mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-22 01:59:26 +00:00
63c5b453e0
Add a new option 'manual-mode' to 'dnssec-policy'. The intended use is that if it is enabled, it will not automatically move to the next state transition (RUMOURED, UNRETENTIVE), only after manual confirmation. The intended state transition should be logged.
45 lines
996 B
Plaintext
45 lines
996 B
Plaintext
/*
|
|
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
*
|
|
* SPDX-License-Identifier: MPL-2.0
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
*
|
|
* See the COPYRIGHT file distributed with this work for additional
|
|
* information regarding copyright ownership.
|
|
*/
|
|
|
|
dnssec-policy "default" {
|
|
// Keys
|
|
offline-ksk no;
|
|
keys {
|
|
csk key-directory lifetime unlimited algorithm 13;
|
|
};
|
|
|
|
// Key timings
|
|
cdnskey yes;
|
|
cds-digest-types { 2; };
|
|
dnskey-ttl 3600;
|
|
publish-safety 1h;
|
|
retire-safety 1h;
|
|
purge-keys P90D;
|
|
|
|
// Signature timings
|
|
signatures-jitter 12h;
|
|
signatures-refresh 5d;
|
|
signatures-validity 14d;
|
|
signatures-validity-dnskey 14d;
|
|
|
|
// Zone parameters
|
|
manual-mode no;
|
|
inline-signing yes;
|
|
max-zone-ttl 86400;
|
|
zone-propagation-delay 300;
|
|
|
|
// Parent parameters
|
|
parent-ds-ttl 86400;
|
|
parent-propagation-delay 1h;
|
|
};
|