1#   
2#   	@(#) dnssec.conf vT0.99d (c) Feb 2005 - Aug 2009 Holger Zuleger hznet.de
3#   
4
5#   dnssec-zkt options
6Zonedir:	"."
7Recursive:	False
8PrintTime:	True
9PrintAge:	False
10LeftJustify:	False
11
12#   zone specific values
13ResignInterval:	1w	# (604800 seconds)
14Sigvalidity:	10d	# (864000 seconds)
15Max_TTL:	8h	# (28800 seconds)
16Propagation:	5m	# (300 seconds)
17KEY_TTL:	4h	# (14400 seconds)
18Serialformat:	incremental
19
20#   signing key parameters
21Key_algo:	RSASHA1	# (Algorithm ID 5)
22KSK_lifetime:	1y	# (31536000 seconds)
23KSK_bits:	1300
24KSK_randfile:	"/dev/urandom"
25ZSK_lifetime:	12w	# (7257600 seconds)
26ZSK_bits:	512
27ZSK_randfile:	"/dev/urandom"
28SaltBits:	24
29
30#   dnssec-signer options
31LogFile:	""
32LogLevel:	ERROR
33SyslogFacility:	NONE
34SyslogLevel:	NOTICE
35VerboseLog:	0
36Keyfile:	"dnskey.db"
37Zonefile:	"zone.db"
38DLV_Domain:	""
39Sig_Pseudorand:	False
40Sig_GenerateDS:	True
41Sig_Parameter:	""
42