diff options
Diffstat (limited to 'plugin/dnssec/README.md')
| -rw-r--r-- | plugin/dnssec/README.md | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/plugin/dnssec/README.md b/plugin/dnssec/README.md index 2a65370b7..00766a1e3 100644 --- a/plugin/dnssec/README.md +++ b/plugin/dnssec/README.md @@ -31,8 +31,11 @@ ZSK/KSK split. All signing operations are done online. Authenticated denial of existence is implemented with NSEC black lies. Using ECDSA as an algorithm is preferred as this leads to smaller signatures (compared to RSA). NSEC3 is *not* supported. +As the *dnssec* plugin can't see the original TTL of the RRSets it signs, it will always use 3600s +as the value. + If multiple *dnssec* plugins are specified in the same zone, the last one specified will be -used (See [bugs](#bugs)). +used. * **ZONES** zones that should be signed. If empty, the zones from the configuration block are used. |