diff options
-rw-r--r-- | bind/named.conf.acl | 8 | ||||
-rw-r--r-- | bind/named.conf.fake-222 | 2 | ||||
-rw-r--r-- | bind/named.conf.pri | 2 |
3 files changed, 10 insertions, 2 deletions
diff --git a/bind/named.conf.acl b/bind/named.conf.acl index bb2ddbd..f3e3053 100644 --- a/bind/named.conf.acl +++ b/bind/named.conf.acl @@ -7,3 +7,11 @@ acl jones_peers { 194.45.78.41; // dns.jones.dk 217.70.177.40; // ns6.gandi.net }; + +dnssec-policy jones_no_rotate { + keys { + ksk key-directory lifetime unlimited algorithm 13; + zsk key-directory lifetime unlimited algorithm 13; + }; + nsec3param; +}; diff --git a/bind/named.conf.fake-222 b/bind/named.conf.fake-222 index 905eddd..bc3938f 100644 --- a/bind/named.conf.fake-222 +++ b/bind/named.conf.fake-222 @@ -48,7 +48,7 @@ zone "homebase.dk" { file "/etc/local-JONES.DK/bind/fake-222/OFF"; }; // Jones zone "jones.dk" { type master; allow-transfer { none; }; - key-directory "/etc/bind/keys"; inline-signing yes; auto-dnssec maintain; + key-directory "/etc/bind/keys"; inline-signing yes; dnssec-policy; dnssec-policy "jones_no_rotate"; file "JONES.DK/fake-222/jones.dk"; }; // Jones zone "kassandra-production.dk" { type master; allow-transfer { none; }; diff --git a/bind/named.conf.pri b/bind/named.conf.pri index f4e2332..ef2ff26 100644 --- a/bind/named.conf.pri +++ b/bind/named.conf.pri @@ -46,7 +46,7 @@ zone "homebase.dk" { file "/etc/local-JONES.DK/bind/pri/OFF"; }; // Jones zone "jones.dk" { type master; allow-transfer { jones_peers; }; - key-directory "/etc/bind/keys"; inline-signing yes; auto-dnssec maintain; + key-directory "/etc/bind/keys"; inline-signing yes; dnssec-policy; dnssec-policy "jones_no_rotate"; file "JONES.DK/pri/jones.dk"; }; // Jones zone "kassandra-production.dk" { type master; allow-transfer { jones_peers; }; |