1# 2# @(#) dnssec.conf vT0.99d (c) Feb 2005 - Aug 2009 Holger Zuleger hznet.de 3# 4 5# dnssec-zkt options 6Zonedir: "." 7Recursive: False 8PrintTime: True 9PrintAge: False 10LeftJustify: False 11 12# zone specific values 13ResignInterval: 1w # (604800 seconds) 14Sigvalidity: 10d # (864000 seconds) 15Max_TTL: 8h # (28800 seconds) 16Propagation: 5m # (300 seconds) 17KEY_TTL: 4h # (14400 seconds) 18Serialformat: incremental 19 20# signing key parameters 21Key_algo: RSASHA1 # (Algorithm ID 5) 22KSK_lifetime: 1y # (31536000 seconds) 23KSK_bits: 1300 24KSK_randfile: "/dev/urandom" 25ZSK_lifetime: 12w # (7257600 seconds) 26ZSK_bits: 512 27ZSK_randfile: "/dev/urandom" 28SaltBits: 24 29 30# dnssec-signer options 31LogFile: "" 32LogLevel: ERROR 33SyslogFacility: NONE 34SyslogLevel: NOTICE 35VerboseLog: 0 36Keyfile: "dnskey.db" 37Zonefile: "zone.db" 38DLV_Domain: "" 39Sig_Pseudorand: False 40Sig_GenerateDS: True 41Sig_Parameter: "" 42