ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

Clarify how to print default dnssec-policy

Browse Source 
Reading the source tree is unnecessarily complicated, we now have
command line option to print defaults.

(cherry picked from commit 1e1334a322)
This commit is contained in:
Petr Špaček
2024-06-07 09:45:48 +02:00
parent 067f87f158
commit 90af20349e
1 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
doc/arm/reference.rst
View File

@@ -6388,10 +6388,9 @@ propagating DS updates.
.. _dnssec_policy_default:
Policy ``default`` causes the zone to be signed with a single combined-signing
key (CSK) using algorithm ECDSAP256SHA256; this key has an unlimited
lifetime. (A verbose copy of this policy may be found in the source
tree, in the file ``doc/misc/dnssec-policy.default.conf``.)
The policy ``default`` causes the zone to be signed with a single combined-signing
key (CSK) using the algorithm ECDSAP256SHA256; this key has an unlimited
lifetime. This policy can be displayed using the command :option:`named -C`.
.. note:: The default signing policy may change in future releases.
This could require changes to a signing policy when upgrading to a