diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-02-14 20:03:50 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-02-14 20:03:50 +0100 |
commit | 25d546f6099cf70ec1ad5d9eb8923e01424057ab (patch) | |
tree | 527587c0dc5558fbf4a20b344ce9c579808576dc | |
parent | eb2032b89e5ce98c2134ea1db0c254d7671f819f (diff) | |
download | nixos-25d546f6099cf70ec1ad5d9eb8923e01424057ab.tar nixos-25d546f6099cf70ec1ad5d9eb8923e01424057ab.tar.gz nixos-25d546f6099cf70ec1ad5d9eb8923e01424057ab.tar.bz2 nixos-25d546f6099cf70ec1ad5d9eb8923e01424057ab.tar.xz nixos-25d546f6099cf70ec1ad5d9eb8923e01424057ab.zip |
surtr: dns: ed25519
-rw-r--r-- | hosts/surtr/dns/default.nix | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix index 13ef110f..4a1b2482 100644 --- a/hosts/surtr/dns/default.nix +++ b/hosts/surtr/dns/default.nix | |||
@@ -47,15 +47,21 @@ | |||
47 | journal-content: all | 47 | journal-content: all |
48 | semantic-checks: on | 48 | semantic-checks: on |
49 | dnssec-signing: on | 49 | dnssec-signing: on |
50 | dnssec-policy: ed25519 | ||
50 | notify: [inwx_notify] | 51 | notify: [inwx_notify] |
51 | acl: [inwx_acl] | 52 | acl: [inwx_acl] |
52 | 53 | ||
53 | policy: | 54 | policy: |
54 | - id: rsa | 55 | - id: rsa2048 |
55 | algorithm: rsasha256 | 56 | algorithm: rsasha256 |
56 | ksk-size: 4096 | 57 | ksk-size: 4096 |
57 | zsk-size: 2048 | 58 | zsk-size: 2048 |
58 | zsk-lifetime: 30d | 59 | zsk-lifetime: 30d |
60 | - id: ed25519 | ||
61 | algorithm: ed25519 | ||
62 | nsec3: on | ||
63 | ksk-lifetime: 360d | ||
64 | signing-threads: 2 | ||
59 | 65 | ||
60 | zone: | 66 | zone: |
61 | - domain: yggdrasil.li | 67 | - domain: yggdrasil.li |