upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-14 00:20:00 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add dnssec-policy text for dnssec-importkey

Browse source 
You should not use dnssec-importkey to import DNSKEY records from
other providers (for example when setting up multi-signer).

Clarify this in the manpage.

(cherry picked from commit 4df536e0dc)
This commit is contained in:
Matthijs Mekking 2025-10-08 09:44:54 +02:00
parent 00fd400a6d
commit 7fae4edd6c
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
bin/dnssec/dnssec-importkey.rst
View file

@ -40,6 +40,11 @@ possible to set publication (:option:`-P`) and deletion (:option:`-D`) times for
key, which means the public key can be added to and removed from the
DNSKEY RRset on schedule even if the true private key is stored offline.
When using ``dnssec-policy``, do not use :program:`dnssec-importkey` to
import key files that cannot be used for signing. In this case, simply publish the
imported DNSKEY record in the zone, and make sure that the files are outside
the configured ``key-directory``.
Options
~~~~~~~