Closed aeden closed 7 years ago
Implements DNSSEC. It is expected that key material for signing is provided as part of the zone data. Specifically look at the keysets field in the zone record, as well as the keyset record type.
keysets
keyset
NSEC records use white lies ( described in https://tools.ietf.org/html/rfc4470 and https://tools.ietf.org/html/rfc4471 ).
For all records known when the zone is put into the cache, RRSIG records are created in the cache as well.
For any custom handler that is generating dynamic records, RRSIG records will be added automatically by erldns_resolver.
erldns_resolver
Implements DNSSEC. It is expected that key material for signing is provided as part of the zone data. Specifically look at the
keysetsfield in the zone record, as well as thekeysetrecord type.NSEC records use white lies ( described in https://tools.ietf.org/html/rfc4470 and https://tools.ietf.org/html/rfc4471 ).
For all records known when the zone is put into the cache, RRSIG records are created in the cache as well.
For any custom handler that is generating dynamic records, RRSIG records will be added automatically by
erldns_resolver.