knot@surtr: yggdrasil.li dnssec

author: Gregor Kleen <gkleen@yggdrasil.li> 2021-05-29 16:22:38 +0200
committer: Gregor Kleen <gkleen@yggdrasil.li> 2021-05-29 16:22:38 +0200
commit: c92b33218b4d2912a5aea6e4456df64e4d292336 (patch)
tree: 64bbd18b7e44c4a99db419107d78dfdbc9554154
parent: 413560c0013755b47fffb94a2b05af8bb1deb230 (diff)
download: nixos-c92b33218b4d2912a5aea6e4456df64e4d292336.tar
nixos-c92b33218b4d2912a5aea6e4456df64e4d292336.tar.gz
nixos-c92b33218b4d2912a5aea6e4456df64e4d292336.tar.bz2
nixos-c92b33218b4d2912a5aea6e4456df64e4d292336.tar.xz
nixos-c92b33218b4d2912a5aea6e4456df64e4d292336.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix
index 23edfab5..5afdfedf 100644
--- a/hosts/surtr/dns/default.nix
+++ b/hosts/surtr/dns/default.nix
@@ -15,10 +15,18 @@
          listen: 202.61.241.61@53
          listen: 2a03:4000:52:ada::@53
+        policy:
+          - id: rsa
+            algorithm: RSASHA256
+            ksk-size: 4096
+            zsk-size: 2048
+            zsk-lifetime: 30d
        zone:
          - domain: yggdrasil.li
            file: ${./zones/li.yggdrasil.soa}
            semantic-checks: on
+            dnssec-signing: on
      '';
    };
  };
author	Gregor Kleen <gkleen@yggdrasil.li>	2021-05-29 16:22:38 +0200
committer	Gregor Kleen <gkleen@yggdrasil.li>	2021-05-29 16:22:38 +0200
commit	c92b33218b4d2912a5aea6e4456df64e4d292336 (patch)
tree	64bbd18b7e44c4a99db419107d78dfdbc9554154
parent	413560c0013755b47fffb94a2b05af8bb1deb230 (diff)
download	nixos-c92b33218b4d2912a5aea6e4456df64e4d292336.tar nixos-c92b33218b4d2912a5aea6e4456df64e4d292336.tar.gz nixos-c92b33218b4d2912a5aea6e4456df64e4d292336.tar.bz2 nixos-c92b33218b4d2912a5aea6e4456df64e4d292336.tar.xz nixos-c92b33218b4d2912a5aea6e4456df64e4d292336.zip