1# 2# @(#) dnssec.conf T1.0rc1 (c) Feb 2005 - Mar 2010 Holger Zuleger hznet.de 3# 4 5# dnssec-zkt options 6Zonedir: "." 7Recursive: True 8PrintTime: False 9PrintAge: True 10LeftJustify: False 11 12# zone specific values 13ResignInterval: 2d # (172800 seconds) 14Sigvalidity: 6d # (518400 seconds) 15Max_TTL: 8h # (28800 seconds) 16Propagation: 5m # (300 seconds) 17KEY_TTL: 1h # (3600 seconds) 18Serialformat: incremental 19 20# signing key parameters 21Key_Algo: ECDSAP256SHA256 22KSK_lifetime: 60d # (5184000 seconds) 23KSK_bits: 1300 24KSK_randfile: "/dev/urandom" 25ZSK_lifetime: 2w # (1209600 seconds) 26ZSK_bits: 1024 27ZSK_randfile: "/dev/urandom" 28SaltBits: 24 29 30# dnssec-signer options 31LogFile: "zkt.log" 32LogLevel: DEBUG 33LogDomainDir: "." 34SyslogFacility: USER 35SyslogLevel: NOTICE 36VerboseLog: 2 37Keyfile: "dnskey.db" 38Zonefile: "zone.db" 39KeySetDir: "../keysets" 40DLV_Domain: "" 41Sig_Pseudorand: True 42Sig_GenerateDS: True 43Sig_DnsKeyKSK: False 44Sig_Parameter: "-n 1" 45Distribute_Cmd: "./dist.sh" 46