10. Secure transfers

From 3.3.1 and up, PowerDNS support secure DNSSEC transfers as described in draft-koch-dnsop-dnssec-operator-change-05. If the direct-dnskey option is enabled the foreign DNSKEY records stored in the database are added to the keyset and signed with the KSK. Without the direct-dnskey option DNSKEY records in the database are silently ignored.