From: Tony Finch Date: Wed, 13 Mar 2019 15:47:31 +0000 (+0000) Subject: A bit more cleanup in the dnssec-keygen manual X-Git-Tag: v9.15.0~93^2 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=acc3fa04b7ea29d72637f5166469a88d7f4208b8;p=thirdparty%2Fbind9.git A bit more cleanup in the dnssec-keygen manual Remove another remnant of shared secret HMAC-MD5 support. Explain that with currently recommended setups DNSKEY records are inserted automatically, but you can still use $INCLUDE in other cases. --- diff --git a/CHANGES b/CHANGES index 07f0c17d4e5..32cbd6e99fd 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,5 @@ +5186. [cleanup] More dnssec-keygen manual tidying. [GL !1678] + 5185. [placeholder] 5184. [bug] Missing unlocks in sdlz.c. [GL #936] diff --git a/bin/dnssec/dnssec-keygen.docbook b/bin/dnssec/dnssec-keygen.docbook index a56ded92b90..8d157adb54a 100644 --- a/bin/dnssec/dnssec-keygen.docbook +++ b/bin/dnssec/dnssec-keygen.docbook @@ -571,10 +571,12 @@ key. - The .key file contains a DNS KEY record - that - can be inserted into a zone file (directly or with a $INCLUDE - statement). + The .key file contains a DNSKEY or KEY record. + When a zone is being signed by named + or dnssec-signzone , DNSKEY + records are included automatically. In other cases, + the .key file can be inserted into a zone file + manually or with a $INCLUDE statement. The .private file contains @@ -582,11 +584,6 @@ fields. For obvious security reasons, this file does not have general read permission. - - Both .key and .private - files are generated for symmetric cryptography algorithms such as - HMAC-MD5, even though the public and private key are equivalent. - EXAMPLE