specify time format in the documentation for 'rdnc dnssec -checkds'

also clarified the writing in the surrounding paragraph.

(cherry picked from commit 83f9466d61b53384757170d38096d6bf55a1f73b)

diff --git a/bin/rndc/rndc.rst b/bin/rndc/rndc.rst
index dae85d7b79e3f64841a955ab62a50b6795e37df4..19c9d0346ef5e0917e4b74a46ad9dd2046fd84e9 100644 (file)
--- a/bin/rndc/rndc.rst
+++ b/bin/rndc/rndc.rst
@@ -176,14 +176,16 @@ Currently supported commands are:
    ``rndc dnssec -rollover`` allows you to schedule key rollover for a
    specific key (overriding the original key lifetime).
 
-   ``rndc dnssec -checkds`` will let :iscman:`named` know that the DS for the given
-   key has been seen published into or withdrawn from the parent.  This is
-   required in order to complete a KSK rollover.  If the ``-key id`` argument
-   is specified, look for the key with the given identifier, otherwise if there
-   is only one key acting as a KSK in the zone, assume the DS of that key (if
-   there are multiple keys with the same tag, use ``-alg algorithm`` to
-   select the correct algorithm).  The time that the DS has been published or
-   withdrawn is set to now, unless otherwise specified with the argument ``-when time``.
+   ``rndc dnssec -checkds`` informs :iscman:`named` that the DS for
+   a specified zone's key-signing key has been confirmed to be published
+   in, or withdrawn from, the parent zone. This is required in order to
+   complete a KSK rollover.  The ``-key id`` and ``-alg algorithm`` arguments
+   can be used to specify a particular KSK, if necessary; if there is only
+   one key acting as a KSK for the zone, these arguments can be omitted.
+   The time of publication or withdrawal for the DS is set to the current
+   time by default, but can be overridden to a specific time with the
+   argument ``-when time``, where ``time`` is expressed in YYYYMMDDHHMMSS
+   notation.
 
 .. option:: dnstap (-reopen | -roll [number])
 

diff --git a/doc/man/rndc.8in b/doc/man/rndc.8in
index 0168fb75b2d64e19b6bb79a8fc619d1918216678..5a810ed3ee2a752f18fb8baf5e0f410fb62dfb64 100644 (file)
--- a/doc/man/rndc.8in
+++ b/doc/man/rndc.8in
@@ -194,14 +194,16 @@ zone.
 \fBrndc dnssec \-rollover\fP allows you to schedule key rollover for a
 specific key (overriding the original key lifetime).
 .sp
-\fBrndc dnssec \-checkds\fP will let \fI\%named\fP know that the DS for the given
-key has been seen published into or withdrawn from the parent.  This is
-required in order to complete a KSK rollover.  If the \fB\-key id\fP argument
-is specified, look for the key with the given identifier, otherwise if there
-is only one key acting as a KSK in the zone, assume the DS of that key (if
-there are multiple keys with the same tag, use \fB\-alg algorithm\fP to
-select the correct algorithm).  The time that the DS has been published or
-withdrawn is set to now, unless otherwise specified with the argument \fB\-when time\fP\&.
+\fBrndc dnssec \-checkds\fP informs \fI\%named\fP that the DS for
+a specified zone\(aqs key\-signing key has been confirmed to be published
+in, or withdrawn from, the parent zone. This is required in order to
+complete a KSK rollover.  The \fB\-key id\fP and \fB\-alg algorithm\fP arguments
+can be used to specify a particular KSK, if necessary; if there is only
+one key acting as a KSK for the zone, these arguments can be omitted.
+The time of publication or withdrawal for the DS is set to the current
+time by default, but can be overridden to a specific time with the
+argument \fB\-when time\fP, where \fBtime\fP is expressed in YYYYMMDDHHMMSS
+notation.
 .UNINDENT
 .INDENT 0.0
 .TP