1/* 2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 3 * 4 * SPDX-License-Identifier: MPL-2.0 5 * 6 * This Source Code Form is subject to the terms of the Mozilla Public 7 * License, v. 2.0. If a copy of the MPL was not distributed with this 8 * file, you can obtain one at https://mozilla.org/MPL/2.0/. 9 * 10 * See the COPYRIGHT file distributed with this work for additional 11 * information regarding copyright ownership. 12 */ 13 14/* 15 * This is just a random selection of DNSSEC configuration options. 16 */ 17 18/* cut here */ 19dnssec-policy "test" { 20 dnskey-ttl 3600; 21 keys { 22 ksk key-directory lifetime P1Y algorithm ecdsa256; 23 zsk lifetime P30D algorithm 13; 24 csk key-directory lifetime unlimited algorithm rsasha256 2048; 25 }; 26 max-zone-ttl 86400; 27 nsec3param iterations 5 optout no salt-length 8; 28 parent-ds-ttl 7200; 29 parent-propagation-delay PT1H; 30 publish-safety PT3600S; 31 retire-safety PT3600S; 32 signatures-jitter PT12H; 33 signatures-refresh P3D; 34 signatures-validity P2W; 35 signatures-validity-dnskey P14D; 36 zone-propagation-delay PT5M; 37}; 38options { 39 dnssec-policy "default"; 40}; 41zone "example1" { 42 type primary; 43 file "example1.db"; 44 inline-signing yes; 45}; 46zone "example2" { 47 type primary; 48 file "example2.db"; 49 allow-update { 50 "any"; 51 }; 52 dnssec-policy "test"; 53}; 54zone "example3" { 55 type primary; 56 file "example3.db"; 57 inline-signing yes; 58 dnssec-policy "default"; 59}; 60zone "dnssec-policy-none-shared-zonefile1" { 61 type primary; 62 file "shared.db"; 63 dnssec-policy "none"; 64}; 65zone "dnssec-policy-none-shared-zonefile2" { 66 type primary; 67 file "shared.db"; 68 dnssec-policy "none"; 69}; 70