diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-02-15 16:25:59 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-02-15 16:25:59 +0100 |
commit | 1a7e085b40623312537f9ccc42a05ccaab74863e (patch) | |
tree | 447f6584956037d97138c44fdcf3fcf8e8b89036 /hosts/surtr/dns | |
parent | ddf68cc9b82a4549fde9e5d764dc4756536070f9 (diff) | |
download | nixos-1a7e085b40623312537f9ccc42a05ccaab74863e.tar nixos-1a7e085b40623312537f9ccc42a05ccaab74863e.tar.gz nixos-1a7e085b40623312537f9ccc42a05ccaab74863e.tar.bz2 nixos-1a7e085b40623312537f9ccc42a05ccaab74863e.tar.xz nixos-1a7e085b40623312537f9ccc42a05ccaab74863e.zip |
surtr: dnssec: ksk-submission
Diffstat (limited to 'hosts/surtr/dns')
-rw-r--r-- | hosts/surtr/dns/default.nix | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix index 2fef577a..abb5d50e 100644 --- a/hosts/surtr/dns/default.nix +++ b/hosts/surtr/dns/default.nix | |||
@@ -20,6 +20,8 @@ | |||
20 | remote: | 20 | remote: |
21 | - id: inwx_notify | 21 | - id: inwx_notify |
22 | address: 185.181.104.96@53 | 22 | address: 185.181.104.96@53 |
23 | - id: google | ||
24 | address: ["8.8.8.8"] | ||
23 | 25 | ||
24 | acl: | 26 | acl: |
25 | - id: inwx_acl | 27 | - id: inwx_acl |
@@ -36,18 +38,24 @@ | |||
36 | secret-lifetime: 4h | 38 | secret-lifetime: 4h |
37 | badcookie-slip: 1 | 39 | badcookie-slip: 1 |
38 | 40 | ||
41 | submission: | ||
42 | - id: validating-resolver | ||
43 | parent: google | ||
44 | |||
39 | policy: | 45 | policy: |
40 | - id: rsa2048 | 46 | - id: rsa2048 |
41 | algorithm: rsasha256 | 47 | algorithm: rsasha256 |
42 | ksk-size: 4096 | 48 | ksk-size: 4096 |
43 | zsk-size: 2048 | 49 | zsk-size: 2048 |
44 | zsk-lifetime: 30d | 50 | zsk-lifetime: 30d |
51 | ksk-submission: validating-resolver | ||
45 | - id: ed25519 | 52 | - id: ed25519 |
46 | algorithm: ed25519 | 53 | algorithm: ed25519 |
47 | nsec3: on | 54 | nsec3: on |
48 | nsec3-iterations: 0 | 55 | nsec3-iterations: 0 |
49 | ksk-lifetime: 360d | 56 | ksk-lifetime: 360d |
50 | signing-threads: 2 | 57 | signing-threads: 2 |
58 | ksk-submission: validating-resolver | ||
51 | 59 | ||
52 | template: | 60 | template: |
53 | - id: default | 61 | - id: default |