upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-11 12:50:00 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

The cycle text was even more confusing than it is now.

Browse source
This commit is contained in:
Brian Wellington 2000-07-26 20:58:11 +00:00
parent 6d016e34bf
commit 10680f2169
2 changed files with 32 additions and 62 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

47
bin/dnssec/dnssec-signzone.8
View file

@ -14,7 +14,7 @@
.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: dnssec-signzone.8,v 1.4 2000/07/26 00:47:17 bwelling Exp $
.\" $Id: dnssec-signzone.8,v 1.5 2000/07/26 20:58:11 bwelling Exp $
.\"
.Dd Jun 30, 2000
.Dt DNSSEC-SIGNZONE 8
@ -141,43 +141,28 @@ When no expiry date is set for the SIG records,
defaults to an expire time of 30 days from the start time of the SIG
records.
.Pp
When a previously signed zone is passed as input to
.Nm dnssec-signzone ,
records may be resigned. Whether or not to resign records is configurable
by using the
.Fl c
option, which specifies the cycle period as an offset from the current time
(in seconds). If a SIG record expires after the cycle period, it is retained.
Otherwise, it is considered to be expiring soon, and
.Nm dnssec-signzone
can automatically re-sign records if their signatures expire before
the expiry date that applies for the current zone signing activity.
This would apply to a zone that has previously been signed.
The decision to generate a new SIG record is determined by the cycle
time.
If the current SIG record expires after the cycle time, it is left
alone.
If it expires before the cycle time, the SIG record is considered to
be close to expiry.
Therefore
.Nm dnssec-signzone
creates a new SIG record to replace then one that is about to expire.
will remove it and generate a new SIG record to replace it.
.Pp
The default cycle time is quarter of the difference between the
signature end and start dates for the current invocation of
.Nm dnssec-signzone .
So if the
The default cycle period is one quarter of the difference between the
specified signature end and start dates. So if the
.Fl e
and
.Fl s
options are not specified,
.Nm dnssec-signzone
generates signatures that are valid for 30 days from the current
date by default.
The cycle time would be 7.5 days from the current date.
Therefore any SIG records that
were due to expire in that time would be replaced with new ones.
.Pp
The
.Fl c
option can be used to change the cycle time.
.Ar cycle-time
indicates the number of seconds from the current time that should be
used to
set the cycle time and
determine when fresh SIG records should be generated.
generates signatures that are valid for 30 days from the current date
by default, with a cycle period of 7.5 days. Therefore, if any SIG records
are due to expire in less than 7.5 days, they would be replaced
with new ones.
.Pp
The
.Fl p

47
doc/man/dnssec/dnssec-signzone.8
View file

@ -14,7 +14,7 @@
.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: dnssec-signzone.8,v 1.4 2000/07/26 00:47:17 bwelling Exp $
.\" $Id: dnssec-signzone.8,v 1.5 2000/07/26 20:58:11 bwelling Exp $
.\"
.Dd Jun 30, 2000
.Dt DNSSEC-SIGNZONE 8
@ -141,43 +141,28 @@ When no expiry date is set for the SIG records,
defaults to an expire time of 30 days from the start time of the SIG
records.
.Pp
When a previously signed zone is passed as input to
.Nm dnssec-signzone ,
records may be resigned. Whether or not to resign records is configurable
by using the
.Fl c
option, which specifies the cycle period as an offset from the current time
(in seconds). If a SIG record expires after the cycle period, it is retained.
Otherwise, it is considered to be expiring soon, and
.Nm dnssec-signzone
can automatically re-sign records if their signatures expire before
the expiry date that applies for the current zone signing activity.
This would apply to a zone that has previously been signed.
The decision to generate a new SIG record is determined by the cycle
time.
If the current SIG record expires after the cycle time, it is left
alone.
If it expires before the cycle time, the SIG record is considered to
be close to expiry.
Therefore
.Nm dnssec-signzone
creates a new SIG record to replace then one that is about to expire.
will remove it and generate a new SIG record to replace it.
.Pp
The default cycle time is quarter of the difference between the
signature end and start dates for the current invocation of
.Nm dnssec-signzone .
So if the
The default cycle period is one quarter of the difference between the
specified signature end and start dates. So if the
.Fl e
and
.Fl s
options are not specified,
.Nm dnssec-signzone
generates signatures that are valid for 30 days from the current
date by default.
The cycle time would be 7.5 days from the current date.
Therefore any SIG records that
were due to expire in that time would be replaced with new ones.
.Pp
The
.Fl c
option can be used to change the cycle time.
.Ar cycle-time
indicates the number of seconds from the current time that should be
used to
set the cycle time and
determine when fresh SIG records should be generated.
generates signatures that are valid for 30 days from the current date
by default, with a cycle period of 7.5 days. Therefore, if any SIG records
are due to expire in less than 7.5 days, they would be replaced
with new ones.
.Pp
The
.Fl p