upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-27 12:13:20 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Document rndc dnssec -step

Browse source 
This documentation was missing from !10774.

(cherry picked from commit b1a9ce7104)
This commit is contained in:
Matthijs Mekking 2025-09-04 09:45:11 +02:00 committed by Petr Špaček
parent af2fb26325
commit 4efd3bc1f4
1 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
bin/rndc/rndc.rst
View file

@ -171,7 +171,7 @@ Currently supported commands are:
See also :option:`rndc addzone` and :option:`rndc modzone`.
.. option:: dnssec (-status | -rollover -key id [-alg algorithm] [-when time] | -checkds [-key id [-alg algorithm]] [-when time] published | withdrawn)) zone [class [view]]
.. option:: dnssec (-status | -step | -rollover -key id [-alg algorithm] [-when time] | -checkds [-key id [-alg algorithm]] [-when time] published | withdrawn)) zone [class [view]]
This command allows you to interact with the "dnssec-policy" of a given
zone.
@ -179,6 +179,13 @@ Currently supported commands are:
``rndc dnssec -status`` show the DNSSEC signing state for the specified
zone.
``rndc dnssec -step`` sends a signal to an instance of :iscman:`named` for a
zone configured with ``dnssec-policy`` in manual mode, telling it to
continue with the operations that had previously been blocked but logged.
This gives the human operator a chance to review the log messages,
understand what will happen next and then, using ``rndc dnssec -step``, to
inform :iscman:`named` to proceed to the next stage.
``rndc dnssec -rollover`` allows you to schedule key rollover for a
specific key (overriding the original key lifetime).