kasp.conf.in revision 1.1.1.1
1/* 2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 3 * 4 * This Source Code Form is subject to the terms of the Mozilla Public 5 * License, v. 2.0. If a copy of the MPL was not distributed with this 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. 7 * 8 * See the COPYRIGHT file distributed with this work for additional 9 * information regarding copyright ownership. 10 */ 11 12dnssec-policy "unlimited" { 13 dnskey-ttl 1234; 14 15 keys { 16 csk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 17 }; 18}; 19 20dnssec-policy "manual-rollover" { 21 dnskey-ttl 3600; 22 23 keys { 24 ksk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 25 zsk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 26 }; 27}; 28 29dnssec-policy "multisigner-model2" { 30 dnskey-ttl 3600; 31 32 keys { 33 ksk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 34 zsk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 35 }; 36}; 37 38dnssec-policy "rsasha1" { 39 dnskey-ttl 1234; 40 41 keys { 42 ksk key-directory lifetime P10Y algorithm 5; 43 zsk key-directory lifetime P5Y algorithm 5; 44 zsk key-directory lifetime P1Y algorithm 5 2000; 45 }; 46}; 47 48dnssec-policy "migrate-to-dnssec-policy" { 49 dnskey-ttl 1234; 50 51 keys { 52 ksk key-directory lifetime P6M algorithm 5; 53 zsk key-directory lifetime P6M algorithm 5; 54 }; 55}; 56 57dnssec-policy "rsasha1-nsec3" { 58 dnskey-ttl 1234; 59 60 keys { 61 ksk key-directory lifetime P10Y algorithm 7; 62 zsk key-directory lifetime P5Y algorithm 7; 63 zsk key-directory lifetime P1Y algorithm 7 2000; 64 }; 65}; 66 67dnssec-policy "rsasha256" { 68 dnskey-ttl 1234; 69 70 keys { 71 ksk key-directory lifetime P10Y algorithm 8; 72 zsk key-directory lifetime P5Y algorithm 8; 73 zsk key-directory lifetime P1Y algorithm 8 2000; 74 }; 75}; 76 77dnssec-policy "rsasha512" { 78 dnskey-ttl 1234; 79 80 keys { 81 ksk key-directory lifetime P10Y algorithm 10; 82 zsk key-directory lifetime P5Y algorithm 10; 83 zsk key-directory lifetime P1Y algorithm 10 2000; 84 }; 85}; 86 87dnssec-policy "ecdsa256" { 88 dnskey-ttl 1234; 89 90 keys { 91 ksk key-directory lifetime P10Y algorithm 13; 92 zsk key-directory lifetime P5Y algorithm 13; 93 zsk key-directory lifetime P1Y algorithm 13 256; 94 }; 95}; 96 97dnssec-policy "ecdsa384" { 98 dnskey-ttl 1234; 99 100 keys { 101 ksk key-directory lifetime P10Y algorithm 14; 102 zsk key-directory lifetime P5Y algorithm 14; 103 zsk key-directory lifetime P1Y algorithm 14 384; 104 }; 105}; 106 107dnssec-policy "checkds-ksk" { 108 dnskey-ttl 303; 109 110 keys { 111 ksk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 112 zsk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 113 }; 114}; 115 116dnssec-policy "checkds-doubleksk" { 117 dnskey-ttl 303; 118 119 keys { 120 ksk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 121 ksk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 122 zsk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 123 }; 124}; 125 126dnssec-policy "checkds-csk" { 127 dnskey-ttl 303; 128 129 keys { 130 csk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 131 }; 132}; 133