summaryrefslogtreecommitdiffstats
path: root/install/share/opendnssec_kasp.template
diff options
context:
space:
mode:
Diffstat (limited to 'install/share/opendnssec_kasp.template')
-rw-r--r--install/share/opendnssec_kasp.template150
1 files changed, 150 insertions, 0 deletions
diff --git a/install/share/opendnssec_kasp.template b/install/share/opendnssec_kasp.template
new file mode 100644
index 000000000..cad9f7c5d
--- /dev/null
+++ b/install/share/opendnssec_kasp.template
@@ -0,0 +1,150 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+
+ NOTE: The default policy below is a TEMPLATE ONLY and should be reviewed
+ before used in any production environment. The administrator should
+ consult the OpenDNSSEC documentation before changing any parameters.
+
+ If you can read this message, it is likely that this file has not
+ been reviewed nor updated.
+
+ -->
+
+<KASP>
+
+ <Policy name="default">
+ <Description>A default policy that will amaze you and your friends</Description>
+ <Signatures>
+ <Resign>PT2H</Resign>
+ <Refresh>P3D</Refresh>
+ <Validity>
+ <Default>P14D</Default>
+ <Denial>P14D</Denial>
+ </Validity>
+ <Jitter>PT12H</Jitter>
+ <InceptionOffset>PT3600S</InceptionOffset>
+ </Signatures>
+
+ <Denial>
+ <NSEC3>
+ <!-- <TTL>PT0S</TTL> -->
+ <!-- <OptOut/> -->
+ <Resalt>P100D</Resalt>
+ <Hash>
+ <Algorithm>1</Algorithm>
+ <Iterations>5</Iterations>
+ <Salt length="8"/>
+ </Hash>
+ </NSEC3>
+ </Denial>
+
+ <Keys>
+ <!-- Parameters for both KSK and ZSK -->
+ <TTL>PT3600S</TTL>
+ <RetireSafety>PT3600S</RetireSafety>
+ <PublishSafety>PT3600S</PublishSafety>
+ <!-- <ShareKeys/> -->
+ <Purge>P14D</Purge>
+
+ <!-- Parameters for KSK only -->
+ <KSK>
+ <Algorithm length="2048">8</Algorithm>
+ <Lifetime>P1Y</Lifetime>
+ <Repository>SoftHSM</Repository>
+ </KSK>
+
+ <!-- Parameters for ZSK only -->
+ <ZSK>
+ <Algorithm length="2048">8</Algorithm>
+ <Lifetime>P90D</Lifetime>
+ <Repository>SoftHSM</Repository>
+ <!-- <ManualRollover/> -->
+ </ZSK>
+ </Keys>
+
+ <Zone>
+ <PropagationDelay>PT43200S</PropagationDelay>
+ <SOA>
+ <TTL>PT3600S</TTL>
+ <Minimum>PT3600S</Minimum>
+ <Serial>unixtime</Serial>
+ </SOA>
+ </Zone>
+
+ <Parent>
+ <PropagationDelay>PT9999S</PropagationDelay>
+ <DS>
+ <TTL>PT3600S</TTL>
+ </DS>
+ <SOA>
+ <TTL>PT172800S</TTL>
+ <Minimum>PT10800S</Minimum>
+ </SOA>
+ </Parent>
+
+ </Policy>
+
+ <Policy name="lab">
+ <Description>Quick turnaround policy for lab work</Description>
+ <Signatures>
+ <Resign>PT10M</Resign>
+ <Refresh>PT30M</Refresh>
+ <Validity>
+ <Default>PT1H</Default>
+ <Denial>PT1H</Denial>
+ </Validity>
+ <Jitter>PT1M</Jitter>
+ <InceptionOffset>PT3600S</InceptionOffset>
+ </Signatures>
+
+ <Denial>
+ <NSEC/>
+ </Denial>
+
+ <Keys>
+ <!-- Parameters for both KSK and ZSK -->
+ <TTL>PT300S</TTL>
+ <RetireSafety>PT360S</RetireSafety>
+ <PublishSafety>PT360S</PublishSafety>
+ <!-- <ShareKeys/> -->
+ <Purge>P14D</Purge>
+
+ <!-- Parameters for KSK only -->
+ <KSK>
+ <Algorithm length="2048">8</Algorithm>
+ <Lifetime>P1Y</Lifetime>
+ <Repository>SoftHSM</Repository>
+ </KSK>
+
+ <!-- Parameters for ZSK only -->
+ <ZSK>
+ <Algorithm length="2048">8</Algorithm>
+ <Lifetime>PT4H</Lifetime>
+ <Repository>SoftHSM</Repository>
+ <!-- <ManualRollover/> -->
+ </ZSK>
+ </Keys>
+
+ <Zone>
+ <PropagationDelay>PT300S</PropagationDelay>
+ <SOA>
+ <TTL>PT300S</TTL>
+ <Minimum>PT300S</Minimum>
+ <Serial>unixtime</Serial>
+ </SOA>
+ </Zone>
+
+ <Parent>
+ <PropagationDelay>PT9999S</PropagationDelay>
+ <DS>
+ <TTL>PT3600S</TTL>
+ </DS>
+ <SOA>
+ <TTL>PT172800S</TTL>
+ <Minimum>PT10800S</Minimum>
+ </SOA>
+ </Parent>
+
+ </Policy>
+</KASP>
generated by cgit (git 2.34.1) at 2024-09-22 09:30:29 +0000