upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Clarify dnssec-signzone interval option

Browse source 
There was confusion about whether the interval was calculated from
the validity period provided on the command line (with -s and -e),
or from the signature being replaced.

Add text to clarify that the interval is calculated from the new
validity period.

(cherry picked from commit ae42fa69fa)
This commit is contained in:
Matthijs Mekking 2025-01-15 13:47:48 +01:00
parent 1333dac316
commit e36f4b66a3
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
bin/dnssec/dnssec-signzone.rst
View file

@ -183,6 +183,11 @@ Options
days. Therefore, if any existing RRSIG records are due to expire in
less than 7.5 days, they are replaced.
Note that the calculation of cycle interval is based upon the validity
period of the replacement signatures that would be generated by
``dnssec-signzone``, not on the valid lifetimes of the input RRSIGs being
considered for pre-expiry replacement.
.. option:: -I input-format
This option sets the format of the input zone file. Possible formats are