From 560f999d28461616804304eefd4ffdaa83853b77 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Fri, 7 Jun 2024 09:45:48 +0200 Subject: [PATCH] Clarify how to print default dnssec-policy Reading the source tree is unnecessarily complicated, we now have command line option to print defaults. (cherry picked from commit 1e1334a32206d26c3f9762e5b5364b5b19f65761) --- doc/arm/reference.rst | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index 4e2998ec13..a075e29bef 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -6433,10 +6433,9 @@ propagating DS updates. .. _dnssec_policy_default: -Policy ``default`` causes the zone to be signed with a single combined-signing -key (CSK) using algorithm ECDSAP256SHA256; this key has an unlimited -lifetime. (A verbose copy of this policy may be found in the source -tree, in the file ``doc/misc/dnssec-policy.default.conf``.) +The policy ``default`` causes the zone to be signed with a single combined-signing +key (CSK) using the algorithm ECDSAP256SHA256; this key has an unlimited +lifetime. This policy can be displayed using the command :option:`named -C`. .. note:: The default signing policy may change in future releases. This could require changes to a signing policy when upgrading to a