diff options
| author | Daniel Salzman <daniel.salzman@nic.cz> | 2023-12-20 13:46:25 +0100 |
|---|---|---|
| committer | Daniel Salzman <daniel.salzman@nic.cz> | 2023-12-21 11:59:30 +0100 |
| commit | b263028c712fb012050e97977530957e1ffc7306 (patch) | |
| tree | 36ceee8d95e5eeb0b3e78ace4345971663b4a357 /doc | |
| parent | dnssec/validation: consider end of RRSIG validitiy... (diff) | |
| download | knot-b263028c712fb012050e97977530957e1ffc7306.tar.xz knot-b263028c712fb012050e97977530957e1ffc7306.zip | |
dnssec/validation: emit dnssec-invalid signal along with RRSIG expiration warning
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/man/knot.conf.5in | 5 | ||||
| -rw-r--r-- | doc/reference.rst | 7 |
2 files changed, 7 insertions, 5 deletions
diff --git a/doc/man/knot.conf.5in b/doc/man/knot.conf.5in index 607e6cc73..661b29ec7 100644 --- a/doc/man/knot.conf.5in +++ b/doc/man/knot.conf.5in @@ -557,14 +557,15 @@ catalog zones and their members) are loaded or successfully bootstrapped. the signal parameters are \fIzone name\fP and \fIzone SOA serial\fP\&. .IP \(bu 2 \fBkeys\-updated\fP \- The signal \fBkeys_updated\fP is emitted when a DNSSEC key set -of this zone is updated. +is updated; the signal parameter is \fIzone name\fP\&. .IP \(bu 2 \fBksk\-submission\fP – The signal \fBzone_ksk_submission\fP is emitted if there is a ready KSK present when the zone is signed; the signal parameters are \fIzone name\fP, \fIKSK keytag\fP, and \fIKSK KASP id\fP\&. .IP \(bu 2 \fBdnssec\-invalid\fP – The signal \fBzone_dnssec_invalid\fP is emitted when DNSSEC -validation fails; the signal parameter is \fIzone name\fP\&. +validation fails; the signal parameters are \fIzone name\fP, and \fIremaining seconds\fP +until an RRSIG expires. .UNINDENT .sp \fBNOTE:\fP diff --git a/doc/reference.rst b/doc/reference.rst index 53bdae28a..a0100f93a 100644 --- a/doc/reference.rst +++ b/doc/reference.rst @@ -607,13 +607,14 @@ Possible values: - ``stopped`` when the server shutdown sequence is initiated. - ``zone-updated`` – The signal ``zone_updated`` is emitted when a zone has been updated; the signal parameters are `zone name` and `zone SOA serial`. -- ``keys-updated`` - The signal ``keys_updated`` is emitted when a DNSSEC key set - of this zone is updated. +- ``keys-updated`` - The signal ``keys_updated`` is emitted when a DNSSEC key set + is updated; the signal parameter is `zone name`. - ``ksk-submission`` – The signal ``zone_ksk_submission`` is emitted if there is a ready KSK present when the zone is signed; the signal parameters are `zone name`, `KSK keytag`, and `KSK KASP id`. - ``dnssec-invalid`` – The signal ``zone_dnssec_invalid`` is emitted when DNSSEC - validation fails; the signal parameter is `zone name`. + validation fails; the signal parameters are `zone name`, and `remaining seconds` + until an RRSIG expires. .. NOTE:: This function requires systemd version at least 221. |