diff options
| -rw-r--r-- | hosts/surtr/dns/default.nix | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix index 13ef110f..4a1b2482 100644 --- a/hosts/surtr/dns/default.nix +++ b/hosts/surtr/dns/default.nix | |||
| @@ -47,15 +47,21 @@ | |||
| 47 | journal-content: all | 47 | journal-content: all |
| 48 | semantic-checks: on | 48 | semantic-checks: on |
| 49 | dnssec-signing: on | 49 | dnssec-signing: on |
| 50 | dnssec-policy: ed25519 | ||
| 50 | notify: [inwx_notify] | 51 | notify: [inwx_notify] |
| 51 | acl: [inwx_acl] | 52 | acl: [inwx_acl] |
| 52 | 53 | ||
| 53 | policy: | 54 | policy: |
| 54 | - id: rsa | 55 | - id: rsa2048 |
| 55 | algorithm: rsasha256 | 56 | algorithm: rsasha256 |
| 56 | ksk-size: 4096 | 57 | ksk-size: 4096 |
| 57 | zsk-size: 2048 | 58 | zsk-size: 2048 |
| 58 | zsk-lifetime: 30d | 59 | zsk-lifetime: 30d |
| 60 | - id: ed25519 | ||
| 61 | algorithm: ed25519 | ||
| 62 | nsec3: on | ||
| 63 | ksk-lifetime: 360d | ||
| 64 | signing-threads: 2 | ||
| 59 | 65 | ||
| 60 | zone: | 66 | zone: |
| 61 | - domain: yggdrasil.li | 67 | - domain: yggdrasil.li |