Commit 1c55d4b0 authored by Jan Včelák's avatar Jan Včelák 🚀

docs: clarify timing intervals used in DNSSEC

parent c1353efc
......@@ -464,11 +464,11 @@ DNSKEY TTL
has no default value.
ZSK lifetime
Interval after which the ZSK rollover will be initiated. The default value
is 30 days.
Period between ZSK publication and the next rollover initiation. The default
value is 30 days.
RRSIG lifetime
Lifetime of newly issued signatures. The default value is 14 days.
Validity period of newly issued signatures. The default value is 14 days.
RRSIG refresh
Specifies how long before a signature expiration the signature will be
......
......@@ -191,19 +191,19 @@ TTL value for DNSKEY records.
\fBNote\fP, the value is temporarily overridden by the SOA TTL.
.TP
\fBksk\-size\fP \fIbits\fP
Set size of the KSK in bits.
Size of the KSK.
.TP
\fBzsk\-size\fP \fIbits\fP
Set size of the ZSK in bits.
Size of the ZSK.
.TP
\fBzsk\-lifetime\fP \fIseconds\fP
Interval after which the ZSK rollover will be initiated.
Period between ZSK publication and the next rollover initiation.
.TP
\fBrrsig\-lifetime\fP \fIseconds\fP
Lifetime of issued RRSIGs.
Validity period of issued signatures.
.TP
\fBrrsig\-refresh\fP \fIseconds\fP
How long before RRSIG expiration it will be refreshed.
Period before signature expiration when the signature will be refreshed.
.TP
\fBnsec3\fP \fIenable\fP
Specifies if NSEC3 will be used instead of NSEC.
......
......@@ -158,19 +158,19 @@ Available *policy-parameter*\ s:
**Note**, the value is temporarily overridden by the SOA TTL.
**ksk-size** *bits*
Set size of the KSK in bits.
Size of the KSK.
**zsk-size** *bits*
Set size of the ZSK in bits.
Size of the ZSK.
**zsk-lifetime** *seconds*
Interval after which the ZSK rollover will be initiated.
Period between ZSK publication and the next rollover initiation.
**rrsig-lifetime** *seconds*
Lifetime of issued RRSIGs.
Validity period of issued signatures.
**rrsig-refresh** *seconds*
How long before RRSIG expiration it will be refreshed.
Period before signature expiration when the signature will be refreshed.
**nsec3** *enable*
Specifies if NSEC3 will be used instead of NSEC.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment