upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-14 10:40:00 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

[v9_10] document default DNSKEY TTL

Browse source 
- see RT #38268
This commit is contained in:
Evan Hunt 2015-01-13 09:55:21 -08:00
parent 351181c89d
commit fa2cf1a85e
3 changed files with 15 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
bin/dnssec/dnssec-keygen.docbook
View file

@ -306,8 +306,10 @@
into a DNSKEY RR. If the key is imported into a zone,
this is the TTL that will be used for it, unless there was
already a DNSKEY RRset in place, in which case the existing TTL
would take precedence. Setting the default TTL to
<literal>0</literal> or <literal>none</literal> removes it.
would take precedence. If this value is not set and there
is no existing DNSKEY RRset, the TTL will default to the
SOA TTL. Setting the default TTL to <literal>0</literal>
or <literal>none</literal> is the same as leaving it unset.
</para>
</listitem>
</varlistentry>

6
bin/dnssec/dnssec-settime.docbook
View file

@ -126,8 +126,10 @@
into a DNSKEY RR. If the key is imported into a zone,
this is the TTL that will be used for it, unless there was
already a DNSKEY RRset in place, in which case the existing TTL
would take precedence. Setting the default TTL to
<literal>0</literal> or <literal>none</literal> removes it.
would take precedence. If this value is not set and there
is no existing DNSKEY RRset, the TTL will default to the
SOA TTL. Setting the default TTL to <literal>0</literal>
or <literal>none</literal> removes it from the key.
</para>
</listitem>
</varlistentry>

9
doc/arm/dnssec.xml
View file

@ -15,8 +15,6 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec.xml,v 1.7 2011/10/13 23:47:10 tbox Exp $ -->
<sect1 id="dnssec.dynamic.zones">
<title>DNSSEC, Dynamic Zones, and Automatic Signing</title>
<para>As of BIND 9.7.0 it is possible to change a dynamic zone
@ -127,6 +125,13 @@
key changes, however.)
</para>
<para>
When new keys are added to a zone, the TTL is set to match that
of any existing DNSKEY RRset. If there is no existing DNSKEY RRset,
then the TTL will be set to the TTL specified when the key was
created (using the <command>dnssec-keygen -L</command> option), if
any, or to the SOA TTL.
</para>
<para>
If you wish the zone to be signed using NSEC3 instead of NSEC,
submit an NSEC3PARAM record via dynamic update prior to the
scheduled publication and activation of the keys. If you wish the