# # DNSSEC-Tools Configuration # # # Settings for DNSSEC-Tools administration. # admin-email dnssec-tools@example.com # # Paths to needed programs. These may need adjusting for individual hosts. # keyarch /usr/bin/keyarch keygen /usr/sbin/dnssec-keygen rndc /usr/sbin/rndc viewimage /usr/bin/eog # Used by drawvalmap.pl to # display the generated image zonecheck /usr/sbin/named-checkzone zonesign /usr/sbin/dnssec-signzone rollrec-chk /usr/bin/rollrec-check zonesigner /usr/bin/zonesigner # # Settings for dnssec-keygen. # algorithm rsasha1 ksklength 2048 zsklength 1024 random /dev/urandom ; ; Settings for dnssec-signzone. ; endtime +2592000 # RRSIGs good for thirty days. # # Life-times for keys. These defaults indicate how long a key has # between roll-overs. The values are measured in seconds. # # Sample values: # 3600 hour # 86400 day # 604800 week # 2592000 30-day month # 15768000 half-year # 31536000 year # ksklife 15552000 zsklife 604800 lifespan-max 94608000 lifespan-min 3600 # # Settings that will be noticed by zonesigner. # # default_keyrec output.krf archivedir /var/lib/dnssec-tools/KEY-SAFE entropy_msg 1 savekeys 1 kskcount 1 zskcount 1 # # Settings for rollover-manager. # roll_logfile /var/log/dnssec-tools/rollerd.log roll_loglevel info roll_sleeptime 60 # # GUI-usage flag. # usegui 0