surtr: dns: ed25519

author: Gregor Kleen <gkleen@yggdrasil.li> 2022-02-14 20:03:50 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2022-02-14 20:03:50 +0100
commit: 25d546f6099cf70ec1ad5d9eb8923e01424057ab (patch)
tree: 527587c0dc5558fbf4a20b344ce9c579808576dc /hosts/surtr/dns
parent: eb2032b89e5ce98c2134ea1db0c254d7671f819f (diff)
download: nixos-25d546f6099cf70ec1ad5d9eb8923e01424057ab.tar
nixos-25d546f6099cf70ec1ad5d9eb8923e01424057ab.tar.gz
nixos-25d546f6099cf70ec1ad5d9eb8923e01424057ab.tar.bz2
nixos-25d546f6099cf70ec1ad5d9eb8923e01424057ab.tar.xz
nixos-25d546f6099cf70ec1ad5d9eb8923e01424057ab.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix
index 13ef110f..4a1b2482 100644
--- a/hosts/surtr/dns/default.nix
+++ b/hosts/surtr/dns/default.nix
@@ -47,15 +47,21 @@
            journal-content: all
            semantic-checks: on
            dnssec-signing: on
+            dnssec-policy: ed25519
            notify: [inwx_notify]
            acl: [inwx_acl]
        policy:
-          - id: rsa
+          - id: rsa2048
            algorithm: rsasha256
            ksk-size: 4096
            zsk-size: 2048
            zsk-lifetime: 30d
+          - id: ed25519
+            algorithm: ed25519
+            nsec3: on
+            ksk-lifetime: 360d
+            signing-threads: 2
        zone:
          - domain: yggdrasil.li
author	Gregor Kleen <gkleen@yggdrasil.li>	2022-02-14 20:03:50 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2022-02-14 20:03:50 +0100
commit	25d546f6099cf70ec1ad5d9eb8923e01424057ab (patch)
tree	527587c0dc5558fbf4a20b344ce9c579808576dc /hosts/surtr/dns
parent	eb2032b89e5ce98c2134ea1db0c254d7671f819f (diff)
download	nixos-25d546f6099cf70ec1ad5d9eb8923e01424057ab.tar nixos-25d546f6099cf70ec1ad5d9eb8923e01424057ab.tar.gz nixos-25d546f6099cf70ec1ad5d9eb8923e01424057ab.tar.bz2 nixos-25d546f6099cf70ec1ad5d9eb8923e01424057ab.tar.xz nixos-25d546f6099cf70ec1ad5d9eb8923e01424057ab.zip