summaryrefslogtreecommitdiff
path: root/hosts/surtr/dns
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2022-02-15 16:25:59 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2022-02-15 16:25:59 +0100
commit1a7e085b40623312537f9ccc42a05ccaab74863e (patch)
tree447f6584956037d97138c44fdcf3fcf8e8b89036 /hosts/surtr/dns
parentddf68cc9b82a4549fde9e5d764dc4756536070f9 (diff)
downloadnixos-1a7e085b40623312537f9ccc42a05ccaab74863e.tar
nixos-1a7e085b40623312537f9ccc42a05ccaab74863e.tar.gz
nixos-1a7e085b40623312537f9ccc42a05ccaab74863e.tar.bz2
nixos-1a7e085b40623312537f9ccc42a05ccaab74863e.tar.xz
nixos-1a7e085b40623312537f9ccc42a05ccaab74863e.zip
surtr: dnssec: ksk-submission
Diffstat (limited to 'hosts/surtr/dns')
-rw-r--r--hosts/surtr/dns/default.nix8
1 files changed, 8 insertions, 0 deletions
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix
index 2fef577a..abb5d50e 100644
--- a/hosts/surtr/dns/default.nix
+++ b/hosts/surtr/dns/default.nix
@@ -20,6 +20,8 @@
20 remote: 20 remote:
21 - id: inwx_notify 21 - id: inwx_notify
22 address: 185.181.104.96@53 22 address: 185.181.104.96@53
23 - id: google
24 address: ["8.8.8.8"]
23 25
24 acl: 26 acl:
25 - id: inwx_acl 27 - id: inwx_acl
@@ -36,18 +38,24 @@
36 secret-lifetime: 4h 38 secret-lifetime: 4h
37 badcookie-slip: 1 39 badcookie-slip: 1
38 40
41 submission:
42 - id: validating-resolver
43 parent: google
44
39 policy: 45 policy:
40 - id: rsa2048 46 - id: rsa2048
41 algorithm: rsasha256 47 algorithm: rsasha256
42 ksk-size: 4096 48 ksk-size: 4096
43 zsk-size: 2048 49 zsk-size: 2048
44 zsk-lifetime: 30d 50 zsk-lifetime: 30d
51 ksk-submission: validating-resolver
45 - id: ed25519 52 - id: ed25519
46 algorithm: ed25519 53 algorithm: ed25519
47 nsec3: on 54 nsec3: on
48 nsec3-iterations: 0 55 nsec3-iterations: 0
49 ksk-lifetime: 360d 56 ksk-lifetime: 360d
50 signing-threads: 2 57 signing-threads: 2
58 ksk-submission: validating-resolver
51 59
52 template: 60 template:
53 - id: default 61 - id: default