upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Deduplicate max-zone-ttl definition in the ARM

Browse source 
This is confusing as hell, but we cannot fix that in the manual itself.
At least now the user is made aware of two distinct defaults.

(cherry picked from commit 405a0931ea)
This commit is contained in:
Petr Špaček 2022-06-16 16:54:12 +02:00
parent e28050e7a4
commit 40b9aa2e0b
No known key found for this signature in database
GPG key ID: ABD587CDF06581AE
1 changed files with 10 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
doc/arm/reference.rst
View file

@ -1784,14 +1784,19 @@ default is used.
of ``text`` or ``raw``, any record encountered with a TTL higher than
``max-zone-ttl`` causes the zone to be rejected.
This is useful in DNSSEC-signed zones because when rolling to a new
This is needed in DNSSEC-maintained zones because when rolling to a new
DNSKEY, the old key needs to remain available until RRSIG records
have expired from caches. The ``max-zone-ttl`` option guarantees that
the largest TTL in the zone is no higher than the set value.
The default value is ``unlimited``. A ``max-zone-ttl`` of zero is
In the :namedconf:ref:`options` and :namedconf:ref:`zone` blocks,
the default value is ``unlimited``. A ``max-zone-ttl`` of zero is
treated as ``unlimited``.
In the :namedconf:ref:`dnssec-policy` block,
the default value is ``PT24H`` (24 hours). A ``max-zone-ttl`` of
zero is treated as if the default value were in use.
.. namedconf:statement:: stale-answer-ttl
This specifies the TTL to be returned on stale answers. The default is 30
@ -5926,19 +5931,10 @@ The following options can be specified in a ``dnssec-policy`` statement:
This is similar to ``signatures-validity``, but for DNSKEY records.
The default is ``P2W`` (2 weeks).
.. namedconf:statement:: max-zone-ttl
``max-zone-ttl``
Like the ``max-zone-ttl`` zone option, this specifies the maximum
permissible TTL value, in seconds, for the zone.
This is needed in DNSSEC-maintained zones because when rolling to a
new DNSKEY, the old key needs to remain available until RRSIG
records have expired from caches. The ``max-zone-ttl`` option
guarantees that the largest TTL in the zone is no higher than the
set value.
The default value is ``PT24H`` (24 hours). A ``max-zone-ttl`` of
zero is treated as if the default value were in use.
Like the :namedconf:ref:`max-zone-ttl` zone option, this specifies the maximum
permissible TTL value, in seconds, for the zone.
.. namedconf:statement:: nsec3param