#
# @(#) dnssec.conf vT0.96 (c) Feb 2005 - May 2008 Holger Zuleger hznet.de
#
# dnssec-zkt options
Zonedir: "intern"
Recursive: True
PrintTime: False
PrintAge: True
LeftJustify: False
# zone specific values
ResignInterval: 5h # (18000 seconds)
Sigvalidity: 1d # (86400 seconds)
Max_TTL: 30m # (1800 seconds)
Propagation: 1m # (60 seconds)
KEY_TTL: 30m # (1800 seconds)
Serialformat: unixtime
# signing key parameters
KSK_lifetime: 1y # (31536000 seconds)
KSK_algo: RSASHA1 # (Algorithm ID 5)
KSK_bits: 1300
KSK_randfile: "/dev/urandom"
ZSK_lifetime: 30d # (2592000 seconds)
ZSK_algo: RSASHA1 # (Algorithm ID 5)
ZSK_bits: 512
ZSK_randfile: "/dev/urandom"
# dnssec-signer options
LogFile: "zkt-int.log"
LogLevel: "debug"
SyslogFacility: "none"
SyslogLevel: "notice"
VerboseLog: 2
Keyfile: "dnskey.db"
Zonefile: "zone.db"
DLV_Domain: ""
Sig_Pseudorand: True