Commit f503b0d2 authored by Libor Peltan's avatar Libor Peltan Committed by Daniel Salzman

conf/dnssec: renamed child-records-publish option

parent 411f1ca4
......@@ -738,7 +738,7 @@ A reference to \fI\%submission\fP section holding parameters of
KSK submittion checks.
.sp
\fIDefault:\fP not set
.SS child\-records\-publish
.SS cds\-cdnskey\-publish
.sp
Controls if and how shall the CDS and CDNSKEY be published in the zone.
.sp
......@@ -754,10 +754,7 @@ Possible values:
.IP \(bu 2
\fBnone\fP \- never publish any CDS or CDNSKEY records in the zone
.IP \(bu 2
\fBempty\fP \- publish special CDS and CDNSKEY records indicating turning off DNSSEC
.IP \(bu 2
\fBrollover\fP \- publish CDS and CDNSKEY records only for the period of KSK submission
(newly generated KSK either initial or during rollover)
\fBdelete\-dnssec\fP \- publish special CDS and CDNSKEY records indicating turning off DNSSEC
.IP \(bu 2
\fBalways\fP \- always publish CDS and CDNSKEY records for the current KSK
.UNINDENT
......
......@@ -502,7 +502,7 @@ publishing a special formatted CDNSKEY and CDS record. This is mostly useful
if we want to turn off DNSSEC on our zone so it becomes insecure, but not bogus.
With automatic DNSSEC signing and key management by Knot, this is as easy as
configuring :ref:`policy_child-records-publish` option and reloading the configuration.
configuring :ref:`policy_cds-cdnskey-publish` option and reloading the configuration.
We check if the special CDNSKEY and CDS records with the rdata "0 3 0 AA==" and "0 0 0 00",
respectively, appeared in the zone.
......
......@@ -855,10 +855,10 @@ KSK submittion checks.
*Default:* not set
.. _policy_child-records-publish:
.. _policy_cds-cdnskey-publish:
child-records-publish
---------------------
cds-cdnskey-publish
-------------------
Controls if and how shall the CDS and CDNSKEY be published in the zone.
......@@ -868,9 +868,7 @@ Controls if and how shall the CDS and CDNSKEY be published in the zone.
Possible values:
- ``none`` - never publish any CDS or CDNSKEY records in the zone
- ``empty`` - publish special CDS and CDNSKEY records indicating turning off DNSSEC
- ``rollover`` - publish CDS and CDNSKEY records only for the period of KSK submission
(newly generated KSK either initial or during rollover)
- ``delete-dnssec`` - publish special CDS and CDNSKEY records indicating turning off DNSSEC
- ``always`` - always publish CDS and CDNSKEY records for the current KSK
*Default:* always
......
......@@ -74,7 +74,7 @@ static const knot_lookup_t dnssec_key_algs[] = {
const knot_lookup_t child_record[] = {
{ CHILD_RECORDS_NONE, "none" },
{ CHILD_RECORDS_EMPTY, "empty" },
{ CHILD_RECORDS_EMPTY, "delete-dnssec" },
{ CHILD_RECORDS_ROLLOVER, "rollover" },
{ CHILD_RECORDS_ALWAYS, "always" },
{ 0, NULL }
......
......@@ -37,7 +37,7 @@
#define C_ASYNC_START "\x0B""async-start"
#define C_BACKEND "\x07""backend"
#define C_BG_WORKERS "\x12""background-workers"
#define C_CHILD_RECORDS "\x15""child-records-publish"
#define C_CHILD_RECORDS "\x13""cds-cdnskey-publish"
#define C_CHK_INTERVAL "\x0E""check-interval"
#define C_COMMENT "\x07""comment"
#define C_CONFIG "\x06""config"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment