csk lifetime unlimited algorithm ed25519;
};
nsec3param iterations 0 optout no salt-length 0;
-};
\ No newline at end of file
+};
+
+dnssec-policy "default_alg13" {
+ dnskey-ttl 86400;
+ keys {
+ ksk lifetime unlimited algorithm 13;
+ zsk lifetime P90D algorithm 13;
+ };
+}
\ No newline at end of file
zone "ecotroph.net" {
type primary;
file "/var/lib/bind/ecotroph.net";
+ dnssec-policy "default_alg13";
+ inline-signing yes;
+
notify yes;
allow-transfer {
127.0.0.1;
# run in the forground, but not in debug-mode
# use IPv4 only -- if zeke ever gets IPv6 access, we can turn that on
# use the built-in `bind` user
-exec /usr/sbin/named -f -4 -u bind
+exec /usr/sbin/named -c /etc/bind/named.conf -f -4 -u bind