Add purge-keys config option

Add a new option 'purge-keys' to 'dnssec-policy' that will purge key files for deleted keys. The option determines how long key files should be retained prior to removing the corresponding files from disk. If set to 0, the option is disabled and 'named' will not remove key files from disk.
2021-02-08 12:02:19 +01:00
parent d4cb312555
commit 313de3a7e2
15 changed files with 75 additions and 5 deletions
--- a/doc/misc/dnssec-policy.default.conf
+++ b/doc/misc/dnssec-policy.default.conf
@@ -8,6 +8,7 @@ dnssec-policy "default" {
 	dnskey-ttl 3600;
 	publish-safety 1h;
 	retire-safety 1h;
+        purge-keys P90D;

 	// Signature timings
 	signatures-refresh 5d;