From: Evan Hunt Date: Fri, 6 Nov 2009 21:35:56 +0000 (+0000) Subject: 2755. [doc] Clarify documentation of keyset- files in X-Git-Tag: v9.5.2-P1~1^4~17 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=ba5329c8c140587a9fc4eabe1958479601f81fe5;p=thirdparty%2Fbind9.git 2755. [doc] Clarify documentation of keyset- files in dnssec-signzone man page. [RT #19810] --- diff --git a/CHANGES b/CHANGES index cf63a4b3230..41212ae6867 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +2755. [doc] Clarify documentation of keyset- files in + dnssec-signzone man page. [RT #19810] + 2750. [bug] dig: assertion failure could occur when a server didn't have an address. [RT #20579] diff --git a/bin/dnssec/dnssec-signzone.docbook b/bin/dnssec/dnssec-signzone.docbook index 4754c627329..a6991fa066d 100644 --- a/bin/dnssec/dnssec-signzone.docbook +++ b/bin/dnssec/dnssec-signzone.docbook @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> - + June 30, 2000 @@ -87,10 +87,10 @@ dnssec-signzone signs a zone. It generates NSEC and RRSIG records and produces a signed version of the - zone. The security status of delegations from the signed zone - (that is, whether the child zones are secure or not) is - determined by the presence or absence of a - keyset file for each child zone. + zone. It also generates a keyset- file containing + the key-signing keys for the zone, and if signing a zone which + contains delegations, it can optionally generate DS records for + the child zones from their keyset- files. @@ -150,8 +150,10 @@ -g - Generate DS records for child zones from keyset files. - Existing DS records will be removed. + If the zone contains any delegations, and there are + keyset- files for any of the child zones, + then DS records for the child zones will be generated from the + keys in those files. Existing DS records will be removed.