docs: add note on TTL for DNSSEC RRs. Closes #2195

author Pieter Lexis <pieter.lexis@powerdns.com>

Fri, 11 Dec 2015 17:13:42 +0000 (18:13 +0100)

committer Pieter Lexis <pieter.lexis@powerdns.com>

Mon, 14 Dec 2015 10:33:37 +0000 (11:33 +0100)
author Pieter Lexis <pieter.lexis@powerdns.com>
Fri, 11 Dec 2015 17:13:42 +0000 (18:13 +0100)
committer Pieter Lexis <pieter.lexis@powerdns.com>
Mon, 14 Dec 2015 10:33:37 +0000 (11:33 +0100)
diff --git a/docs/markdown/authoritative/dnssec.md b/docs/markdown/authoritative/dnssec.md

index 9fd03ae7b95e285e75e603ae7b53ad5790b602b0..dd82cf938fc77ea32bcb84ffb13e33f62e0f6e8d 100644 (file)
--- a/docs/markdown/authoritative/dnssec.md
+++ b/docs/markdown/authoritative/dnssec.md
@@ -201,6 +201,10 @@ Precisely speaking, the time period used is always from the start of the previou
  
  **Note**: Why Thursday? POSIX-based operating systems count the time since GMT midnight January 1st of 1970, which was a Thursday. PowerDNS inception/expiration times are generated based on an integral number of weeks having passed since the start of the 'epoch'.
  
+PowerDNS also serves the DNSKEY records in live-signing mode. Their TTL is derived
+from the SOA records *minimum* field. When using NSEC3, the TTL of the NSEC3PARAM
+record is also derived from that field.
+
  # `pdnsutil`
  `pdnsutil` (previously called `pdnssec`) is a powerful command that is the operator-friendly gateway into PowerDNSSEC configuration. Behind the scenes, `pdnsutil` manipulates a PowerDNS backend database, which also means that for many databases, `pdnsutil` can be run remotely, and can configure key material on different servers.
author	Pieter Lexis <pieter.lexis@powerdns.com>
	Fri, 11 Dec 2015 17:13:42 +0000 (18:13 +0100)
committer	Pieter Lexis <pieter.lexis@powerdns.com>
	Mon, 14 Dec 2015 10:33:37 +0000 (11:33 +0100)