1/* 2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 3 * 4 * SPDX-License-Identifier: MPL-2.0 5 * 6 * This Source Code Form is subject to the terms of the Mozilla Public 7 * License, v. 2.0. If a copy of the MPL was not distributed with this 8 * file, you can obtain one at https://mozilla.org/MPL/2.0/. 9 * 10 * See the COPYRIGHT file distributed with this work for additional 11 * information regarding copyright ownership. 12 */ 13 14/* 15 * This is just a random selection of DNSSEC configuration options. 16 */ 17 18/* cut here */ 19dnssec-policy "test" { 20 dnskey-ttl 3600; 21 keys { 22 ksk key-directory lifetime P1Y algorithm ecdsa256; 23 zsk lifetime P30D algorithm 13; 24 csk key-directory lifetime unlimited algorithm rsasha256 2048; 25 }; 26 max-zone-ttl 86400; 27 nsec3param iterations 5 optout no salt-length 8; 28 parent-ds-ttl 7200; 29 parent-propagation-delay PT1H; 30 publish-safety PT3600S; 31 retire-safety PT3600S; 32 signatures-refresh P3D; 33 signatures-validity P2W; 34 signatures-validity-dnskey P14D; 35 zone-propagation-delay PT5M; 36}; 37options { 38 dnssec-policy "default"; 39}; 40zone "example1" { 41 type primary; 42 file "example1.db"; 43 inline-signing yes; 44}; 45zone "example2" { 46 type primary; 47 file "example2.db"; 48 allow-update { 49 "any"; 50 }; 51 dnssec-policy "test"; 52}; 53zone "example3" { 54 type primary; 55 file "example3.db"; 56 inline-signing yes; 57 dnssec-policy "default"; 58}; 59zone "dnssec-policy-none-shared-zonefile1" { 60 type primary; 61 file "shared.db"; 62 dnssec-policy "none"; 63}; 64zone "dnssec-policy-none-shared-zonefile2" { 65 type primary; 66 file "shared.db"; 67 dnssec-policy "none"; 68}; 69