upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-10 23:00:00 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

[9.20] chg: doc: Document rndc dnssec -step

Browse source 
Related to #4606

Backport of MR !10941

Merge branch 'backport-4606-document-rndc-dnssec-step-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!10943
This commit is contained in:
Petr Špaček 2025-09-04 14:00:04 +00:00
commit 28bde42ed3
1 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
bin/rndc/rndc.rst
View file

@ -171,7 +171,7 @@ Currently supported commands are:
See also :option:`rndc addzone` and :option:`rndc modzone`.
.. option:: dnssec (-status | -rollover -key id [-alg algorithm] [-when time] | -checkds [-key id [-alg algorithm]] [-when time] published | withdrawn)) zone [class [view]]
.. option:: dnssec (-status | -step | -rollover -key id [-alg algorithm] [-when time] | -checkds [-key id [-alg algorithm]] [-when time] published | withdrawn)) zone [class [view]]
This command allows you to interact with the "dnssec-policy" of a given
zone.
@ -179,6 +179,13 @@ Currently supported commands are:
``rndc dnssec -status`` show the DNSSEC signing state for the specified
zone.
``rndc dnssec -step`` sends a signal to an instance of :iscman:`named` for a
zone configured with ``dnssec-policy`` in manual mode, telling it to
continue with the operations that had previously been blocked but logged.
This gives the human operator a chance to review the log messages,
understand what will happen next and then, using ``rndc dnssec -step``, to
inform :iscman:`named` to proceed to the next stage.
``rndc dnssec -rollover`` allows you to schedule key rollover for a
specific key (overriding the original key lifetime).