Merge pull request #4478 from peterthomassen/master

docs enhancements; clarify error message when set-presigned fails with DNSSEC disabled

docs/markdown/authoritative/backend-generic-sql.md

@@ -100,8 +100,9 @@ this implies that a slaved domain will not stay disabled.
 
 ## Autoserial
 The autoserial functionality makes PowerDNS generate the SOA serial when the SOA
-serial set to `0` in the database. The serial in SOA responses is set to the
-highest value of the `change_date` field in the "records" table.
+serial set to `0` in the database. The serial in SOA responses is set to what's
+provided by `zone-lastchange-query`. By default, this is the highest value of the
+`change_date` field in the "records" table).
 
 
 # Handling DNSSEC signed zones

docs/markdown/authoritative/dnssec.md

@@ -219,9 +219,15 @@ retrieved from a master server, this keying material will be used when serving
 data from this zone.
 
 As part of the zone retrieval, the equivalent of `pdnsutil rectify-zone` is run
-to make sure that all DNSSEC-related fields are set correctly.
+to make sure that all DNSSEC-related fields are set correctly in the backend.
 
-Signatures and Hashing is similar as described [above](#online-signing)
+## Signed AXFR
+An outgoing zone transfer from a signing master contains all information
+required for the receiving party to rectify the zone without knowing the keys,
+such as signed NSEC3 records for empty non-terminals. The zone is not required
+to be rectified on the master.
+
+Signatures and Hashing is similar as described [above](#online-signing).
 
 ## BIND-mode operation
 Starting with PowerDNS 3.1, the bindbackend can manage keys in an SQLite3 database

docs/markdown/httpapi/api_spec.md

@@ -384,7 +384,10 @@ Where `Comment` is defined as:
 * `soa_edit_api` MAY be set. If it is set, on changes to the contents of
   a zone made through the API, the SOA record will be edited according to
   the SOA-EDIT-API rules. (Which are the same as the SOA-EDIT-DNSUPDATE rules.)
-  If not set at all during zone creation, defaults to [`DEFAULT`](../authoritative/dnsupdate/#soa-edit-dnsupdate-settings).
+  If not set during zone creation, a SOA-EDIT-API metadata record is created
+  and set to `DEFAULT`. (If this record is removed from the backend, the
+  default behaviour is to not do any SOA editing based on this setting. This
+  is different from setting `DEFAULT`.)
   **Note**: Authoritative only.
 
 * `account` MAY be set. Its value is defined by local policy.

pdns/pdnsutil.cc

@@ -2563,7 +2563,7 @@ loadMainConfig(g_vm["config-dir"].as<string>());
       return 0; 
     }
     if (! dk.setPresigned(DNSName(cmds[1]))) {
-      cerr << "Could not set presigned on for " << cmds[1] << endl;
+      cerr << "Could not set presigned for " << cmds[1] << " (is DNSSEC enabled in your backend?)" << endl;
       return 1;
     }
     return 0;