From 82181d3932af2a7990bf072b48a09b0617d9ebb6 Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Thu, 17 Sep 2015 09:37:23 -0700 Subject: [PATCH] [v9_10] some options were in the wrong section of the ARM --- doc/arm/Bv9ARM-book.xml | 178 ++++++++++++++++++++++++---------------- 1 file changed, 106 insertions(+), 72 deletions(-) diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml index 4ca55bb927..810b391ed3 100644 --- a/doc/arm/Bv9ARM-book.xml +++ b/doc/arm/Bv9ARM-book.xml @@ -4793,6 +4793,7 @@ badresp:1,adberr:0,findfail:0,valfail:0] use-id-pool yes_or_no; maintain-ixfr-base yes_or_no; ixfr-from-differences (yes_or_no | master | slave); + auto-dnssec allow|maintain|off; dnssec-enable yes_or_no; dnssec-validation (yes_or_no | auto); dnssec-lookaside ( auto | @@ -4906,6 +4907,7 @@ badresp:1,adberr:0,findfail:0,valfail:0] max-ncache-ttl number; max-cache-ttl number; max-zone-ttl ( unlimited | number ; + serial-update-method increment|unixtime|date; sig-validity-interval number number ; sig-signing-nodes number ; sig-signing-signatures number ; @@ -5722,6 +5724,26 @@ options { + + dnssec-loadkeys-interval + + + When a zone is configured with auto-dnssec + maintain; its key repository must be checked + periodically to see if any new keys have been added + or any existing keys' timing metadata has been updated + (see and + ). The + dnssec-loadkeys-interval option + sets the frequency of automatic repository checks, in + minutes. The default is 60 (1 hour), + the minimum is 1 (1 minute), and the + maximum is 1440 (24 hours); any higher + value is silently reduced. + + + + dnssec-update-mode @@ -5789,6 +5811,31 @@ options { + + serial-update-method + + + Zones configured for dynamic DNS may use this + option to set the update method that will be used for + the zone serial number in the SOA record. + + + With the default setting of + serial-update-method increment;, the + SOA serial number will be incremented by one each time + the zone is updated. + + + When set to + serial-update-method unixtime;, the + SOA serial number will be set to the number of seconds + since the UNIX epoch, unless the serial number is + already greater than or equal to that value, in which + case it is simply incremented by one. + + + + zone-statistics @@ -6674,6 +6721,49 @@ options { + + auto-dnssec + + + Zones configured for dynamic DNS may use this + option to allow varying levels of automatic DNSSEC key + management. There are three possible settings: + + + auto-dnssec allow; permits + keys to be updated and the zone fully re-signed + whenever the user issues the command rndc sign + zonename. + + + auto-dnssec maintain; includes the + above, but also automatically adjusts the zone's DNSSEC + keys on schedule, according to the keys' timing metadata + (see and + ). The command + rndc sign + zonename causes + named to load keys from the key + repository and sign the zone with all keys that are + active. + rndc loadkeys + zonename causes + named to load keys from the key + repository and schedule key maintenance events to occur + in the future, but it does not sign the full zone + immediately. Note: once keys have been loaded for a + zone the first time, the repository will be searched + for changes periodically, regardless of whether + rndc loadkeys is used. The recheck + interval is defined by + dnssec-loadkeys-interval.) + + + The default setting is auto-dnssec off. + + + + dnssec-enable @@ -6961,26 +7051,6 @@ options { - - dnssec-loadkeys-interval - - - When a zone is configured with auto-dnssec - maintain; its key repository must be checked - periodically to see if any new keys have been added - or any existing keys' timing metadata has been updated - (see and - ). The - dnssec-loadkeys-interval option - sets the frequency of automatic repository checks, in - minutes. The default is 60 (1 hour), - the minimum is 1 (1 minute), and the - maximum is 1440 (24 hours); any higher - value is silently reduced. - - - - try-tcp-refresh @@ -11917,6 +11987,16 @@ zone zone_name class + + dnssec-loadkeys-interval + + + See the description of + dnssec-loadkeys-interval in . + + + + dnssec-update-mode @@ -12401,41 +12481,9 @@ example.com. NS ns2.example.net. auto-dnssec - Zones configured for dynamic DNS may also use this - option to allow varying levels of automatic DNSSEC key - management. There are three possible settings: - - - auto-dnssec allow; permits - keys to be updated and the zone fully re-signed - whenever the user issues the command rndc sign - zonename. - - - auto-dnssec maintain; includes the - above, but also automatically adjusts the zone's DNSSEC - keys on schedule, according to the keys' timing metadata - (see and - ). The command - rndc sign - zonename causes - named to load keys from the key - repository and sign the zone with all keys that are - active. - rndc loadkeys - zonename causes - named to load keys from the key - repository and schedule key maintenance events to occur - in the future, but it does not sign the full zone - immediately. Note: once keys have been loaded for a - zone the first time, the repository will be searched - for changes periodically, regardless of whether - rndc loadkeys is used. The recheck - interval is defined by - dnssec-loadkeys-interval.) - - - The default setting is auto-dnssec off. + See the description of + auto-dnssec in + . @@ -12444,23 +12492,9 @@ example.com. NS ns2.example.net. serial-update-method - Zones configured for dynamic DNS may use this - option to set the update method that will be used for - the zone serial number in the SOA record. - - - With the default setting of - serial-update-method increment;, the - SOA serial number will be incremented by one each time - the zone is updated. - - - When set to - serial-update-method unixtime;, the - SOA serial number will be set to the number of seconds - since the UNIX epoch, unless the serial number is - already greater than or equal to that value, in which - case it is simply incremented by one. + See the description of + serial-update-method in + .