conf/dnssec: renamed child-records-publish option

2 files changed, 5 insertions, 7 deletions

diff --git a/doc/operation.rst b/doc/operation.rst
index 0519e49dc..06c9a9a99 100644
--- a/doc/operation.rst
+++ b/doc/operation.rst
@@ -502,7 +502,7 @@ publishing a special formatted CDNSKEY and CDS record. This is mostly useful
 if we want to turn off DNSSEC on our zone so it becomes insecure, but not bogus.
 
 With automatic DNSSEC signing and key management by Knot, this is as easy as
-configuring :ref:`policy_child-records-publish` option and reloading the configuration.
+configuring :ref:`policy_cds-cdnskey-publish` option and reloading the configuration.
 We check if the special CDNSKEY and CDS records with the rdata "0 3 0 AA==" and "0 0 0 00",
 respectively, appeared in the zone.
 
diff --git a/doc/reference.rst b/doc/reference.rst
index f55e1d17c..3e8199cb1 100644
--- a/doc/reference.rst
+++ b/doc/reference.rst
@@ -855,10 +855,10 @@ KSK submittion checks.
 
 *Default:* not set
 
-.. _policy_child-records-publish:
+.. _policy_cds-cdnskey-publish:
 
-child-records-publish
----------------------
+cds-cdnskey-publish
+-------------------
 
 Controls if and how shall the CDS and CDNSKEY be published in the zone.
 
@@ -868,9 +868,7 @@ Controls if and how shall the CDS and CDNSKEY be published in the zone.
 Possible values:
 
 - ``none`` - never publish any CDS or CDNSKEY records in the zone
-- ``empty`` - publish special CDS and CDNSKEY records indicating turning off DNSSEC
-- ``rollover`` - publish CDS and CDNSKEY records only for the period of KSK submission
-  (newly generated KSK either initial or during rollover)
+- ``delete-dnssec`` - publish special CDS and CDNSKEY records indicating turning off DNSSEC
 - ``always`` - always publish CDS and CDNSKEY records for the current KSK
 
 *Default:* always