# # @(#) dnssec.conf vT0.99d (c) Feb 2005 - Aug 2009 Holger Zuleger hznet.de # # dnssec-zkt options Zonedir: "." Recursive: False PrintTime: True PrintAge: False LeftJustify: False # zone specific values ResignInterval: 1w # (604800 seconds) Sigvalidity: 10d # (864000 seconds) Max_TTL: 8h # (28800 seconds) Propagation: 5m # (300 seconds) KEY_TTL: 4h # (14400 seconds) Serialformat: incremental # signing key parameters Key_algo: RSASHA1 # (Algorithm ID 5) KSK_lifetime: 1y # (31536000 seconds) KSK_bits: 1300 KSK_randfile: "/dev/urandom" ZSK_lifetime: 12w # (7257600 seconds) ZSK_bits: 512 ZSK_randfile: "/dev/urandom" SaltBits: 24 # dnssec-signer options LogFile: "" LogLevel: ERROR SyslogFacility: NONE SyslogLevel: NOTICE VerboseLog: 0 Keyfile: "dnskey.db" Zonefile: "zone.db" DLV_Domain: "" Sig_Pseudorand: False Sig_GenerateDS: True Sig_Parameter: ""