From e85a8260e339ffcf041ac274771eebd579ca05c9 Mon Sep 17 00:00:00 2001
From: Miek Gieben <miek@miek.nl>
Date: Sun, 14 Aug 2016 07:30:41 -0700
Subject: [PATCH] middleware/dnssec

Add warning about in memory keys and the impossibilty to extract them.
---
 middleware/dnssec/README.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/middleware/dnssec/README.md b/middleware/dnssec/README.md
index df00866cf..34d5680c0 100644
--- a/middleware/dnssec/README.md
+++ b/middleware/dnssec/README.md
@@ -19,6 +19,9 @@ RSA).
 
 A signing key can be specified by using the `key` directive.
 
+WARNING: when a key is generated there is currently no way to extract any key material from CoreDNS,
+this key only lives in memory. See issue <https://github.com/miekg/coredns/issues/211>.
+
 TODO(miek): think about key rollovers.