From beb5a875f4b99dc9183fbc791efb4bf0d26882b1 Mon Sep 17 00:00:00 2001
From: Pieter Lexis <pieter@plexis.eu>
Date: Tue, 23 Dec 2014 23:11:54 +0100
Subject: [PATCH] Document several undocumented settings

 * Closes #1348
---
 pdns/docs/markdown/authoritative/settings.md | 54 ++++++++++++++++++++
 1 file changed, 54 insertions(+)

diff --git a/pdns/docs/markdown/authoritative/settings.md b/pdns/docs/markdown/authoritative/settings.md
index ab70902370..b686982552 100644
--- a/pdns/docs/markdown/authoritative/settings.md
+++ b/pdns/docs/markdown/authoritative/settings.md
@@ -104,6 +104,33 @@ Debugging switch - don't use.
 
 Operate as a daemon.
 
+## `default-ksk-algorithms`
+* String
+* Default: rsasha256
+
+The algorithm that should be used for the KSK when running
+[`pdnssec secure-zone`](internals.md#pdnssec).
+Must be one of:
+* rsamd5
+* dh
+* dsa
+* ecc
+* rsasha1
+* dsa-nsec3-sha1
+* rsasha1-nsec3-sha1
+* rsasha256
+* rsasha512
+* ecc-gost
+* ecdsap256sha256
+* ecdsap384sha384
+
+## `default-ksk-size`
+* Integer
+* Default: whichever is default for `default-ksk-algorithms`
+
+The default keysize for the KSK generated with
+[`pdnssec secure-zone`](internals.md#pdnssec).
+
 ## `default-soa-name`
 * String
 * Default: a.misconfigured.powerdns.server
@@ -121,6 +148,33 @@ Mail address to insert in the SOA record if none set in the backend.
 
 TTL to use when none is provided.
 
+## `default-zsk-algorithms`
+* String
+* Default: rsasha256
+
+The algorithm that should be used for the ZSK when running
+[`pdnssec secure-zone`](internals.md#pdnssec).
+Must be one of:
+* rsamd5
+* dh
+* dsa
+* ecc
+* rsasha1
+* dsa-nsec3-sha1
+* rsasha1-nsec3-sha1
+* rsasha256
+* rsasha512
+* ecc-gost
+* ecdsap256sha256
+* ecdsap384sha384
+
+## `default-zsk-size`
+* Integer
+* Default: whichever is default for `default-zsk-algorithms`
+
+The default keysize for the ZSK generated with
+[`pdnssec secure-zone`](internals.md#pdnssec).
+
 ## `direct-dnskey`
 * Boolean
 * Default: no
-- 
2.47.2