1/* 2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 3 * 4 * This Source Code Form is subject to the terms of the Mozilla Public 5 * License, v. 2.0. If a copy of the MPL was not distributed with this 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. 7 * 8 * See the COPYRIGHT file distributed with this work for additional 9 * information regarding copyright ownership. 10 */ 11 12/* 13 * This is just a random selection of DNSSEC configuration options. 14 */ 15 16/* cut here */ 17dnssec-policy "test" { 18 dnskey-ttl 3600; 19 keys { 20 ksk key-directory lifetime P1Y algorithm ecdsa256; 21 zsk lifetime P30D algorithm 13; 22 csk key-directory lifetime unlimited algorithm rsasha256 2048; 23 }; 24 max-zone-ttl 86400; 25 nsec3param iterations 5 optout no salt-length 8; 26 parent-ds-ttl 7200; 27 parent-propagation-delay PT1H; 28 publish-safety PT3600S; 29 retire-safety PT3600S; 30 signatures-refresh P3D; 31 signatures-validity P2W; 32 signatures-validity-dnskey P14D; 33 zone-propagation-delay PT5M; 34}; 35options { 36 dnssec-policy "default"; 37}; 38zone "example1" { 39 type master; 40 file "example1.db"; 41}; 42zone "example2" { 43 type master; 44 file "example2.db"; 45 dnssec-policy "test"; 46}; 47zone "example3" { 48 type master; 49 file "example3.db"; 50 dnssec-policy "default"; 51}; 52zone "example4" { 53 type master; 54 file "example4.db"; 55 dnssec-policy "none"; 56}; 57