Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2025-11-26 21:54:03 -05:00
Code Issues Packages Projects Releases Wiki Activity

Update docs

Browse Source 
Update the file and dnssec docs and glarify what is implement and that
we only do NSEC.
This commit is contained in:
Miek Gieben
2016-08-29 19:15:04 +01:00
parent 2eac03896b
commit 9caa607173
2 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
middleware/dnssec/README.md
View File

@@ -15,14 +15,13 @@ If keys are not specified (see below), a key is generated and used for all signi
DNSSEC signing will treat this key a CSK (common signing key), forgoing the ZSK/KSK split. All
signing operations are done online. Authenticated denial of existence is implemented with NSEC black
lies. Using ECDSA as an algorithm is preferred as this leads to smaller signatures (compared to
RSA).
RSA). NSEC3 is *not* supported.
A signing key can be specified by using the `key` directive.
WARNING: when a key is generated there is currently no way to extract any key material from CoreDNS, as
this key only lives in memory. See issue <https://github.com/miekg/coredns/issues/211>.
NOTE: Key generation has not been implemented yet.
TODO(miek): think about key rollovers.
TODO(miek): think about key rollovers, and how to do them automatically.
~~~