From 99ef4f254f3b2e9e4bd71f6334ac0fd1f2e72cab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Thu, 16 Jun 2022 13:48:55 +0200 Subject: [PATCH] Deduplicate key filename description in the DNSSEC Guide Third time ... (cherry picked from commit 7e9680184121b19f26cf51d599a9579006c6381d) --- doc/arm/dnssec.inc.rst | 2 ++ doc/dnssec-guide/signing.rst | 12 +----------- 2 files changed, 3 insertions(+), 11 deletions(-) diff --git a/doc/arm/dnssec.inc.rst b/doc/arm/dnssec.inc.rst index f3722283a3..2e14d163ac 100644 --- a/doc/arm/dnssec.inc.rst +++ b/doc/arm/dnssec.inc.rst @@ -52,6 +52,8 @@ during the lifetime of a DNS zone: - :ref:`dnssec_dynamic_zones` - only for special needs - :ref:`dnssec_tools` - discouraged, use only for debugging +.. _zone_keys: + Zone keys ^^^^^^^^^ Regardless of the :ref:`zone-signing ` method in use, cryptographic keys are diff --git a/doc/dnssec-guide/signing.rst b/doc/dnssec-guide/signing.rst index 6effd7f27c..0581b96f9b 100644 --- a/doc/dnssec-guide/signing.rst +++ b/doc/dnssec-guide/signing.rst @@ -1147,17 +1147,7 @@ looking at the actual DNSKEY record, we can tell them apart: 256 is ZSK, and 257 is KSK. The name of the file also tells us something -about the contents. The file names are of the form: - -:: - - K++ - -The "zone name" is self-explanatory. The "algorithm ID" is a number assigned -to the algorithm used to construct the key: the number appears in the -DNSKEY resource record. In -our example, 8 means the algorithm RSASHA256. Finally, the "keyid" is -essentially a hash of the key itself. +about the contents. See chapter :ref:`zone_keys` for more details. Make sure these files are readable by :iscman:`named` and make sure that the ``.private`` files are not readable by anyone else.