From 90af20349e9834f651c45a917f9bdb3eebd43591 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Fri, 7 Jun 2024 09:45:48 +0200 Subject: [PATCH] Clarify how to print default dnssec-policy Reading the source tree is unnecessarily complicated, we now have command line option to print defaults. (cherry picked from commit 1e1334a32206d26c3f9762e5b5364b5b19f65761) --- doc/arm/reference.rst | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index 9dfda0f6fc..a1b3e2e2a7 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -6388,10 +6388,9 @@ propagating DS updates. .. _dnssec_policy_default: -Policy ``default`` causes the zone to be signed with a single combined-signing -key (CSK) using algorithm ECDSAP256SHA256; this key has an unlimited -lifetime. (A verbose copy of this policy may be found in the source -tree, in the file ``doc/misc/dnssec-policy.default.conf``.) +The policy ``default`` causes the zone to be signed with a single combined-signing +key (CSK) using the algorithm ECDSAP256SHA256; this key has an unlimited +lifetime. This policy can be displayed using the command :option:`named -C`. .. note:: The default signing policy may change in future releases. This could require changes to a signing policy when upgrading to a