From b09230004bf7e64fe678851854bf4044f52c72c1 Mon Sep 17 00:00:00 2001 From: Matthijs Mekking Date: Mon, 30 Sep 2024 11:39:57 +0200 Subject: [PATCH] Restore text about sig validity and SOA expire When `sig-validity-interval` was obsoleted, the text that the signature validity interval should be multiples of the SOA expire interval was removed. Restore this text to the description of the `signatures-validity` option. --- doc/arm/reference.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index cc1a1b43c3..1c363f6662 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -6458,6 +6458,10 @@ keys This indicates the validity period of an RRSIG record (subject to inception offset and jitter). The default is ``P2W`` (2 weeks). + The :any:`signatures-validity` should be at least several multiples + of the SOA expire interval, to allow for reasonable interaction between + the various timer and expiry dates. + .. namedconf:statement:: signatures-validity-dnskey :tags: dnssec :short: Indicates the validity period of DNSKEY records.