#
# @(#) dnssec.conf vT0.99d (c) Feb 2005 - Aug 2009 Holger Zuleger hznet.de
#
# dnssec-zkt options
Zonedir: "."
Recursive: False
PrintTime: True
PrintAge: False
LeftJustify: False
# zone specific values
ResignInterval: 1w # (604800 seconds)
Sigvalidity: 10d # (864000 seconds)
Max_TTL: 8h # (28800 seconds)
Propagation: 5m # (300 seconds)
KEY_TTL: 4h # (14400 seconds)
Serialformat: incremental
# signing key parameters
Key_algo: RSASHA1 # (Algorithm ID 5)
KSK_lifetime: 1y # (31536000 seconds)
KSK_bits: 1300
KSK_randfile: "/dev/urandom"
ZSK_lifetime: 12w # (7257600 seconds)
ZSK_bits: 512
ZSK_randfile: "/dev/urandom"
SaltBits: 24
# dnssec-signer options
LogFile: ""
LogLevel: ERROR
SyslogFacility: NONE
SyslogLevel: NOTICE
VerboseLog: 0
Keyfile: "dnskey.db"
Zonefile: "zone.db"
DLV_Domain: ""
Sig_Pseudorand: False
Sig_GenerateDS: True
Sig_Parameter: ""