upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Document sig0key-checks-limit and sig0message-checks-limit

Browse source
This commit is contained in:
Aram Sargsyan 2025-01-21 13:44:09 +00:00 committed by Arаm Sаrgsyаn
parent 716b936045
commit 5861c10dfb
1 changed files with 20 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
doc/arm/reference.rst
View file

@ -3936,6 +3936,26 @@ system.
2001:db8::100;
};
.. namedconf:statement:: sig0key-checks-limit
:tags: server
:short: Specifies the maximum number of SIG(0) keys to consider when trying to verify a message.
This is the maximum number of keys to consider for a SIG(0)-signed message
when trying to verify it. :iscman:`named` will parse the candidate keys and
check whether their key tag and algorithm matches with the expected one
before trying to verify the signature. If the limit is reached the message
verification fails. The value of ``0`` disables the limitation. The default
is ``16``.
.. namedconf:statement:: sig0message-checks-limit
:tags: server
:short: Specifies the maximum number of matching SIG(0) keys to try to verify a message.
This is the maximum number of keys which (when correctly parsed and matched
against the expected key tag and algorithm) :iscman:`named` uses to verify
a SIG(0)-signed message. If the limit is reached the message verification
fails. The value of ``0`` disables the limitation. The default is ``2``.
.. _intervals:
Periodic Task Intervals