ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

Nit changes in introduction of DNSSEC chapter

Browse Source 
DNSSEC-bis is an uncommon term. Other servers are typically resolvers
and they usually are configured with the root key.
This commit is contained in:
Matthijs Mekking
2022-05-11 09:39:44 +02:00
parent f82923a395
commit fb24454c58
1 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
doc/arm/dnssec.inc.rst
View File

@@ -15,7 +15,7 @@ DNSSEC
------
Cryptographic authentication of DNS information is possible through the
DNS Security ("DNSSEC-bis") extensions, defined in :rfc:`4033`, :rfc:`4034`,
DNS Security Extensions (DNSSEC), defined in :rfc:`4033`, :rfc:`4034`,
and :rfc:`4035`. This section describes the creation and use of DNSSEC
signed zones.
@@ -32,9 +32,10 @@ indicated by the parent zone for a DNSSEC-capable resolver to trust its
data. This is done through the presence or absence of a ``DS`` record at
the delegation point.
For other servers to trust data in this zone, they must be
statically configured with either this zone's zone key or the zone key of
another zone above this one in the DNS tree.
For resolvers to trust data in this zone, they must be configured with a trust
anchor. Typically this is the public key of the DNS root zone, although you
can also configure a trust anchor that is the public key of this zone or
another zone above this on in the DNS tree.
.. _generating_dnssec_keys: