aboutsummaryrefslogtreecommitdiff
path: root/plugin/dnssec
diff options
context:
space:
mode:
Diffstat (limited to 'plugin/dnssec')
-rw-r--r--plugin/dnssec/README.md10
1 files changed, 9 insertions, 1 deletions
diff --git a/plugin/dnssec/README.md b/plugin/dnssec/README.md
index 419823dbf..904fb9269 100644
--- a/plugin/dnssec/README.md
+++ b/plugin/dnssec/README.md
@@ -1,6 +1,14 @@
# dnssec
-*dnssec* enables on-the-fly DNSSEC signing of served data.
+## Name
+
+*dnssec* - enable on-the-fly DNSSEC signing of served data.
+
+## Description
+
+With *dnssec* any reply that doesn't (or can't) do DNSSEC will get signed on-the-fly. Authenticated
+denial of existence is implemented with NSEC black lies. Using ECDSA as an algorithm is preferred as
+this leads to smaller signatures (compared to RSA). NSEC3 is *not* supported.
## Syntax
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-02 03:06:46 +0000