fix: doc: Clarify dnssec-signzone interval option

There was confusion about whether the interval was calculated from the validity period provided on the command line (with -s and -e), or from the signature being replaced. Add text to clarify that the interval is calculated from the new validity period. Closes #5128 Merge branch '5128-clarify-dnssec-signzone-interval' into 'main' See merge request isc-projects/bind9!9955
2025-01-23 11:12:33 +00:00
parent 8efb4e2f26 ae42fa69fa
commit 417a0e331f
1 changed files with 5 additions and 0 deletions
--- a/bin/dnssec/dnssec-signzone.rst
+++ b/bin/dnssec/dnssec-signzone.rst
@@ -174,6 +174,11 @@ Options
   days. Therefore, if any existing RRSIG records are due to expire in
   less than 7.5 days, they are replaced.

+   Note that the calculation of cycle interval is based upon the validity
+   period of the replacement signatures that would be generated by
+   ``dnssec-signzone``, not on the valid lifetimes of the input RRSIGs being
+   considered for pre-expiry replacement.
+
 .. option:: -I input-format

   This option sets the format of the input zone file. Possible formats are