fix: doc: Restore text about sig validity and SOA expire

When `sig-validity-interval` was obsoleted, the text that the signature validity interval should be multiples of the SOA expire interval was removed. Restore this text to the description of the `signatures-validity` option. Closes #4951 Merge branch '4951-document-signatures-validity-soa-expire' into 'main' See merge request isc-projects/bind9!9566
2024-10-01 06:32:48 +00:00
parent 3304e1dc76 8aa94931c3
commit 516b098220
2 changed files with 5 additions and 1 deletions
--- a/doc/arm/config-intro.inc.rst
+++ b/doc/arm/config-intro.inc.rst
@@ -104,7 +104,7 @@ features where appropriate.  Zone files consist of :ref:`Resource Records (RR)
                                        2003080800 ; serial number
                                        12h        ; refresh
                                        15m        ; update retry
-                                        3w         ; expiry
+                                        4d         ; expiry
                                        2h         ; minimum
                                        )
        ; name server RR for the domain
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@@ -6458,6 +6458,10 @@ keys
    This indicates the validity period of an RRSIG record (subject to
    inception offset and jitter). The default is ``P2W`` (2 weeks).

+    The :any:`signatures-validity` should be at least several multiples
+    of the SOA expire interval, to allow for reasonable interaction between
+    the various timer and expiry dates.
+
 .. namedconf:statement:: signatures-validity-dnskey
   :tags: dnssec
   :short: Indicates the validity period of DNSKEY records.