From dfe196844c7b9aa3bd401a3a79faf33ddc4d6c38 Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Fri, 13 May 2022 19:42:29 -0700 Subject: [PATCH] specify time format in the documentation for 'rdnc dnssec -checkds' also clarified the writing in the surrounding paragraph. (cherry picked from commit 83f9466d61b53384757170d38096d6bf55a1f73b) --- bin/rndc/rndc.rst | 18 ++++++++++-------- doc/man/rndc.8in | 18 ++++++++++-------- 2 files changed, 20 insertions(+), 16 deletions(-) diff --git a/bin/rndc/rndc.rst b/bin/rndc/rndc.rst index dae85d7b79..19c9d0346e 100644 --- a/bin/rndc/rndc.rst +++ b/bin/rndc/rndc.rst @@ -176,14 +176,16 @@ Currently supported commands are: ``rndc dnssec -rollover`` allows you to schedule key rollover for a specific key (overriding the original key lifetime). - ``rndc dnssec -checkds`` will let :iscman:`named` know that the DS for the given - key has been seen published into or withdrawn from the parent. This is - required in order to complete a KSK rollover. If the ``-key id`` argument - is specified, look for the key with the given identifier, otherwise if there - is only one key acting as a KSK in the zone, assume the DS of that key (if - there are multiple keys with the same tag, use ``-alg algorithm`` to - select the correct algorithm). The time that the DS has been published or - withdrawn is set to now, unless otherwise specified with the argument ``-when time``. + ``rndc dnssec -checkds`` informs :iscman:`named` that the DS for + a specified zone's key-signing key has been confirmed to be published + in, or withdrawn from, the parent zone. This is required in order to + complete a KSK rollover. The ``-key id`` and ``-alg algorithm`` arguments + can be used to specify a particular KSK, if necessary; if there is only + one key acting as a KSK for the zone, these arguments can be omitted. + The time of publication or withdrawal for the DS is set to the current + time by default, but can be overridden to a specific time with the + argument ``-when time``, where ``time`` is expressed in YYYYMMDDHHMMSS + notation. .. option:: dnstap (-reopen | -roll [number]) diff --git a/doc/man/rndc.8in b/doc/man/rndc.8in index 0168fb75b2..5a810ed3ee 100644 --- a/doc/man/rndc.8in +++ b/doc/man/rndc.8in @@ -194,14 +194,16 @@ zone. \fBrndc dnssec \-rollover\fP allows you to schedule key rollover for a specific key (overriding the original key lifetime). .sp -\fBrndc dnssec \-checkds\fP will let \fI\%named\fP know that the DS for the given -key has been seen published into or withdrawn from the parent. This is -required in order to complete a KSK rollover. If the \fB\-key id\fP argument -is specified, look for the key with the given identifier, otherwise if there -is only one key acting as a KSK in the zone, assume the DS of that key (if -there are multiple keys with the same tag, use \fB\-alg algorithm\fP to -select the correct algorithm). The time that the DS has been published or -withdrawn is set to now, unless otherwise specified with the argument \fB\-when time\fP\&. +\fBrndc dnssec \-checkds\fP informs \fI\%named\fP that the DS for +a specified zone\(aqs key\-signing key has been confirmed to be published +in, or withdrawn from, the parent zone. This is required in order to +complete a KSK rollover. The \fB\-key id\fP and \fB\-alg algorithm\fP arguments +can be used to specify a particular KSK, if necessary; if there is only +one key acting as a KSK for the zone, these arguments can be omitted. +The time of publication or withdrawal for the DS is set to the current +time by default, but can be overridden to a specific time with the +argument \fB\-when time\fP, where \fBtime\fP is expressed in YYYYMMDDHHMMSS +notation. .UNINDENT .INDENT 0.0 .TP