Commit ed5f0c4d authored by Libor Peltan's avatar Libor Peltan Committed by Daniel Salzman
Browse files

doc/sharedKSK: discourage changing policy ID

parent 33b2de00
......@@ -1153,6 +1153,13 @@ A length of newly generated ZSK keys.
.sp
If enabled, all zones with this policy assigned will share one KSK.
.sp
\fBWARNING:\fP
.INDENT 0.0
.INDENT 3.5
It is discouraged to modify policy \fI\%id\fP when shared KSK is enabled.
.UNINDENT
.UNINDENT
.sp
\fIDefault:\fP off
.SS dnskey\-ttl
.sp
......
......@@ -695,6 +695,10 @@ but the resulting new KSK will be shared again among all of them.
If we have zones which already have their keys, turning on the shared KSK feature triggers no action.
But when a KSK rollover takes place, they will use the same new key afterwards.
.. WARNING::
It is discouraged to modify policy :ref:`id<policy_id>` when :ref:`shared KSK<policy_ksk-shared>`
is enabled.
.. _DNSSEC Delete algorithm:
DNSSEC delete algorithm
......
......@@ -1271,6 +1271,9 @@ ksk-shared
If enabled, all zones with this policy assigned will share one KSK.
.. WARNING::
It is discouraged to modify policy :ref:`id<policy_id>` when shared KSK is enabled.
*Default:* off
.. _policy_dnskey-ttl:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment