davidb/docker_bind
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add another dnssec policy, use it

Browse Source
This commit is contained in:
David Blacka 2023-02-26 09:59:43 -05:00
parent be25d603f4
commit 0eb3e5791c
3 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
cfg/named.dnssec.conf
View File

@ -4,4 +4,12 @@ dnssec-policy "simple_alg15" {
csk lifetime unlimited algorithm ed25519; csk lifetime unlimited algorithm ed25519;
}; };
nsec3param iterations 0 optout no salt-length 0; nsec3param iterations 0 optout no salt-length 0;
}; };
dnssec-policy "default_alg13" {
dnskey-ttl 86400;
keys {
ksk lifetime unlimited algorithm 13;
zsk lifetime P90D algorithm 13;
};
}

3
cfg/named.primary.conf
View File

@ -20,6 +20,9 @@ zone "blacka.com" {
zone "ecotroph.net" { zone "ecotroph.net" {
type primary; type primary;
file "/var/lib/bind/ecotroph.net"; file "/var/lib/bind/ecotroph.net";
dnssec-policy "default_alg13";
inline-signing yes;
notify yes; notify yes;
allow-transfer { allow-transfer {
127.0.0.1; 127.0.0.1;

2
cfg/run.sh
View File

@ -2,4 +2,4 @@
# run in the forground, but not in debug-mode # run in the forground, but not in debug-mode
# use IPv4 only -- if zeke ever gets IPv6 access, we can turn that on # use IPv4 only -- if zeke ever gets IPv6 access, we can turn that on
# use the built-in `bind` user # use the built-in `bind` user
exec /usr/sbin/named -f -4 -u bind exec /usr/sbin/named -c /etc/bind/named.conf -f -4 -u bind