-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathknot.yaml
107 lines (76 loc) · 1.73 KB
/
knot.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
# See knot.conf(5) or refer to the server documentation.
server:
rundir: "/rundir"
user: knot:knot
listen: [ 0.0.0.0@53, ::@53 ]
database:
storage: "/storage"
remote:
- id: resolver
address: [8.8.8.8, 8.8.4.4]
- id: ns1.named.se
address: [91.206.174.4]
acl:
- id: localhost
address: [127.0.0.1]
action: transfer
- id: any
address: [0.0.0.0/0, "::/0"]
action: transfer
keystore:
- id: default
backend: pem
submission:
- id: resolver
check-interval: 300s
parent: resolver
policy:
- id: p256
algorithm: ECDSAP256SHA256
ksk-lifetime: 0
zsk-lifetime: 90d
nsec3: true
nsec3-iterations: 0
nsec3-salt-length: 0
keystore: default
dnskey-ttl: 3600
propagation-delay: 30m
rrsig-lifetime: 14d
rrsig-refresh: 10d
reproducible-signing: true
ksk-submission: resolver
template:
- id: default
storage: "/storage/zones"
file: "%s"
- id: catalog
storage: "/storage/zones"
file: "%s"
serial-policy: unixtime
journal-content: all
zonefile-load: difference-no-serial
zonefile-sync: -1
semantic-checks: true
acl: [localhost, any]
dnssec-signing: off
catalog-role: generate
- id: default_signed_axfr
storage: "/storage/zones"
file: "%s"
serial-policy: unixtime
journal-content: all
zonefile-load: difference-no-serial
zonefile-sync: -1
semantic-checks: true
acl: [localhost, any]
zonemd-generate: zonemd-sha384
catalog-role: member
catalog-zone: test.catalog
master: [ns1.named.se]
zone:
- domain: test.catalog
template: catalog
- domain: test.nxdomain.se
template: default_signed_axfr
dnssec-signing: on
dnssec-policy: p256