Deduplicate key filename description in the DNSSEC Guide

Third time ... (cherry picked from commit 7e96801841)
2026-05-28 04:34:54 -04:00 · 2022-06-16 13:48:55 +02:00 · 2022-06-16 13:48:55 +02:00 · 99ef4f254f
commit 99ef4f254f
parent 06b02f2b4a
2 changed files with 3 additions and 11 deletions
--- a/doc/arm/dnssec.inc.rst
+++ b/doc/arm/dnssec.inc.rst
@ -52,6 +52,8 @@ during the lifetime of a DNS zone:
  - :ref:`dnssec_dynamic_zones` - only for special needs
  - :ref:`dnssec_tools` - discouraged, use only for debugging

+.. _zone_keys:
+
 Zone keys
 ^^^^^^^^^
 Regardless of the :ref:`zone-signing <dnssec_zone_signing>` method in use, cryptographic keys are
--- a/doc/dnssec-guide/signing.rst
+++ b/doc/dnssec-guide/signing.rst
@ -1147,17 +1147,7 @@ looking at the actual DNSKEY record, we can tell them apart: 256 is
 ZSK, and 257 is KSK.

 The name of the file also tells us something
-about the contents. The file names are of the form:
-
-::
-
-   K<zone-name>+<algorithm-id>+<keyid>
-
-The "zone name" is self-explanatory. The "algorithm ID" is a number assigned
-to the algorithm used to construct the key: the number appears in the
-DNSKEY resource record. In
-our example, 8 means the algorithm RSASHA256. Finally, the "keyid" is
-essentially a hash of the key itself.
+about the contents. See chapter :ref:`zone_keys` for more details.

 Make sure these files are readable by :iscman:`named` and make sure that the
 ``.private`` files are not readable by anyone else.