middleware/dnssec

Add warning about in memory keys and the impossibilty to extract them.
author: Miek Gieben <miek@miek.nl> 2016-08-14 07:30:41 -0700
committer: Miek Gieben <miek@miek.nl> 2016-08-14 07:30:41 -0700
commit: e85a8260e339ffcf041ac274771eebd579ca05c9 (patch)
tree: 0809da6617e3b3417c31afc8ffbea9a360f3725e /middleware
parent: 3b7b9b49d5d4a94dcb924b90595bbfd976f0d87c (diff)
download: coredns-e85a8260e339ffcf041ac274771eebd579ca05c9.tar.gz
coredns-e85a8260e339ffcf041ac274771eebd579ca05c9.tar.zst
coredns-e85a8260e339ffcf041ac274771eebd579ca05c9.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/middleware/dnssec/README.md b/middleware/dnssec/README.md
index df00866cf..34d5680c0 100644
--- a/middleware/dnssec/README.md
+++ b/middleware/dnssec/README.md
@@ -19,6 +19,9 @@ RSA).
 
 A signing key can be specified by using the `key` directive.
 
+WARNING: when a key is generated there is currently no way to extract any key material from CoreDNS,
+this key only lives in memory. See issue <https://github.com/miekg/coredns/issues/211>.
+
 TODO(miek): think about key rollovers.
author	Miek Gieben <miek@miek.nl>	2016-08-14 07:30:41 -0700
committer	Miek Gieben <miek@miek.nl>	2016-08-14 07:30:41 -0700
commit	e85a8260e339ffcf041ac274771eebd579ca05c9 (patch)
tree	0809da6617e3b3417c31afc8ffbea9a360f3725e /middleware
parent	3b7b9b49d5d4a94dcb924b90595bbfd976f0d87c (diff)
download	coredns-e85a8260e339ffcf041ac274771eebd579ca05c9.tar.gz coredns-e85a8260e339ffcf041ac274771eebd579ca05c9.tar.zst coredns-e85a8260e339ffcf041ac274771eebd579ca05c9.zip