From 6b2dcad324a262057d6b0e781183cd8f5456b83b Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Wed, 10 May 2023 19:52:20 +0200
Subject: use dnssec-policy (not deprecated auto-dnssec maintain)

---
 bind/named.conf.acl | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'bind/named.conf.acl')

diff --git a/bind/named.conf.acl b/bind/named.conf.acl
index bb2ddbd..f3e3053 100644
--- a/bind/named.conf.acl
+++ b/bind/named.conf.acl
@@ -7,3 +7,11 @@ acl jones_peers {
 	194.45.78.41;   // dns.jones.dk
 	217.70.177.40;   // ns6.gandi.net
 };
+
+dnssec-policy jones_no_rotate {
+	keys {
+		ksk key-directory lifetime unlimited algorithm 13;
+		zsk key-directory lifetime unlimited algorithm 13;
+	};
+	nsec3param;
+};
-- 
cgit v1.2.3