Switch to fully automatic DNSSEC management

Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
author: Johannes Löthberg <johannes@kyriasis.com> 2022-08-27 22:49:57 +0200
committer: Johannes Löthberg <johannes@kyriasis.com> 2022-08-27 22:50:26 +0200
commit: 9fce1642b1ce3877870309895919462eeb648aa9 (patch)
tree: 98b308af7afdda705d01491a8d2b3d7fb4dbb433
parent: 82cd30614e70744ea591ea0f1a0ac6e84bea4932 (diff)
download: dns-9fce1642b1ce3877870309895919462eeb648aa9.tar.xz
1 files changed, 9 insertions, 4 deletions
diff --git a/named.conf b/named.conf
index fe78450..2570f1c 100644
--- a/named.conf
+++ b/named.conf
@@ -20,6 +20,14 @@ options {
 	also-notify {
 		178.79.157.58; // lucifer
 	};
+
+};
+
+dnssec-policy standard {
+	keys {
+		ksk lifetime 365d algorithm ed25519;
+		zsk lifetime 60d algorithm ed25519;
+	};
 };
 
 zone "kyriasis.com" IN {
@@ -33,10 +41,7 @@ zone "kyriasis.com" IN {
 	};
 	notify explicit;
 
-	# publish and activate dnssec keys
-	auto-dnssec maintain;
-
-	inline-signing yes;
+	dnssec-policy standard;
 };
 
 zone "the-tk.com" {
author	Johannes Löthberg <johannes@kyriasis.com>	2022-08-27 22:49:57 +0200
committer	Johannes Löthberg <johannes@kyriasis.com>	2022-08-27 22:50:26 +0200
commit	9fce1642b1ce3877870309895919462eeb648aa9 (patch)
tree	98b308af7afdda705d01491a8d2b3d7fb4dbb433
parent	82cd30614e70744ea591ea0f1a0ac6e84bea4932 (diff)
download	dns-9fce1642b1ce3877870309895919462eeb648aa9.tar.xz