1/* 2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 3 * 4 * SPDX-License-Identifier: MPL-2.0 5 * 6 * This Source Code Form is subject to the terms of the Mozilla Public 7 * License, v. 2.0. If a copy of the MPL was not distributed with this 8 * file, you can obtain one at https://mozilla.org/MPL/2.0/. 9 * 10 * See the COPYRIGHT file distributed with this work for additional 11 * information regarding copyright ownership. 12 */ 13 14dnssec-policy "unlimited" { 15 dnskey-ttl 1234; 16 17 keys { 18 csk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 19 }; 20}; 21 22dnssec-policy "manual-rollover" { 23 dnskey-ttl 3600; 24 25 keys { 26 ksk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 27 zsk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 28 }; 29}; 30 31dnssec-policy "multisigner-model2" { 32 dnskey-ttl 3600; 33 34 keys { 35 ksk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 36 zsk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 37 }; 38}; 39 40dnssec-policy "migrate-to-dnssec-policy" { 41 dnskey-ttl 1234; 42 43 keys { 44 ksk key-directory lifetime P6M algorithm 8; 45 zsk key-directory lifetime P6M algorithm 8; 46 }; 47}; 48 49dnssec-policy "rsasha256" { 50 dnskey-ttl 1234; 51 52 keys { 53 ksk key-directory lifetime P10Y algorithm 8; 54 zsk key-directory lifetime P5Y algorithm 8; 55 zsk key-directory lifetime P1Y algorithm 8 3072; 56 }; 57}; 58 59dnssec-policy "rsasha512" { 60 dnskey-ttl 1234; 61 62 keys { 63 ksk key-directory lifetime P10Y algorithm 10; 64 zsk key-directory lifetime P5Y algorithm 10; 65 zsk key-directory lifetime P1Y algorithm 10 3072; 66 }; 67}; 68 69dnssec-policy "ecdsa256" { 70 dnskey-ttl 1234; 71 72 keys { 73 ksk key-directory lifetime P10Y algorithm 13; 74 zsk key-directory lifetime P5Y algorithm 13; 75 zsk key-directory lifetime P1Y algorithm 13 256; 76 }; 77}; 78 79dnssec-policy "ecdsa384" { 80 dnskey-ttl 1234; 81 82 keys { 83 ksk key-directory lifetime P10Y algorithm 14; 84 zsk key-directory lifetime P5Y algorithm 14; 85 zsk key-directory lifetime P1Y algorithm 14 384; 86 }; 87}; 88 89dnssec-policy "checkds-ksk" { 90 dnskey-ttl 303; 91 92 keys { 93 ksk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 94 zsk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 95 }; 96}; 97 98dnssec-policy "checkds-doubleksk" { 99 dnskey-ttl 303; 100 101 keys { 102 ksk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 103 ksk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 104 zsk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 105 }; 106}; 107 108dnssec-policy "checkds-csk" { 109 dnskey-ttl 303; 110 111 keys { 112 csk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 113 }; 114}; 115 116dnssec-policy "ttl" { 117 max-zone-ttl 299; 118}; 119