Add another dnssec policy, use it
This commit is contained in:
parent
be25d603f4
commit
66f7632777
@ -4,4 +4,12 @@ dnssec-policy "simple_alg15" {
|
|||||||
csk lifetime unlimited algorithm ed25519;
|
csk lifetime unlimited algorithm ed25519;
|
||||||
};
|
};
|
||||||
nsec3param iterations 0 optout no salt-length 0;
|
nsec3param iterations 0 optout no salt-length 0;
|
||||||
|
};
|
||||||
|
|
||||||
|
dnssec-policy "default_alg13" {
|
||||||
|
dnskey-ttl 86400;
|
||||||
|
keys {
|
||||||
|
ksk lifetime unlimited algorithm 13;
|
||||||
|
zsk lifetime P90D algorithm 13;
|
||||||
|
};
|
||||||
};
|
};
|
@ -20,6 +20,9 @@ zone "blacka.com" {
|
|||||||
zone "ecotroph.net" {
|
zone "ecotroph.net" {
|
||||||
type primary;
|
type primary;
|
||||||
file "/var/lib/bind/ecotroph.net";
|
file "/var/lib/bind/ecotroph.net";
|
||||||
|
dnssec-policy "default_alg13";
|
||||||
|
inline-signing yes;
|
||||||
|
|
||||||
notify yes;
|
notify yes;
|
||||||
allow-transfer {
|
allow-transfer {
|
||||||
127.0.0.1;
|
127.0.0.1;
|
||||||
|
@ -2,4 +2,4 @@
|
|||||||
# run in the forground, but not in debug-mode
|
# run in the forground, but not in debug-mode
|
||||||
# use IPv4 only -- if zeke ever gets IPv6 access, we can turn that on
|
# use IPv4 only -- if zeke ever gets IPv6 access, we can turn that on
|
||||||
# use the built-in `bind` user
|
# use the built-in `bind` user
|
||||||
exec /usr/sbin/named -f -4 -u bind
|
exec /usr/sbin/named -c /etc/bind/named.conf -f -4 -u bind
|
||||||
|
Loading…
Reference in New Issue
Block a user