1/* 2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 3 * 4 * SPDX-License-Identifier: MPL-2.0 5 * 6 * This Source Code Form is subject to the terms of the Mozilla Public 7 * License, v. 2.0. If a copy of the MPL was not distributed with this 8 * file, you can obtain one at https://mozilla.org/MPL/2.0/. 9 * 10 * See the COPYRIGHT file distributed with this work for additional 11 * information regarding copyright ownership. 12 */ 13 14dnssec-policy "unsigning" { 15 dnskey-ttl 7200; 16 17 keys { 18 ksk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 19 zsk key-directory lifetime P60D algorithm @DEFAULT_ALGORITHM@; 20 }; 21}; 22 23dnssec-policy "nsec3" { 24 nsec3param iterations 0 optout no salt-length 0; 25}; 26 27dnssec-policy "rsasha256" { 28 signatures-refresh P5D; 29 signatures-validity 30d; 30 signatures-validity-dnskey 30d; 31 32 keys { 33 ksk lifetime unlimited algorithm rsasha256; 34 zsk lifetime unlimited algorithm rsasha256; 35 }; 36 37 dnskey-ttl 1h; 38 publish-safety PT1H; 39 retire-safety 2h; 40 zone-propagation-delay 3600; 41 max-zone-ttl 6h; 42 parent-propagation-delay pt1h; 43 parent-ds-ttl 7200; 44}; 45 46dnssec-policy "ecdsa256" { 47 signatures-refresh P5D; 48 signatures-validity 30d; 49 signatures-validity-dnskey 30d; 50 51 keys { 52 ksk lifetime unlimited algorithm ecdsa256; 53 zsk lifetime unlimited algorithm ecdsa256; 54 }; 55 56 dnskey-ttl 1h; 57 publish-safety PT1H; 58 retire-safety 2h; 59 zone-propagation-delay 3600; 60 max-zone-ttl 6h; 61 parent-propagation-delay pt1h; 62 parent-ds-ttl 7200; 63}; 64