|
|
|
@ -1,10 +1,27 @@
|
|
|
|
|
dnssec-policy "{{ domain }}-policy" {
|
|
|
|
|
keys {
|
|
|
|
|
ksk key-directory lifetime unlimited algorithm {{ dnssec_algorithm }} {{ dnssec_key_length }};
|
|
|
|
|
zsk key-directory lifetime P30D algorithm {{ dnssec_algorithm }} {{ dnssec_key_length }};
|
|
|
|
|
};
|
|
|
|
|
publish-safety P1D;
|
|
|
|
|
retire-safety P1D;
|
|
|
|
|
signatures-refresh P5D;
|
|
|
|
|
signatures-validity P10D;
|
|
|
|
|
signatures-validity-dnskey P10D;
|
|
|
|
|
max-zone-ttl PT24H;
|
|
|
|
|
zone-propagation-delay PT5M;
|
|
|
|
|
parent-ds-ttl P1D;
|
|
|
|
|
parent-propagation-delay PT1H;
|
|
|
|
|
parent-registration-delay P5D;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
zone "{{ domain }}" {
|
|
|
|
|
type master;
|
|
|
|
|
file "{{ database_file }}";
|
|
|
|
|
key-directory "{{ keys_directory }}";
|
|
|
|
|
// dnssec
|
|
|
|
|
inline-signing yes;
|
|
|
|
|
auto-dnssec maintain;
|
|
|
|
|
dnssec-policy "{{ domain }}-policy";
|
|
|
|
|
// notify & transfer
|
|
|
|
|
notify yes;
|
|
|
|
|
allow-transfer {
|
|
|
|
|