kasp.conf.in revision 1.1.1.2
1/* 2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 3 * 4 * SPDX-License-Identifier: MPL-2.0 5 * 6 * This Source Code Form is subject to the terms of the Mozilla Public 7 * License, v. 2.0. If a copy of the MPL was not distributed with this 8 * file, you can obtain one at https://mozilla.org/MPL/2.0/. 9 * 10 * See the COPYRIGHT file distributed with this work for additional 11 * information regarding copyright ownership. 12 */ 13 14dnssec-policy "unlimited" { 15 dnskey-ttl 1234; 16 17 keys { 18 csk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 19 }; 20}; 21 22dnssec-policy "manual-rollover" { 23 dnskey-ttl 3600; 24 25 keys { 26 ksk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 27 zsk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 28 }; 29}; 30 31dnssec-policy "multisigner-model2" { 32 dnskey-ttl 3600; 33 34 keys { 35 ksk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 36 zsk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 37 }; 38}; 39 40dnssec-policy "rsasha1" { 41 dnskey-ttl 1234; 42 43 keys { 44 ksk key-directory lifetime P10Y algorithm 5; 45 zsk key-directory lifetime P5Y algorithm 5; 46 zsk key-directory lifetime P1Y algorithm 5 2000; 47 }; 48}; 49 50dnssec-policy "migrate-to-dnssec-policy" { 51 dnskey-ttl 1234; 52 53 keys { 54 ksk key-directory lifetime P6M algorithm 5; 55 zsk key-directory lifetime P6M algorithm 5; 56 }; 57}; 58 59dnssec-policy "rsasha1-nsec3" { 60 dnskey-ttl 1234; 61 62 keys { 63 ksk key-directory lifetime P10Y algorithm 7; 64 zsk key-directory lifetime P5Y algorithm 7; 65 zsk key-directory lifetime P1Y algorithm 7 2000; 66 }; 67}; 68 69dnssec-policy "rsasha256" { 70 dnskey-ttl 1234; 71 72 keys { 73 ksk key-directory lifetime P10Y algorithm 8; 74 zsk key-directory lifetime P5Y algorithm 8; 75 zsk key-directory lifetime P1Y algorithm 8 2000; 76 }; 77}; 78 79dnssec-policy "rsasha512" { 80 dnskey-ttl 1234; 81 82 keys { 83 ksk key-directory lifetime P10Y algorithm 10; 84 zsk key-directory lifetime P5Y algorithm 10; 85 zsk key-directory lifetime P1Y algorithm 10 2000; 86 }; 87}; 88 89dnssec-policy "ecdsa256" { 90 dnskey-ttl 1234; 91 92 keys { 93 ksk key-directory lifetime P10Y algorithm 13; 94 zsk key-directory lifetime P5Y algorithm 13; 95 zsk key-directory lifetime P1Y algorithm 13 256; 96 }; 97}; 98 99dnssec-policy "ecdsa384" { 100 dnskey-ttl 1234; 101 102 keys { 103 ksk key-directory lifetime P10Y algorithm 14; 104 zsk key-directory lifetime P5Y algorithm 14; 105 zsk key-directory lifetime P1Y algorithm 14 384; 106 }; 107}; 108 109dnssec-policy "checkds-ksk" { 110 dnskey-ttl 303; 111 112 keys { 113 ksk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 114 zsk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 115 }; 116}; 117 118dnssec-policy "checkds-doubleksk" { 119 dnskey-ttl 303; 120 121 keys { 122 ksk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 123 ksk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 124 zsk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 125 }; 126}; 127 128dnssec-policy "checkds-csk" { 129 dnskey-ttl 303; 130 131 keys { 132 csk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 133 }; 134}; 135 136dnssec-policy "ttl" { 137 max-zone-ttl 299; 138}; 139