upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-11 01:50:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Update signatures-refresh documentation

Browse source 
Mention in the ARM the new restriction about signatures-refresh.

(cherry picked from commit 74d2e7704f)
This commit is contained in:
Matthijs Mekking 2022-05-06 16:56:13 +02:00
parent 46636b8563
commit 2036a8b161
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
doc/arm/reference.rst
View file

@ -5357,7 +5357,9 @@ The following options can be specified in a ``dnssec-policy`` statement:
refreshed. The signature is renewed when the time until the
expiration time is less than the specified interval. The default is
``P5D`` (5 days), meaning signatures that expire in 5 days or sooner
are refreshed.
are refreshed. The ``signatures-refresh`` value must be less than
90% of the minimum value of ``signatures-validity`` and
``signatures-validity-dnskey``.
``signatures-validity``
This indicates the validity period of an RRSIG record (subject to