diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index 4ca55bb927..810b391ed3 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -4793,6 +4793,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
use-id-pool yes_or_no;
maintain-ixfr-base yes_or_no;
ixfr-from-differences (yes_or_no | master | slave);
+ auto-dnssec allow|maintain|off;
dnssec-enable yes_or_no;
dnssec-validation (yes_or_no | auto);
dnssec-lookaside ( auto |
@@ -4906,6 +4907,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
max-ncache-ttl number;
max-cache-ttl number;
max-zone-ttl ( unlimited | number ;
+ serial-update-method increment|unixtime|date;
sig-validity-interval number number ;
sig-signing-nodes number ;
sig-signing-signatures number ;
@@ -5722,6 +5724,26 @@ options {
+
+ dnssec-loadkeys-interval
+
+
+ When a zone is configured with auto-dnssec
+ maintain; its key repository must be checked
+ periodically to see if any new keys have been added
+ or any existing keys' timing metadata has been updated
+ (see and
+ ). The
+ dnssec-loadkeys-interval option
+ sets the frequency of automatic repository checks, in
+ minutes. The default is 60 (1 hour),
+ the minimum is 1 (1 minute), and the
+ maximum is 1440 (24 hours); any higher
+ value is silently reduced.
+
+
+
+
dnssec-update-mode
@@ -5789,6 +5811,31 @@ options {
+
+ serial-update-method
+
+
+ Zones configured for dynamic DNS may use this
+ option to set the update method that will be used for
+ the zone serial number in the SOA record.
+
+
+ With the default setting of
+ serial-update-method increment;, the
+ SOA serial number will be incremented by one each time
+ the zone is updated.
+
+
+ When set to
+ serial-update-method unixtime;, the
+ SOA serial number will be set to the number of seconds
+ since the UNIX epoch, unless the serial number is
+ already greater than or equal to that value, in which
+ case it is simply incremented by one.
+
+
+
+
zone-statistics
@@ -6674,6 +6721,49 @@ options {
+
+ auto-dnssec
+
+
+ Zones configured for dynamic DNS may use this
+ option to allow varying levels of automatic DNSSEC key
+ management. There are three possible settings:
+
+
+ auto-dnssec allow; permits
+ keys to be updated and the zone fully re-signed
+ whenever the user issues the command rndc sign
+ zonename.
+
+
+ auto-dnssec maintain; includes the
+ above, but also automatically adjusts the zone's DNSSEC
+ keys on schedule, according to the keys' timing metadata
+ (see and
+ ). The command
+ rndc sign
+ zonename causes
+ named to load keys from the key
+ repository and sign the zone with all keys that are
+ active.
+ rndc loadkeys
+ zonename causes
+ named to load keys from the key
+ repository and schedule key maintenance events to occur
+ in the future, but it does not sign the full zone
+ immediately. Note: once keys have been loaded for a
+ zone the first time, the repository will be searched
+ for changes periodically, regardless of whether
+ rndc loadkeys is used. The recheck
+ interval is defined by
+ dnssec-loadkeys-interval.)
+
+
+ The default setting is auto-dnssec off.
+
+
+
+
dnssec-enable
@@ -6961,26 +7051,6 @@ options {
-
- dnssec-loadkeys-interval
-
-
- When a zone is configured with auto-dnssec
- maintain; its key repository must be checked
- periodically to see if any new keys have been added
- or any existing keys' timing metadata has been updated
- (see and
- ). The
- dnssec-loadkeys-interval option
- sets the frequency of automatic repository checks, in
- minutes. The default is 60 (1 hour),
- the minimum is 1 (1 minute), and the
- maximum is 1440 (24 hours); any higher
- value is silently reduced.
-
-
-
-
try-tcp-refresh
@@ -11917,6 +11987,16 @@ zone zone_name class
+
+ dnssec-loadkeys-interval
+
+
+ See the description of
+ dnssec-loadkeys-interval in .
+
+
+
+
dnssec-update-mode
@@ -12401,41 +12481,9 @@ example.com. NS ns2.example.net.
auto-dnssec
- Zones configured for dynamic DNS may also use this
- option to allow varying levels of automatic DNSSEC key
- management. There are three possible settings:
-
-
- auto-dnssec allow; permits
- keys to be updated and the zone fully re-signed
- whenever the user issues the command rndc sign
- zonename.
-
-
- auto-dnssec maintain; includes the
- above, but also automatically adjusts the zone's DNSSEC
- keys on schedule, according to the keys' timing metadata
- (see and
- ). The command
- rndc sign
- zonename causes
- named to load keys from the key
- repository and sign the zone with all keys that are
- active.
- rndc loadkeys
- zonename causes
- named to load keys from the key
- repository and schedule key maintenance events to occur
- in the future, but it does not sign the full zone
- immediately. Note: once keys have been loaded for a
- zone the first time, the repository will be searched
- for changes periodically, regardless of whether
- rndc loadkeys is used. The recheck
- interval is defined by
- dnssec-loadkeys-interval.)
-
-
- The default setting is auto-dnssec off.
+ See the description of
+ auto-dnssec in
+ .
@@ -12444,23 +12492,9 @@ example.com. NS ns2.example.net.
serial-update-method
- Zones configured for dynamic DNS may use this
- option to set the update method that will be used for
- the zone serial number in the SOA record.
-
-
- With the default setting of
- serial-update-method increment;, the
- SOA serial number will be incremented by one each time
- the zone is updated.
-
-
- When set to
- serial-update-method unixtime;, the
- SOA serial number will be set to the number of seconds
- since the UNIX epoch, unless the serial number is
- already greater than or equal to that value, in which
- case it is simply incremented by one.
+ See the description of
+ serial-update-method in
+ .