Merging upstream version 3.3.5.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

7 files changed, 161 insertions, 111 deletions

diff --git a/doc/configuration.rst b/doc/configuration.rst
index 193bd78..55457eb 100644
--- a/doc/configuration.rst
+++ b/doc/configuration.rst
@@ -481,6 +481,11 @@ convenience delay the submission is started. The server publishes CDS and CDNSKE
 and the user shall propagate them to the parent. The server periodically checks for
 DS at the parent zone and when positive, finishes the rollover.
 
+.. NOTE::
+   As the key timestamp semantics differ between the automatic and manual key
+   management, all key timestamps set in the future, either manually or during
+   a key import, are ignorred (cleared).
+
 .. _dnssec-manual-key-management:
 
 Manual key management
@@ -528,22 +533,6 @@ parent zone to include a reference to the new key. This must happen within one
 day (in this case) including a delay required to propagate the new DS to
 caches.
 
-.. WARNING::
-   If you ever decide to switch from manual key management to automatic key management,
-   note that the automatic key management uses
-   :ref:`policy_zsk-lifetime` and :ref:`policy_ksk-lifetime` policy configuration
-   options to schedule key rollovers and it internally uses timestamps of keys differently
-   than in the manual case. As a consequence it might break if the ``retire`` or ``remove`` timestamps
-   are set for the manually generated keys currently in use. Make sure to set these timestamps
-   to zero using :doc:`keymgr<man_keymgr>`:
-
-   .. code-block:: console
-
-       $ keymgr myzone.test. set <key_id> retire=0 remove=0
-
-   and configure your policy suitably according to :ref:`dnssec-automatic-zsk-management`
-   and :ref:`dnssec-automatic-ksk-management`.
-
 .. _dnssec-signing:
 
 Zone signing
@@ -570,6 +559,7 @@ The signing is initiated on the following occasions:
 - Zone reload
 - Reaching the signature refresh period
 - Key set changed due to rollover event
+- NSEC3 salt is changed
 - Received DDNS update
 - Forced zone re-sign via server control interface
 
diff --git a/doc/man/knot.conf.5in b/doc/man/knot.conf.5in
index 72f0a4a..a951b7c 100644
--- a/doc/man/knot.conf.5in
+++ b/doc/man/knot.conf.5in
@@ -67,9 +67,10 @@ the following symbols:
 .UNINDENT
 .sp
 The configuration consists of several fixed sections and optional module
-sections. There are 16 fixed sections (\fBmodule\fP, \fBserver\fP, \fBxdp\fP, \fBcontrol\fP,
+sections. There are 17 fixed sections (\fBmodule\fP, \fBserver\fP, \fBxdp\fP, \fBcontrol\fP,
 \fBlog\fP, \fBstatistics\fP, \fBdatabase\fP, \fBkeystore\fP, \fBkey\fP, \fBremote\fP,
-\fBremotes\fP, \fBacl\fP, \fBsubmission\fP, \fBpolicy\fP, \fBtemplate\fP, \fBzone\fP).
+\fBremotes\fP, \fBacl\fP, \fBsubmission\fP, \fBdnskey\-sync\fP, \fBpolicy\fP, \fBtemplate\fP,
+\fBzone\fP).
 Module sections are prefixed with the \fBmod\-\fP prefix (e.g. \fBmod\-stats\fP).
 .sp
 Most of the sections (e.g. \fBzone\fP) are sequences of settings blocks. Each
@@ -964,7 +965,7 @@ Minimum severity level for messages related to QUIC to be logged.
 Minimum severity level for all message types, except \fBquic\fP, to be logged.
 .sp
 \fIDefault:\fP not set
-.SH STATS SECTION
+.SH STATISTICS SECTION
 .sp
 Periodic server statistics dumping.
 .INDENT 0.0
@@ -1871,7 +1872,8 @@ More exactly, this period is measured since a ZSK is activated,
 and after this, a new ZSK is generated to replace it within
 following roll\-over.
 .sp
-ZSK key lifetime is also influenced by propagation\-delay and dnskey\-ttl
+As a consequence, in normal operation, this results in the period
+of ZSK generation being \fIzsk\-lifetime + propagation\-delay + dnskey_ttl\fP\&.
 .sp
 Zero (aka infinity) value causes no ZSK rollover as a result.
 .UNINDENT
@@ -2032,6 +2034,14 @@ Module \fI\%Onlinesign\fP doesn\(aqt support DS push.
 .UNINDENT
 .UNINDENT
 .sp
+\fBNOTE:\fP
+.INDENT 0.0
+.INDENT 3.5
+When turning this feature on while a KSK roll\-over is already running, it might
+not take effect for the already\-running roll\-over.
+.UNINDENT
+.UNINDENT
+.sp
 \fIDefault:\fP not set
 .SS dnskey\-sync
 .sp
@@ -2567,6 +2577,8 @@ List of DNSSEC checks:
 .IP \(bu 2
 Every zone RRSet is correctly signed by at least one present DNSKEY.
 .IP \(bu 2
+For every RRSIG there are at most 3 non\-matching DNSKEYs with the same keytag.
+.IP \(bu 2
 DNSKEY RRSet is signed by KSK.
 .IP \(bu 2
 NSEC(3) RR exists for each name (unless opt\-out) with correct bitmap.
diff --git a/doc/man/kzonecheck.1in b/doc/man/kzonecheck.1in
index 380c41f..a73b66e 100644
--- a/doc/man/kzonecheck.1in
+++ b/doc/man/kzonecheck.1in
@@ -59,6 +59,9 @@ Zone origin. If not specified, the origin is determined from the file name
 Also check DNSSEC\-related records. The default is to decide based on the
 existence of a RRSIG for SOA.
 .TP
+\fB\-z\fP, \fB\-\-zonemd\fP
+Also check the zone hash against a ZONEMD record, which is required to exist.
+.TP
 \fB\-t\fP, \fB\-\-time\fP \fItime\fP
 Current time specification. Use UNIX timestamp, YYYYMMDDHHmmSS
 format, or [+/\-]\fItime\fP[unit] format, where unit can be \fBY\fP, \fBM\fP,
diff --git a/doc/man_kzonecheck.rst b/doc/man_kzonecheck.rst
index 4a815a4..3a10863 100644
--- a/doc/man_kzonecheck.rst
+++ b/doc/man_kzonecheck.rst
@@ -36,6 +36,9 @@ Options
   Also check DNSSEC-related records. The default is to decide based on the
   existence of a RRSIG for SOA.
 
+**-z**, **--zonemd**
+  Also check the zone hash against a ZONEMD record, which is required to exist.
+
 **-t**, **--time** *time*
   Current time specification. Use UNIX timestamp, YYYYMMDDHHmmSS
   format, or [+/-]\ *time*\ [unit] format, where unit can be **Y**, **M**,
diff --git a/doc/operation.rst b/doc/operation.rst
index f953719..43e13ff 100644
--- a/doc/operation.rst
+++ b/doc/operation.rst
@@ -35,6 +35,13 @@ or to the corresponding manual page.
 Also, the server needs to create :ref:`server_rundir` and :ref:`zone_storage`
 directories in order to run properly.
 
+.. NOTE::
+
+   Avoid editing of or other manipulation with configuration file during start
+   or reload of :doc:`knotd<man_knotd>` or start of :doc:`knotc<man_knotc>`
+   and other :doc:`utilities<utilities>` which use it. There is a risk of
+   malfunction or a :ref:`crash<Bus error>` otherwise.
+
 .. _Configuration database:
 
 Configuration database
@@ -199,10 +206,10 @@ Knot DNS allows you to read or change zone contents online using the server
 control interface.
 
 .. WARNING::
-   Avoid concurrent zone access when a zone event (zone file load, refresh,
-   DNSSEC signing, dynamic update) is in progress or pending. In such a case
-   zone events must be frozen before. For more information on how to freeze the
-   zone read :ref:`Editing zone file`.
+   Avoid concurrent zone access from a third party software when a zone event
+   (zone file load, refresh, DNSSEC signing, dynamic update) is in progress or
+   pending. In such a case, zone events must be frozen before. For more
+   information on how to freeze the zone read :ref:`Editing zone file`.
 
 To get contents of all configured zones, or a specific zone contents, or zone
 records with a specific owner, or even with a specific record type::
@@ -270,9 +277,9 @@ Reading and editing the zone file safely
 ========================================
 
 It's always possible to read and edit zone contents via zone file manipulation.
-It may lead to confusion, however, if the zone contents are continuously being
-changed by DDNS, DNSSEC signing and the like. In such a case, the safe way to
-modify the zone file is to freeze zone events first::
+It may lead to confusion or even a :ref:`program crash<Bus error>`, however, if
+the zone contents are continuously being changed by DDNS, DNSSEC signing and the like.
+In such a case, the safe way to modify the zone file is to freeze zone events first::
 
     $ knotc -b zone-freeze example.com.
     $ knotc -b zone-flush example.com.
@@ -419,6 +426,9 @@ only stored in the journal.
    current SOA serial in the zone (not in the zone file) if manually updated!
    This is important to ensure consistency of the journal and outgoing IXFR.
 
+.. NOTE::
+   This mode is not suitable if the zone can be modified externally (e.g. DDNS, knotc).
+
 Example 4
 ---------
 
@@ -436,6 +446,9 @@ the information about the last real SOA serial is preserved in case of server re
 The sizing of journal limits needs to be taken into consideration
 (see :ref:`Journal behaviour`).
 
+.. NOTE::
+   This mode is not suitable if the zone can be modified externally (e.g. DDNS, knotc).
+
 .. _Zone bootstrap:
 
 Zone bootstrapping on secondary
@@ -583,8 +596,8 @@ Automatic KSK and ZSK rollovers example
 
 Let's start with the following set of keys::
 
-  2021-05-10T20:50:00+0200 info: [example.com.] DNSSEC, key, tag 50613, algorithm ECDSAP256SHA256, KSK, public, active
-  2021-05-10T20:50:00+0200 info: [example.com.] DNSSEC, key, tag 62932, algorithm ECDSAP256SHA256, public, active
+  2024-02-14T15:20:00+0100 info: [example.com.] DNSSEC, key, tag 53594, algorithm ECDSAP256SHA256, KSK, public, active
+  2024-02-14T15:20:00+0100 info: [example.com.] DNSSEC, key, tag 36185, algorithm ECDSAP256SHA256, public, active
 
 The last fields hint the key state: ``public`` denotes a key that will be presented
 as the DNSKEY record, ``ready`` means that CDS/CDNSKEY records were created,
@@ -610,115 +623,121 @@ For demonstration purposes, the following configuration is used::
 Upon the zone's KSK lifetime expiration, a new KSK is generated and the rollover
 continues along the lines of :rfc:`6781#section-4.1.2`::
 
-  # KSK Rollover (50613 -> 9081)
+  # KSK Rollover (53594 -> 3375)
 
-  2021-05-10T20:50:00+0200 info: [example.com.] DNSSEC, signing zone
-  2021-05-10T20:50:00+0200 info: [example.com.] DNSSEC, KSK rollover started
-  2021-05-10T20:50:00+0200 info: [example.com.] DNSSEC, key, tag 50613, algorithm ECDSAP256SHA256, KSK, public, active
-  2021-05-10T20:50:00+0200 info: [example.com.] DNSSEC, key, tag 62932, algorithm ECDSAP256SHA256, public, active
-  2021-05-10T20:50:00+0200 info: [example.com.] DNSSEC, key, tag  9081, algorithm ECDSAP256SHA256, KSK, public, active+
-  2021-05-10T20:50:00+0200 info: [example.com.] DNSSEC, signing started
-  2021-05-10T20:50:00+0200 info: [example.com.] DNSSEC, successfully signed
-  2021-05-10T20:50:00+0200 info: [example.com.] DNSSEC, next signing at 2021-05-10T20:50:12+0200
+  2024-02-14T15:20:00+0100 info: [example.com.] DNSSEC, signing zone
+  2024-02-14T15:20:00+0100 info: [example.com.] DNSSEC, KSK rollover started
+  2024-02-14T15:20:00+0100 info: [example.com.] DNSSEC, next key action, KSK tag 3375, submit at 2024-02-14T15:20:12+0100
+  2024-02-14T15:20:00+0100 info: [example.com.] DNSSEC, key, tag 53594, algorithm ECDSAP256SHA256, KSK, public, active
+  2024-02-14T15:20:00+0100 info: [example.com.] DNSSEC, key, tag 36185, algorithm ECDSAP256SHA256, public, active
+  2024-02-14T15:20:00+0100 info: [example.com.] DNSSEC, key, tag  3375, algorithm ECDSAP256SHA256, KSK, public, active+
+  2024-02-14T15:20:00+0100 info: [example.com.] DNSSEC, signing started
+  2024-02-14T15:20:00+0100 info: [example.com.] DNSSEC, successfully signed, serial 2010111204
+  2024-02-14T15:20:00+0100 info: [example.com.] DNSSEC, next signing at 2024-02-14T15:20:12+0100
 
   ... (propagation-delay + dnskey-ttl) ...
 
-  2021-05-10T20:50:12+0200 info: [example.com.] DNSSEC, signing zone
-  2021-05-10T20:50:12+0200 notice: [example.com.] DNSSEC, KSK submission, waiting for confirmation
-  2021-05-10T20:50:12+0200 info: [example.com.] DNSSEC, key, tag 50613, algorithm ECDSAP256SHA256, KSK, public, active
-  2021-05-10T20:50:12+0200 info: [example.com.] DNSSEC, key, tag 62932, algorithm ECDSAP256SHA256, public, active
-  2021-05-10T20:50:12+0200 info: [example.com.] DNSSEC, key, tag  9081, algorithm ECDSAP256SHA256, KSK, public, ready, active+
-  2021-05-10T20:50:12+0200 info: [example.com.] DNSSEC, signing started
-  2021-05-10T20:50:12+0200 info: [example.com.] DNSSEC, successfully signed
-  2021-05-10T20:50:12+0200 info: [example.com.] DNSSEC, next signing at 2021-05-17T20:49:56+0200
+  2024-02-14T15:20:12+0100 info: [example.com.] DNSSEC, signing zone
+  2024-02-14T15:20:12+0100 notice: [example.com.] DNSSEC, KSK submission, waiting for confirmation
+  2024-02-14T15:20:12+0100 info: [example.com.] DNSSEC, key, tag 53594, algorithm ECDSAP256SHA256, KSK, public, active
+  2024-02-14T15:20:12+0100 info: [example.com.] DNSSEC, key, tag 36185, algorithm ECDSAP256SHA256, public, active
+  2024-02-14T15:20:12+0100 info: [example.com.] DNSSEC, key, tag  3375, algorithm ECDSAP256SHA256, KSK, public, ready, active+
+  2024-02-14T15:20:12+0100 info: [example.com.] DNSSEC, signing started
+  2024-02-14T15:20:12+0100 info: [example.com.] DNSSEC, successfully signed, serial 2010111205
+  2024-02-14T15:20:12+0100 info: [example.com.] DNSSEC, next signing at 2024-02-28T15:19:37+0100
 
 At this point the new KSK has to be submitted to the parent zone. Knot detects the updated parent's DS
 record automatically (and waits for additional period of the DS's TTL before retiring the old key)
 if :ref:`parent DS check<Submission section>` is configured, otherwise the
 operator must confirm it manually (using ``knotc zone-ksk-submitted``)::
 
-  2021-05-10T20:50:12+0200 info: [example.com.] DS check, outgoing, remote 127.0.0.1@5300, KSK submission check: negative
-  2021-05-10T20:50:14+0200 info: [example.com.] DS check, outgoing, remote 127.0.0.1@5300, KSK submission check: negative
-  2021-05-10T20:50:16+0200 info: [example.com.] DS check, outgoing, remote 127.0.0.1@5300, KSK submission check: positive
-  2021-05-10T20:50:16+0200 notice: [example.com.] DNSSEC, KSK submission, confirmed
-  2021-05-10T20:50:16+0200 info: [example.com.] DNSSEC, signing zone
-  2021-05-10T20:50:16+0200 info: [example.com.] DNSSEC, key, tag 50613, algorithm ECDSAP256SHA256, KSK, public, active+
-  2021-05-10T20:50:16+0200 info: [example.com.] DNSSEC, key, tag 62932, algorithm ECDSAP256SHA256, public, active
-  2021-05-10T20:50:16+0200 info: [example.com.] DNSSEC, key, tag  9081, algorithm ECDSAP256SHA256, KSK, public, active
-  2021-05-10T20:50:16+0200 info: [example.com.] DNSSEC, signing started
-  2021-05-10T20:50:16+0200 info: [example.com.] DNSSEC, successfully signed
-  2021-05-10T20:50:16+0200 info: [example.com.] DNSSEC, next signing at 2021-05-10T20:50:23+0200
+  2024-02-14T15:20:12+0100 info: [example.com.] DS check, outgoing, remote 127.0.0.1@5300 TCP, KSK submission check: negative
+  2024-02-14T15:20:14+0100 info: [example.com.] DS check, outgoing, remote 127.0.0.1@5300 TCP/pool, KSK submission check: negative
+  2024-02-14T15:20:16+0100 info: [example.com.] DS check, outgoing, remote 127.0.0.1@5300 TCP/pool, KSK submission check: positive
+  2024-02-14T15:20:16+0100 notice: [example.com.] DNSSEC, KSK submission, confirmed
+  2024-02-14T15:20:16+0100 info: [example.com.] DNSSEC, signing zone
+  2024-02-14T15:20:16+0100 info: [example.com.] DNSSEC, key, tag 53594, algorithm ECDSAP256SHA256, KSK, public, active+
+  2024-02-14T15:20:16+0100 info: [example.com.] DNSSEC, key, tag 36185, algorithm ECDSAP256SHA256, public, active
+  2024-02-14T15:20:16+0100 info: [example.com.] DNSSEC, key, tag  3375, algorithm ECDSAP256SHA256, KSK, public, active
+  2024-02-14T15:20:16+0100 info: [example.com.] DNSSEC, signing started
+  2024-02-14T15:20:16+0100 info: [example.com.] DNSSEC, successfully signed, serial 2010111206
+  2024-02-14T15:20:16+0100 info: [example.com.] DNSSEC, next signing at 2024-02-14T15:20:23+0100
 
   ... (parent's DS TTL is 7 seconds) ...
 
-  2021-05-10T20:50:23+0200 info: [example.com.] DNSSEC, signing zone
-  2021-05-10T20:50:23+0200 info: [example.com.] DNSSEC, key, tag 62932, algorithm ECDSAP256SHA256, public, active
-  2021-05-10T20:50:23+0200 info: [example.com.] DNSSEC, key, tag  9081, algorithm ECDSAP256SHA256, KSK, public, active
-  2021-05-10T20:50:23+0200 info: [example.com.] DNSSEC, signing started
-  2021-05-10T20:50:23+0200 info: [example.com.] DNSSEC, successfully signed
-  2021-05-10T20:50:23+0200 info: [example.com.] DNSSEC, next signing at 2021-05-10T20:51:56+0200
+  2024-02-14T15:20:23+0100 info: [example.com.] DNSSEC, signing zone
+  2024-02-14T15:20:23+0100 info: [example.com.] DNSSEC, next key action, ZSK, generate at 2024-02-14T15:21:54+0100
+  2024-02-14T15:20:23+0100 info: [example.com.] DNSSEC, key, tag 36185, algorithm ECDSAP256SHA256, public, active
+  2024-02-14T15:20:23+0100 info: [example.com.] DNSSEC, key, tag  3375, algorithm ECDSAP256SHA256, KSK, public, active
+  2024-02-14T15:20:23+0100 info: [example.com.] DNSSEC, signing started
+  2024-02-14T15:20:23+0100 info: [example.com.] DNSSEC, successfully signed, serial 2010111207
+  2024-02-14T15:20:23+0100 info: [example.com.] DNSSEC, next signing at 2024-02-14T15:21:54+0100
 
 Upon the zone's ZSK lifetime expiration, a new ZSK is generated and the rollover
 continues along the lines of :rfc:`6781#section-4.1.1`::
 
-  # ZSK Rollover (62932 -> 33255)
+  # ZSK Rollover (36185 -> 38559)
 
-  2021-05-10T20:51:56+0200 info: [example.com.] DNSSEC, signing zone
-  2021-05-10T20:51:56+0200 info: [example.com.] DNSSEC, ZSK rollover started
-  2021-05-10T20:51:56+0200 info: [example.com.] DNSSEC, key, tag 62932, algorithm ECDSAP256SHA256, public, active
-  2021-05-10T20:51:56+0200 info: [example.com.] DNSSEC, key, tag  9081, algorithm ECDSAP256SHA256, KSK, public, active
-  2021-05-10T20:51:56+0200 info: [example.com.] DNSSEC, key, tag 33255, algorithm ECDSAP256SHA256, public
-  2021-05-10T20:51:56+0200 info: [example.com.] DNSSEC, signing started
-  2021-05-10T20:51:56+0200 info: [example.com.] DNSSEC, successfully signed
-  2021-05-10T20:51:56+0200 info: [example.com.] DNSSEC, next signing at 2021-05-10T20:52:08+0200
+  2024-02-14T15:21:54+0100 info: [example.com.] DNSSEC, signing zone
+  2024-02-14T15:21:54+0100 info: [example.com.] DNSSEC, ZSK rollover started
+  2024-02-14T15:21:54+0100 info: [example.com.] DNSSEC, next key action, ZSK tag 38559, replace at 2024-02-14T15:22:06+0100
+  2024-02-14T15:21:54+0100 info: [example.com.] DNSSEC, key, tag 36185, algorithm ECDSAP256SHA256, public, active
+  2024-02-14T15:21:54+0100 info: [example.com.] DNSSEC, key, tag  3375, algorithm ECDSAP256SHA256, KSK, public, active
+  2024-02-14T15:21:54+0100 info: [example.com.] DNSSEC, key, tag 38559, algorithm ECDSAP256SHA256, public
+  2024-02-14T15:21:54+0100 info: [example.com.] DNSSEC, signing started
+  2024-02-14T15:21:54+0100 info: [example.com.] DNSSEC, successfully signed, serial 2010111208
+  2024-02-14T15:21:54+0100 info: [example.com.] DNSSEC, next signing at 2024-02-14T15:22:06+0100
 
   ... (propagation-delay + dnskey-ttl) ...
 
-  2021-05-10T20:52:08+0200 info: [example.com.] DNSSEC, signing zone
-  2021-05-10T20:52:08+0200 info: [example.com.] DNSSEC, key, tag 62932, algorithm ECDSAP256SHA256, public
-  2021-05-10T20:52:08+0200 info: [example.com.] DNSSEC, key, tag  9081, algorithm ECDSAP256SHA256, KSK, public, active
-  2021-05-10T20:52:08+0200 info: [example.com.] DNSSEC, key, tag 33255, algorithm ECDSAP256SHA256, public, active
-  2021-05-10T20:52:08+0200 info: [example.com.] DNSSEC, signing started
-  2021-05-10T20:52:08+0200 info: [example.com.] DNSSEC, successfully signed
-  2021-05-10T20:52:08+0200 info: [example.com.] DNSSEC, next signing at 2021-05-10T20:52:25+0200
+  2024-02-14T15:22:06+0100 info: [example.com.] DNSSEC, signing zone
+  2024-02-14T15:22:06+0100 info: [example.com.] DNSSEC, next key action, ZSK tag 36185, remove at 2024-02-14T15:22:23+0100
+  2024-02-14T15:22:06+0100 info: [example.com.] DNSSEC, key, tag 36185, algorithm ECDSAP256SHA256, public
+  2024-02-14T15:22:06+0100 info: [example.com.] DNSSEC, key, tag  3375, algorithm ECDSAP256SHA256, KSK, public, active
+  2024-02-14T15:22:06+0100 info: [example.com.] DNSSEC, key, tag 38559, algorithm ECDSAP256SHA256, public, active
+  2024-02-14T15:22:06+0100 info: [example.com.] DNSSEC, signing started
+  2024-02-14T15:22:06+0100 info: [example.com.] DNSSEC, successfully signed, serial 2010111209
+  2024-02-14T15:22:06+0100 info: [example.com.] DNSSEC, next signing at 2024-02-14T15:22:23+0100
 
   ... (propagation-delay + zone-max-ttl) ...
 
-  2021-05-10T20:52:25+0200 info: [example.com.] DNSSEC, signing zone
-  2021-05-10T20:52:25+0200 info: [example.com.] DNSSEC, key, tag  9081, algorithm ECDSAP256SHA256, KSK, public, active
-  2021-05-10T20:52:25+0200 info: [example.com.] DNSSEC, key, tag 33255, algorithm ECDSAP256SHA256, public, active
-  2021-05-10T20:52:25+0200 info: [example.com.] DNSSEC, signing started
-  2021-05-10T20:52:25+0200 info: [example.com.] DNSSEC, successfully signed
-  2021-05-10T20:52:25+0200 info: [example.com.] DNSSEC, next signing at 2021-05-10T20:54:08+0200
-  2021-05-10T20:54:08+0200 info: [example.com.] DNSSEC, signing zone
+  2024-02-14T15:22:23+0100 info: [example.com.] DNSSEC, signing zone
+  2024-02-14T15:22:23+0100 info: [example.com.] DNSSEC, next key action, ZSK, generate at 2024-02-14T15:24:06+0100
+  2024-02-14T15:22:23+0100 info: [example.com.] DNSSEC, key, tag  3375, algorithm ECDSAP256SHA256, KSK, public, active
+  2024-02-14T15:22:23+0100 info: [example.com.] DNSSEC, key, tag 38559, algorithm ECDSAP256SHA256, public, active
+  2024-02-14T15:22:23+0100 info: [example.com.] DNSSEC, signing started
+  2024-02-14T15:22:23+0100 info: [example.com.] DNSSEC, successfully signed, serial 2010111210
+  2024-02-14T15:22:23+0100 info: [example.com.] DNSSEC, next signing at 2024-02-14T15:24:06+0100
 
 Further rollovers::
 
   ... (zsk-lifetime - propagation-delay - zone-max-ttl) ...
 
-  # Another ZSK Rollover (33255 -> 49526)
+  # Another ZSK Rollover (38559 -> 59825)
 
-  2021-05-10T20:54:08+0200 info: [example.com.] DNSSEC, signing zone
-  2021-05-10T20:54:08+0200 info: [example.com.] DNSSEC, ZSK rollover started
-  2021-05-10T20:54:08+0200 info: [example.com.] DNSSEC, key, tag  9081, algorithm ECDSAP256SHA256, KSK, public, active
-  2021-05-10T20:54:08+0200 info: [example.com.] DNSSEC, key, tag 33255, algorithm ECDSAP256SHA256, public, active
-  2021-05-10T20:54:08+0200 info: [example.com.] DNSSEC, key, tag 49526, algorithm ECDSAP256SHA256, public
-  2021-05-10T20:54:08+0200 info: [example.com.] DNSSEC, signing started
-  2021-05-10T20:54:08+0200 info: [example.com.] DNSSEC, successfully signed
-  2021-05-10T20:54:08+0200 info: [example.com.] DNSSEC, next signing at 2021-05-10T20:54:20+0200
+  2024-02-14T15:24:06+0100 info: [example.com.] DNSSEC, signing zone
+  2024-02-14T15:24:06+0100 info: [example.com.] DNSSEC, ZSK rollover started
+  2024-02-14T15:24:06+0100 info: [example.com.] DNSSEC, next key action, ZSK tag 59825, replace at 2024-02-14T15:24:18+0100
+  2024-02-14T15:24:06+0100 info: [example.com.] DNSSEC, key, tag  3375, algorithm ECDSAP256SHA256, KSK, public, active
+  2024-02-14T15:24:06+0100 info: [example.com.] DNSSEC, key, tag 38559, algorithm ECDSAP256SHA256, public, active
+  2024-02-14T15:24:06+0100 info: [example.com.] DNSSEC, key, tag 59825, algorithm ECDSAP256SHA256, public
+  2024-02-14T15:24:06+0100 info: [example.com.] DNSSEC, signing started
+  2024-02-14T15:24:06+0100 info: [example.com.] DNSSEC, successfully signed, serial 2010111211
+  2024-02-14T15:24:06+0100 info: [example.com.] DNSSEC, next signing at 2024-02-14T15:24:18+0100
 
   ...
 
-  # Another KSK Rollover (9081 -> 9179)
+  # Another KSK Rollover (3375 -> 50822)
 
-  2021-05-10T20:55:00+0200 info: [example.com.] DNSSEC, signing zone
-  2021-05-10T20:55:00+0200 info: [example.com.] DNSSEC, KSK rollover started
-  2021-05-10T20:55:00+0200 info: [example.com.] DNSSEC, key, tag  9081, algorithm ECDSAP256SHA256, KSK, public, active
-  2021-05-10T20:55:00+0200 info: [example.com.] DNSSEC, key, tag 49526, algorithm ECDSAP256SHA256, public, active
-  2021-05-10T20:55:00+0200 info: [example.com.] DNSSEC, key, tag  9179, algorithm ECDSAP256SHA256, KSK, public, active+
-  2021-05-10T20:55:00+0200 info: [example.com.] DNSSEC, signing started
-  2021-05-10T20:55:00+0200 info: [example.com.] DNSSEC, successfully signed
-  2021-05-10T20:55:00+0200 info: [example.com.] DNSSEC, next signing at 2021-05-10T20:55:12+0200
+  2024-02-14T15:25:00+0100 info: [example.com.] DNSSEC, signing zone
+  2024-02-14T15:25:00+0100 info: [example.com.] DNSSEC, KSK rollover started
+  2024-02-14T15:25:00+0100 info: [example.com.] DNSSEC, next key action, KSK tag 50822, submit at 2024-02-14T15:25:12+0100
+  2024-02-14T15:25:00+0100 info: [example.com.] DNSSEC, key, tag  3375, algorithm ECDSAP256SHA256, KSK, public, active
+  2024-02-14T15:25:00+0100 info: [example.com.] DNSSEC, key, tag 59825, algorithm ECDSAP256SHA256, public, active
+  2024-02-14T15:25:00+0100 info: [example.com.] DNSSEC, key, tag 50822, algorithm ECDSAP256SHA256, KSK, public, active+
+  2024-02-14T15:25:00+0100 info: [example.com.] DNSSEC, signing started
+  2024-02-14T15:25:00+0100 info: [example.com.] DNSSEC, successfully signed, serial 2010111214
+  2024-02-14T15:25:00+0100 info: [example.com.] DNSSEC, next signing at 2024-02-14T15:25:12+0100
 
   ...
 
@@ -1360,6 +1379,7 @@ Pre-requisites
 
     ethtool -K <interface> tx-vlan-offload off rx-vlan-offload off
 
+.. _Mode XDP_optimizations:
 
 Optimizations
 -------------
@@ -1372,6 +1392,8 @@ Some helpful commands::
  ethtool -G <interface> rx <?> tx <?>
  renice -n 19 -p $(pgrep '^ksoftirqd/[0-9]*$')
 
+.. _Mode XDP_limitations:
+
 Limitations
 -----------
 
diff --git a/doc/reference.rst b/doc/reference.rst
index ad4feb9..45574dc 100644
--- a/doc/reference.rst
+++ b/doc/reference.rst
@@ -32,9 +32,10 @@ the following symbols:
 - ``|`` – Choice
 
 The configuration consists of several fixed sections and optional module
-sections. There are 16 fixed sections (``module``, ``server``, ``xdp``, ``control``,
+sections. There are 17 fixed sections (``module``, ``server``, ``xdp``, ``control``,
 ``log``, ``statistics``, ``database``, ``keystore``, ``key``, ``remote``,
-``remotes``, ``acl``, ``submission``, ``policy``, ``template``, ``zone``).
+``remotes``, ``acl``, ``submission``, ``dnskey-sync``, ``policy``, ``template``,
+``zone``).
 Module sections are prefixed with the ``mod-`` prefix (e.g. ``mod-stats``).
 
 Most of the sections (e.g. ``zone``) are sequences of settings blocks. Each
@@ -1045,8 +1046,8 @@ Minimum severity level for all message types, except ``quic``, to be logged.
 
 .. _stats section:
 
-``stats`` section
-=================
+``statistics`` section
+======================
 
 Periodic server statistics dumping.
 
@@ -2039,7 +2040,8 @@ A period between ZSK activation and the next rollover initiation.
    and after this, a new ZSK is generated to replace it within
    following roll-over.
 
-   ZSK key lifetime is also influenced by propagation-delay and dnskey-ttl
+   As a consequence, in normal operation, this results in the period
+   of ZSK generation being `zsk-lifetime + propagation-delay + dnskey_ttl`.
 
    Zero (aka infinity) value causes no ZSK rollover as a result.
 
@@ -2226,6 +2228,10 @@ It's possible to manage both child and parent zones by the same Knot DNS server.
 .. NOTE::
    Module :ref:`Onlinesign<mod-onlinesign>` doesn't support DS push.
 
+.. NOTE::
+   When turning this feature on while a KSK roll-over is already running, it might
+   not take effect for the already-running roll-over.
+
 *Default:* not set
 
 .. _policy_dnskey-sync:
@@ -2780,6 +2786,7 @@ is cancelled with an error, and either none or previous zone state is published.
 List of DNSSEC checks:
 
 - Every zone RRSet is correctly signed by at least one present DNSKEY.
+- For every RRSIG there are at most 3 non-matching DNSKEYs with the same keytag.
 - DNSKEY RRSet is signed by KSK.
 - NSEC(3) RR exists for each name (unless opt-out) with correct bitmap.
 - Every NSEC(3) RR is linked to the lexicographically next one.
diff --git a/doc/troubleshooting.rst b/doc/troubleshooting.rst
index 3d7c359..5bd1d90 100644
--- a/doc/troubleshooting.rst
+++ b/doc/troubleshooting.rst
@@ -9,7 +9,7 @@ First of all, check the logs. Enabling at least the ``warning`` message
 severity may help you to identify some problems. See the :ref:`log section`
 for details.
 
-..  _Submitting a bugreport:
+.. _Submitting a bugreport:
 
 Reporting bugs
 ==============
@@ -46,7 +46,7 @@ addition at least the following information:
 If possible, please provide a minimal configuration file and zone files which
 can be used to reproduce the bug.
 
-..  _Generating backtrace:
+.. _Generating backtrace:
 
 Generating backtrace
 ====================
@@ -108,3 +108,16 @@ If you fail to get a backtrace of a running process using the previous method,
 you may try the single-purpose ``pstack`` utility::
 
     $ pstack $(pidof knotd) > backtrace.txt
+
+.. _Bus error:
+
+Crash caused by a Bus error
+===========================
+
+Zone files and a configuration file are usually accessed as
+`mmaped <https://pubs.opengroup.org/onlinepubs/9699919799/functions/mmap.html>`_
+files. If such files are changed or truncated at the same time when those files
+are being loaded/reloaded by the program, it may result in `Bus error
+(SIGBUS) <https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/signal.h.html>`_
+and a program crash. If you encounter a Bus error, first check that there isn't
+a concurrent write access from an external program to the respective files.