specify time format in the documentation for 'rdnc dnssec -checkds'

also clarified the writing in the surrounding paragraph.

(cherry picked from commit 83f9466d61b53384757170d38096d6bf55a1f73b)

diff --git a/bin/rndc/rndc.rst b/bin/rndc/rndc.rst
index 2c7c5c92df8de896b2b6d077d6ee767b5428bcce..80afcc8de81ef20764be2bb9d7d5b1429267ba46 100644 (file)
--- a/bin/rndc/rndc.rst
+++ b/bin/rndc/rndc.rst
@@ -161,14 +161,16 @@ Currently supported commands are:
    ``rndc dnssec -rollover`` allows you to schedule key rollover for a
    specific key (overriding the original key lifetime).
 
-   ``rndc dnssec -checkds`` will let ``named`` know that the DS for the given
-   key has been seen published into or withdrawn from the parent.  This is
-   required in order to complete a KSK rollover.  If the ``-key id`` argument
-   is specified, look for the key with the given identifier, otherwise if there
-   is only one key acting as a KSK in the zone, assume the DS of that key (if
-   there are multiple keys with the same tag, use ``-alg algorithm`` to
-   select the correct algorithm).  The time that the DS has been published or
-   withdrawn is set to now, unless otherwise specified with the argument ``-when time``.
+   ``rndc dnssec -checkds`` informs :iscman:`named` that the DS for
+   a specified zone's key-signing key has been confirmed to be published
+   in, or withdrawn from, the parent zone. This is required in order to
+   complete a KSK rollover.  The ``-key id`` and ``-alg algorithm`` arguments
+   can be used to specify a particular KSK, if necessary; if there is only
+   one key acting as a KSK for the zone, these arguments can be omitted.
+   The time of publication or withdrawal for the DS is set to the current
+   time by default, but can be overridden to a specific time with the
+   argument ``-when time``, where ``time`` is expressed in YYYYMMDDHHMMSS
+   notation.
 
 ``dnstap`` ( **-reopen** | **-roll** [*number*] )
    This command closes and re-opens DNSTAP output files. ``rndc dnstap -reopen`` allows

diff --git a/doc/man/rndc.8in b/doc/man/rndc.8in
index d2980df3381608cd3dc93458c379d1a500f87a05..6ec943aae5f0f6b8001457e07b10a4d1d8a5586e 100644 (file)
--- a/doc/man/rndc.8in
+++ b/doc/man/rndc.8in
@@ -171,14 +171,16 @@ zone.
 \fBrndc dnssec \-rollover\fP allows you to schedule key rollover for a
 specific key (overriding the original key lifetime).
 .sp
-\fBrndc dnssec \-checkds\fP will let \fBnamed\fP know that the DS for the given
-key has been seen published into or withdrawn from the parent.  This is
-required in order to complete a KSK rollover.  If the \fB\-key id\fP argument
-is specified, look for the key with the given identifier, otherwise if there
-is only one key acting as a KSK in the zone, assume the DS of that key (if
-there are multiple keys with the same tag, use \fB\-alg algorithm\fP to
-select the correct algorithm).  The time that the DS has been published or
-withdrawn is set to now, unless otherwise specified with the argument \fB\-when time\fP\&.
+\fBrndc dnssec \-checkds\fP informs \fBnamed\fP that the DS for
+a specified zone\(aqs key\-signing key has been confirmed to be published
+in, or withdrawn from, the parent zone. This is required in order to
+complete a KSK rollover.  The \fB\-key id\fP and \fB\-alg algorithm\fP arguments
+can be used to specify a particular KSK, if necessary; if there is only
+one key acting as a KSK for the zone, these arguments can be omitted.
+The time of publication or withdrawal for the DS is set to the current
+time by default, but can be overridden to a specific time with the
+argument \fB\-when time\fP, where \fBtime\fP is expressed in YYYYMMDDHHMMSS
+notation.
 .TP
 \fBdnstap\fP ( \fB\-reopen\fP | \fB\-roll\fP [\fInumber\fP] )
 This command closes and re\-opens DNSTAP output files. \fBrndc dnstap \-reopen\fP allows