From bfb69095ae36154a6440ce89b972c17fd0e4c692 Mon Sep 17 00:00:00 2001
From: Brian Wellington <source@isc.org>
Date: Mon, 6 Nov 2000 19:52:45 +0000
Subject: [PATCH] The intermediate files produced by the dnssec tools have a
 different naming convention than in 9.0.x

---
 doc/arm/Bv9ARM-book.xml | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index 2f9b6343b7..50b6a06387 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -2,7 +2,7 @@
 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
                "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd">
 
-<!-- File: $Id: Bv9ARM-book.xml,v 1.27 2000/11/06 19:45:52 bwelling Exp $ -->
+<!-- File: $Id: Bv9ARM-book.xml,v 1.28 2000/11/06 19:52:45 bwelling Exp $ -->
 
 <book>
 
@@ -1224,11 +1224,14 @@ allow-update { key host1-host2. ;};
     of DNSSEC signed zones.</para>
 
     <para>In order to set up a DNSSEC secure zone, there are a series
-    of steps which must be followed.  <acronym>BIND</acronym> 9 ships with several tools
+    of steps which must be followed.  <acronym>BIND</acronym> 9 ships
+    with several tools
     that are used in this process, which are explained in more detail
     below.  In all cases, the "<option>-h</option>" option prints a
     full list of parameters.  Note that the DNSSEC tools require the
-    keyset and signedkey files to be in the working directory.</para>
+    keyset and signedkey files to be in the working directory, and
+    that the tools shipped with BIND 9.0.x are not fully compatible
+    with the current ones.</para>
 
     <para>There must also be communication with the administrators of
     the parent and/or child zone to transmit keys and signatures.  A
@@ -1302,10 +1305,10 @@ allow-update { key host1-host2. ;};
       3600 and a signature validity period of 10 days starting from
       now.</para>
 
-<para><userinput>dnssec-makekeyset -t 3600 -e +86400 Kchild.example.+003+12345 Kchild.example.+003+23456</userinput></para>
+<para><userinput>dnssec-makekeyset -t 3600 -e +864000 Kchild.example.+003+12345 Kchild.example.+003+23456</userinput></para>
 
       <para>One output file is produced:
-      <filename>child.example.keyset</filename>.  This file should be
+      <filename>keyset-child.example.</filename>.  This file should be
       transmitted to the parent to be signed.  It includes the keys,
       as well as signatures over the key set generated by the zone
       keys themselves, which are used to prove ownership of the
@@ -1328,10 +1331,10 @@ allow-update { key host1-host2. ;};
       <para>The following command signs the child's key set with the
       zone keys:</para>
 
-<para><userinput>dnssec-signkey grand.child.example.keyset Kchild.example.+003+12345 Kchild.example.+003+23456</userinput></para>
+<para><userinput>dnssec-signkey keyset-grand.child.example. Kchild.example.+003+12345 Kchild.example.+003+23456</userinput></para>
 
       <para>One output file is produced:
-      <filename>grand.child.example.signedkey</filename>.  This file
+      <filename>signedkey-grand.child.example.</filename>.  This file
       should be both transmitted back to the child and retained.  It
       includes all keys (the child's keys) from the keyset file and
       signatures generated by this zone's zone keys.</para>