upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

[9.20] chg: nil: Add dnssec-policy text for dnssec-importkey

Browse source 
:program:`dnssec-importkey` should not be used to import DNSKEY records from other providers (for example when setting up multi-signer). Clarify this in the manpage.

Backport of MR !11064

Merge branch 'backport-matthijs-clarify-import-key-dnssec-policy-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!11078
This commit is contained in:
Matthijs Mekking 2025-10-11 08:32:14 +00:00
commit f9cbd3484e
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
bin/dnssec/dnssec-importkey.rst
View file

@ -40,6 +40,11 @@ possible to set publication (:option:`-P`) and deletion (:option:`-D`) times for
key, which means the public key can be added to and removed from the
DNSKEY RRset on schedule even if the true private key is stored offline.
When using ``dnssec-policy``, do not use :program:`dnssec-importkey` to
import key files that cannot be used for signing. In this case, simply publish the
imported DNSKEY record in the zone, and make sure that the files are outside
the configured ``key-directory``.
Options
~~~~~~~