1# 2# @(#) dnssec.conf vT0.96 (c) Feb 2005 - May 2008 Holger Zuleger hznet.de 3# 4 5# dnssec-zkt options 6Zonedir: "intern" 7Recursive: True 8PrintTime: False 9PrintAge: True 10LeftJustify: False 11 12# zone specific values 13ResignInterval: 5h # (18000 seconds) 14Sigvalidity: 1d # (86400 seconds) 15Max_TTL: 30m # (1800 seconds) 16Propagation: 1m # (60 seconds) 17KEY_TTL: 30m # (1800 seconds) 18Serialformat: unixtime 19 20# signing key parameters 21KSK_lifetime: 1y # (31536000 seconds) 22KSK_algo: RSASHA1 # (Algorithm ID 5) 23KSK_bits: 1300 24KSK_randfile: "/dev/urandom" 25ZSK_lifetime: 30d # (2592000 seconds) 26ZSK_algo: RSASHA1 # (Algorithm ID 5) 27ZSK_bits: 512 28ZSK_randfile: "/dev/urandom" 29 30# dnssec-signer options 31LogFile: "zkt-int.log" 32LogLevel: "debug" 33SyslogFacility: "none" 34SyslogLevel: "notice" 35VerboseLog: 2 36Keyfile: "dnskey.db" 37Zonefile: "zone.db" 38DLV_Domain: "" 39Sig_Pseudorand: True 40