuration examples to have working
copy paste configurations.

(cherry picked from commit 18d230a5844038ad3fdd438f25f83a6580f4782e)

diff --git a/doc/arm/dnssec.inc.rst b/doc/arm/dnssec.inc.rst
index f4810aeeff81a8ab100bfa5c7c1e55b09f71d46f..762e6aa58560ef44b1362ec24f579a459d0f3f2a 100644 (file)
--- a/doc/arm/dnssec.inc.rst
+++ b/doc/arm/dnssec.inc.rst
@@ -99,9 +99,13 @@ up-to-date DNSSEC practices:
         type primary;
         file "dnssec.example.db";
         dnssec-policy default;
+        inline-signing yes;
     };
 
-This single line is sufficient to create the necessary signing keys, and generate
+The :any:`dnssec-policy` statement requires dynamic DNS to be set up, or
+:any:`inline-signing` to be enabled. In the example above we use the latter.
+
+This is sufficient to create the necessary signing keys, and generate
 ``DNSKEY``, ``RRSIG``, and ``NSEC`` records for the zone. BIND also takes
 care of any DNSSEC maintenance for this zone, including replacing signatures
 that are about to expire and managing :ref:`key_rollovers`.
@@ -171,6 +175,7 @@ by configuring parental agents:
         type primary;
         file "dnssec.example.db";
         dnssec-policy default;
+        inline-signing yes;
         parental-agents { 192.0.2.1; };
     };
 

diff --git a/doc/dnssec-guide/recipes.rst b/doc/dnssec-guide/recipes.rst
index cb2c3116e25e43db1d7082a5a096f52dd490d628..56eb1a514b16aabccd768b4b0cd21c50bac8ca8c 100644 (file)
--- a/doc/dnssec-guide/recipes.rst
+++ b/doc/dnssec-guide/recipes.rst
@@ -63,6 +63,7 @@ what the :iscman:`named.conf` zone statement looks like on the primary server, 1
        file "db/example.com.db";
        key-directory "keys/example.com";
        dnssec-policy default;
+       inline-signing yes;
        allow-transfer { 192.168.1.2; 192.168.1.3; 192.168.1.4; };
    };
 
@@ -142,6 +143,7 @@ signed data via zone transfer to the other three DNS secondaries. Its
        file "db/example.com.db";
        key-directory "keys/example.com";
        dnssec-policy default;
+       inline-signing yes;
        allow-transfer { 192.168.1.2; 192.168.1.3; 192.168.1.4; };
    };
 
@@ -995,6 +997,7 @@ Here is what :iscman:`named.conf` looks like when it is signed:
        type primary;
        file "db/example.com.db";
        dnssec-policy "default";
+       inline-signing yes;
    };
 
 To indicate the reversion to unsigned, change the :any:`dnssec-policy` line:
@@ -1006,6 +1009,7 @@ To indicate the reversion to unsigned, change the :any:`dnssec-policy` line:
        type primary;
        file "db/example.com.db";
        dnssec-policy "insecure";
+       inline-signing yes;
    };
 
 Then use :option:`rndc reload` to reload the zone.

diff --git a/doc/dnssec-guide/signing.rst b/doc/dnssec-guide/signing.rst
index d1175cdb0acd6795df2ea8a4d2998f461b8205c6..7ed5b824af8125f2e1226fe8926efbb6ae2a45e6 100644 (file)
--- a/doc/dnssec-guide/signing.rst
+++ b/doc/dnssec-guide/signing.rst
@@ -835,6 +835,7 @@ this example, we'll add it to the :any:`zone` statement:
    zone "example.net" in {
        ...
        dnssec-policy standard;
+       inline-signing yes;
        ...
    };
 
@@ -916,6 +917,7 @@ presence. Let's look at the following configuration excerpt:
    zone "example.net" in {
        ...
        dnssec-policy standard;
+       inline-signing yes;
        parental-agents { "net"; };
        ...
    };