42 lines
879 B
Plaintext
42 lines
879 B
Plaintext
#
|
|
# @(#) dnssec.conf vT0.99d (c) Feb 2005 - Aug 2009 Holger Zuleger hznet.de
|
|
#
|
|
|
|
# dnssec-zkt options
|
|
Zonedir: "."
|
|
Recursive: False
|
|
PrintTime: True
|
|
PrintAge: False
|
|
LeftJustify: False
|
|
|
|
# zone specific values
|
|
ResignInterval: 1w # (604800 seconds)
|
|
Sigvalidity: 10d # (864000 seconds)
|
|
Max_TTL: 8h # (28800 seconds)
|
|
Propagation: 5m # (300 seconds)
|
|
KEY_TTL: 4h # (14400 seconds)
|
|
Serialformat: incremental
|
|
|
|
# signing key parameters
|
|
Key_algo: RSASHA1 # (Algorithm ID 5)
|
|
KSK_lifetime: 1y # (31536000 seconds)
|
|
KSK_bits: 1300
|
|
KSK_randfile: "/dev/urandom"
|
|
ZSK_lifetime: 12w # (7257600 seconds)
|
|
ZSK_bits: 512
|
|
ZSK_randfile: "/dev/urandom"
|
|
SaltBits: 24
|
|
|
|
# dnssec-signer options
|
|
LogFile: ""
|
|
LogLevel: ERROR
|
|
SyslogFacility: NONE
|
|
SyslogLevel: NOTICE
|
|
VerboseLog: 0
|
|
Keyfile: "dnskey.db"
|
|
Zonefile: "zone.db"
|
|
DLV_Domain: ""
|
|
Sig_Pseudorand: False
|
|
Sig_GenerateDS: True
|
|
Sig_Parameter: ""
|