blob: 2bd9c5810e381b6b4a353ac00613cb12430188b1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
#
# @(#) dnssec.conf vT0.96 (c) Feb 2005 - May 2008 Holger Zuleger hznet.de
#
# dnssec-zkt options
Zonedir: "."
Recursive: True
PrintTime: False
PrintAge: True
LeftJustify: False
# zone specific values
ResignInterval: 2d # (172800 seconds)
Sigvalidity: 6d # (518400 seconds)
Max_TTL: 8h # (28800 seconds)
Propagation: 5m # (300 seconds)
KEY_TTL: 1h # (3600 seconds)
Serialformat: incremental
# signing key parameters
KSK_lifetime: 60d # (5184000 seconds)
KSK_algo: RSASHA1 # (Algorithm ID 5)
KSK_bits: 1300
KSK_randfile: "/dev/urandom"
ZSK_lifetime: 2w # (1209600 seconds)
ZSK_algo: RSASHA1 # (Algorithm ID 5)
ZSK_bits: 512
ZSK_randfile: "/dev/urandom"
# dnssec-signer options
LogFile: "zkt.log"
LogLevel: debug
SyslogFacility: USER
SyslogLevel: notice
VerboseLog: 2
Keyfile: "dnskey.db"
Zonefile: "zone.db"
KeySetDir: "../keysets"
DLV_Domain: ""
Sig_Pseudorand: True
Distribute_Cmd: "./dist.sh"
|
