upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-11 13:50:00 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Clarify how to print default dnssec-policy

Browse source 
Reading the source tree is unnecessarily complicated, we now have
command line option to print defaults.

(cherry picked from commit 1e1334a322)
This commit is contained in:
Petr Špaček 2024-06-07 09:45:48 +02:00
parent 2374a1a2bd
commit 560f999d28
1 changed files with 3 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
doc/arm/reference.rst
View file

@ -6433,10 +6433,9 @@ propagating DS updates.
.. _dnssec_policy_default:
Policy ``default`` causes the zone to be signed with a single combined-signing
key (CSK) using algorithm ECDSAP256SHA256; this key has an unlimited
lifetime. (A verbose copy of this policy may be found in the source
tree, in the file ``doc/misc/dnssec-policy.default.conf``.)
The policy ``default`` causes the zone to be signed with a single combined-signing
key (CSK) using the algorithm ECDSAP256SHA256; this key has an unlimited
lifetime. This policy can be displayed using the command :option:`named -C`.
.. note:: The default signing policy may change in future releases.
This could require changes to a signing policy when upgrading to a