upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-11 04:20:00 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Nit changes in introduction of DNSSEC chapter

Browse source 
DNSSEC-bis is an uncommon term. Other servers are typically resolvers
and they usually are configured with the root key.

(cherry picked from commit fb24454c58)
This commit is contained in:
Matthijs Mekking 2022-05-11 09:39:44 +02:00
parent a8502a0ad9
commit e0c12a4bd5
1 changed files with 5 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
doc/arm/dnssec.inc.rst
View file

@ -15,7 +15,7 @@ DNSSEC
------
Cryptographic authentication of DNS information is possible through the
DNS Security ("DNSSEC-bis") extensions, defined in :rfc:`4033`, :rfc:`4034`,
DNS Security Extensions (DNSSEC), defined in :rfc:`4033`, :rfc:`4034`,
and :rfc:`4035`. This section describes the creation and use of DNSSEC
signed zones.
@ -32,9 +32,10 @@ indicated by the parent zone for a DNSSEC-capable resolver to trust its
data. This is done through the presence or absence of a ``DS`` record at
the delegation point.
For other servers to trust data in this zone, they must be
statically configured with either this zone's zone key or the zone key of
another zone above this one in the DNS tree.
For resolvers to trust data in this zone, they must be configured with a trust
anchor. Typically this is the public key of the DNS root zone, although you
can also configure a trust anchor that is the public key of this zone or
another zone above this on in the DNS tree.
.. _generating_dnssec_keys: