From e25f165bdd7a74f70c2e1dadd8d16d556e234ad2 Mon Sep 17 00:00:00 2001
From: Matthijs Mekking <matthijs@isc.org>
Date: Mon, 30 Sep 2024 11:39:57 +0200
Subject: [PATCH 1/2] Restore text about sig validity and SOA expire

When `sig-validity-interval` was obsoleted, the text that the signature
validity interval should be multiples of the SOA expire interval was
removed. Restore this text to the description of the
`signatures-validity` option.

(cherry picked from commit b09230004bf7e64fe678851854bf4044f52c72c1)
---
 doc/arm/reference.rst | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst
index 293e7ca581..88a44045ba 100644
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@@ -6642,6 +6642,10 @@ keys
     This indicates the validity period of an RRSIG record (subject to
     inception offset and jitter). The default is ``P2W`` (2 weeks).
 
+    The :any:`signatures-validity` should be at least several multiples
+    of the SOA expire interval, to allow for reasonable interaction between
+    the various timer and expiry dates.
+
 .. namedconf:statement:: signatures-validity-dnskey
    :tags: dnssec
    :short: Indicates the validity period of DNSKEY records.

From 2267394f0a3dd99474e384df97750f8d02a7a073 Mon Sep 17 00:00:00 2001
From: Matthijs Mekking <matthijs@isc.org>
Date: Mon, 30 Sep 2024 11:49:07 +0200
Subject: [PATCH 2/2] Update example.com zone SOA expire value

The example.com zone file given in the "Configurations and Zone Files"
chapter has an SOA expire of 3 weeks, which is not a multiple of
the default signatures-validity value. Adjust the SOA expire so that
it is much lower than the signatures-validity default.

(cherry picked from commit 8aa94931c3cb65293518f5b4d9c8805c3ecd005f)
---
 doc/arm/config-intro.inc.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/arm/config-intro.inc.rst b/doc/arm/config-intro.inc.rst
index d041eccf5f..f947662522 100644
--- a/doc/arm/config-intro.inc.rst
+++ b/doc/arm/config-intro.inc.rst
@@ -104,7 +104,7 @@ features where appropriate.  Zone files consist of :ref:`Resource Records (RR)
                                         2003080800 ; serial number
                                         12h        ; refresh
                                         15m        ; update retry
-                                        3w         ; expiry
+                                        4d         ; expiry
                                         2h         ; minimum
                                         )
         ; name server RR for the domain