Clarify dnssec-signzone interval option

There was confusion about whether the interval was calculated from
the validity period provided on the command line (with -s and -e),
or from the signature being replaced.

Add text to clarify that the interval is calculated from the new
validity period.

(cherry picked from commit ae42fa69fa1b1b19bdfa3c1957f8ca8fec005a24)

diff --git a/bin/dnssec/dnssec-signzone.rst b/bin/dnssec/dnssec-signzone.rst
index dcc06fe2be0d78b01fa30a4621becdc0146a22e7..02a69e978cbe6012909cc34c5f8658aca515cf6c 100644 (file)
--- a/bin/dnssec/dnssec-signzone.rst
+++ b/bin/dnssec/dnssec-signzone.rst
@@ -165,6 +165,11 @@ Options
    days. Therefore, if any existing RRSIG records are due to expire in
    less than 7.5 days, they are replaced.
 
+   Note that the calculation of cycle interval is based upon the validity
+   period of the replacement signatures that would be generated by
+   ``dnssec-signzone``, not on the valid lifetimes of the input RRSIGs being
+   considered for pre-expiry replacement.
+
 .. option:: -I input-format
 
    This option sets the format of the input zone file. Possible formats are