From 003423974ba71a1c2f3044d2f1576f75bdeaf47a Mon Sep 17 00:00:00 2001 From: Suzanne Goldlust Date: Fri, 17 Jun 2022 15:06:23 +0000 Subject: [PATCH] Minor grammar improvements in the Signing chapter of the DNSSEC Guide (cherry picked from commit 6b1ad4dcfba41585be42b94592ee924b7b781cf5) --- doc/arm/dnssec.inc.rst | 2 +- doc/dnssec-guide/signing.rst | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/arm/dnssec.inc.rst b/doc/arm/dnssec.inc.rst index b0f7dee3e8..99515b492b 100644 --- a/doc/arm/dnssec.inc.rst +++ b/doc/arm/dnssec.inc.rst @@ -147,7 +147,7 @@ This ``custom`` policy, for example: rotated after one year and the ZSK after 60 days. Also: - - The configured keys also have a lifetime set and use the ECDSAP384SHA384 + - The configured keys have a lifetime set and use the ECDSAP384SHA384 algorithm. - The last line instructs BIND to generate NSEC3 records for :ref:`Proof of Non-Existence `, diff --git a/doc/dnssec-guide/signing.rst b/doc/dnssec-guide/signing.rst index 5495be2658..1d19908323 100644 --- a/doc/dnssec-guide/signing.rst +++ b/doc/dnssec-guide/signing.rst @@ -1149,7 +1149,7 @@ ZSK, and 257 is KSK. The name of the file also tells us something about the contents. See chapter :ref:`zone_keys` for more details. -Make sure these files are readable by :iscman:`named` and make sure that the +Make sure that these files are readable by :iscman:`named` and that the ``.private`` files are not readable by anyone else. Alternativelly, the :iscman:`dnssec-keyfromlabel` program is used to get a key @@ -1429,7 +1429,7 @@ and the KSK file name. This also generates a plain-text file to provide the parent zone administrators with the ``DNSKEY`` records (or their corresponding ``DS`` records) that are the secure entry point to the zone. -Finally, you'll need to update :iscman:`named.conf` to load the signed version +Finally, :iscman:`named.conf` needs to be updated to load the signed version of the zone, which looks something like this: .. code-block:: none