Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2025-10-29 01:04:15 -04:00
Code Issues Packages Projects Releases Wiki Activity

Update README.md (#1374)

Browse Source 
Fixing a couple of small textual problems.
This commit is contained in:
cricketliu
2018-01-10 23:31:34 -08:00
committed by Miek Gieben
parent d15746596f
commit 655231a599
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
plugin/dnssec/README.md
View File

@@ -6,7 +6,7 @@
## Description ## Description
With *dnssec* any reply that doesn't (or can't) do DNSSEC will get signed on-the-fly. Authenticated With *dnssec* any reply that doesn't (or can't) do DNSSEC will get signed on the fly. Authenticated
denial of existence is implemented with NSEC black lies. Using ECDSA as an algorithm is preferred as denial of existence is implemented with NSEC black lies. Using ECDSA as an algorithm is preferred as
this leads to smaller signatures (compared to RSA). NSEC3 is *not* supported. this leads to smaller signatures (compared to RSA). NSEC3 is *not* supported.
@@ -19,7 +19,7 @@ dnssec [ZONES... ] {
} }
~~~ ~~~
The specified key is used for all signing operations. The DNSSEC signing will treat this key a The specified key is used for all signing operations. The DNSSEC signing will treat this key as a
CSK (common signing key), forgoing the ZSK/KSK split. All signing operations are done online. CSK (common signing key), forgoing the ZSK/KSK split. All signing operations are done online.
Authenticated denial of existence is implemented with NSEC black lies. Using ECDSA as an algorithm Authenticated denial of existence is implemented with NSEC black lies. Using ECDSA as an algorithm
is preferred as this leads to smaller signatures (compared to RSA). NSEC3 is *not* supported. is preferred as this leads to smaller signatures (compared to RSA). NSEC3 is *not* supported.
@@ -33,7 +33,7 @@ used (See [bugs](#bugs)).
* `key file` indicates that **KEY** file(s) should be read from disk. When multiple keys are specified, RRsets * `key file` indicates that **KEY** file(s) should be read from disk. When multiple keys are specified, RRsets
will be signed with all keys. Generating a key can be done with `dnssec-keygen`: `dnssec-keygen -a will be signed with all keys. Generating a key can be done with `dnssec-keygen`: `dnssec-keygen -a
ECDSAP256SHA256 <zonename>`. A key created for zone *A* can be safely used for zone *B*. The name of the ECDSAP256SHA256 <zonename>`. A key created for zone *A* can be safely used for zone *B*. The name of the
key file can be specified as one of the following formats key file can be specified in one of the following formats
* basename of the generated key `Kexample.org+013+45330` * basename of the generated key `Kexample.org+013+45330`
* generated public key `Kexample.org+013+45330.key` * generated public key `Kexample.org+013+45330.key`