From 9fce1642b1ce3877870309895919462eeb648aa9 Mon Sep 17 00:00:00 2001
From: Johannes Löthberg <johannes@kyriasis.com>
Date: Sat, 27 Aug 2022 22:49:57 +0200
Subject: Switch to fully automatic DNSSEC management
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
---
 named.conf | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/named.conf b/named.conf
index fe78450..2570f1c 100644
--- a/named.conf
+++ b/named.conf
@@ -20,6 +20,14 @@ options {
 	also-notify {
 		178.79.157.58; // lucifer
 	};
+
+};
+
+dnssec-policy standard {
+	keys {
+		ksk lifetime 365d algorithm ed25519;
+		zsk lifetime 60d algorithm ed25519;
+	};
 };
 
 zone "kyriasis.com" IN {
@@ -33,10 +41,7 @@ zone "kyriasis.com" IN {
 	};
 	notify explicit;
 
-	# publish and activate dnssec keys
-	auto-dnssec maintain;
-
-	inline-signing yes;
+	dnssec-policy standard;
 };
 
 zone "the-tk.com" {
-- 
cgit v1.2.3-54-g00ecf