<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>dnssec on CoreDNS: DNS and Service Discovery</title>
    <link>https://coredns.io/tags/dnssec/</link>
    <description>Recent content in dnssec on CoreDNS: DNS and Service Discovery</description>
    <generator>Hugo -- gohugo.io</generator>
    <language>en-us</language>
    <copyright>CoreDNS - All Rights Reserved</copyright>
    <lastBuildDate>Fri, 22 Nov 2024 08:09:54 +0000</lastBuildDate><atom:link href="https://coredns.io/tags/dnssec/index.xml" rel="self" type="application/rss+xml" />
    <item>
      <title>dnssec</title>
      <link>https://coredns.io/plugins/dnssec/</link>
      <pubDate>Fri, 22 Nov 2024 08:09:54 +0000</pubDate>
      
      <guid>https://coredns.io/plugins/dnssec/</guid>
      <description>Description With dnssec, any reply that doesn&amp;rsquo;t (or can&amp;rsquo;t) do DNSSEC will get signed on the fly. Authenticated denial of existence is implemented with NSEC black lies. Using ECDSA as an algorithm is preferred as this leads to smaller signatures (compared to RSA). NSEC3 is not supported.
This plugin can only be used once per Server Block.
Syntax dnssec [ZONES... ] { key file|aws_secretsmanager KEY... cache_capacity CAPACITY } The signing behavior depends on the keys specified.</description>
    </item>
    
  </channel>
</rss>
