40 lines
876 B
Plaintext
40 lines
876 B
Plaintext
#
|
|
# @(#) dnssec.conf vT0.96 (c) Feb 2005 - May 2008 Holger Zuleger hznet.de
|
|
#
|
|
|
|
# dnssec-zkt options
|
|
Zonedir: "intern"
|
|
Recursive: True
|
|
PrintTime: False
|
|
PrintAge: True
|
|
LeftJustify: False
|
|
|
|
# zone specific values
|
|
ResignInterval: 5h # (18000 seconds)
|
|
Sigvalidity: 1d # (86400 seconds)
|
|
Max_TTL: 30m # (1800 seconds)
|
|
Propagation: 1m # (60 seconds)
|
|
KEY_TTL: 30m # (1800 seconds)
|
|
Serialformat: unixtime
|
|
|
|
# signing key parameters
|
|
KSK_lifetime: 1y # (31536000 seconds)
|
|
KSK_algo: RSASHA1 # (Algorithm ID 5)
|
|
KSK_bits: 1300
|
|
KSK_randfile: "/dev/urandom"
|
|
ZSK_lifetime: 30d # (2592000 seconds)
|
|
ZSK_algo: RSASHA1 # (Algorithm ID 5)
|
|
ZSK_bits: 512
|
|
ZSK_randfile: "/dev/urandom"
|
|
|
|
# dnssec-signer options
|
|
LogFile: "zkt-int.log"
|
|
LogLevel: "debug"
|
|
SyslogFacility: "none"
|
|
SyslogLevel: "notice"
|
|
VerboseLog: 2
|
|
Keyfile: "dnskey.db"
|
|
Zonefile: "zone.db"
|
|
DLV_Domain: ""
|
|
Sig_Pseudorand: True
|