From 9fce1642b1ce3877870309895919462eeb648aa9 Mon Sep 17 00:00:00 2001 From: Johannes Löthberg Date: Sat, 27 Aug 2022 22:49:57 +0200 Subject: Switch to fully automatic DNSSEC management MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Johannes Löthberg --- named.conf | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/named.conf b/named.conf index fe78450..2570f1c 100644 --- a/named.conf +++ b/named.conf @@ -20,6 +20,14 @@ options { also-notify { 178.79.157.58; // lucifer }; + +}; + +dnssec-policy standard { + keys { + ksk lifetime 365d algorithm ed25519; + zsk lifetime 60d algorithm ed25519; + }; }; zone "kyriasis.com" IN { @@ -33,10 +41,7 @@ zone "kyriasis.com" IN { }; notify explicit; - # publish and activate dnssec keys - auto-dnssec maintain; - - inline-signing yes; + dnssec-policy standard; }; zone "the-tk.com" { -- cgit v1.2.3-70-g09d2