From 1a7e085b40623312537f9ccc42a05ccaab74863e Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Tue, 15 Feb 2022 16:25:59 +0100 Subject: surtr: dnssec: ksk-submission --- hosts/surtr/dns/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'hosts/surtr/dns') diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix index 2fef577a..abb5d50e 100644 --- a/hosts/surtr/dns/default.nix +++ b/hosts/surtr/dns/default.nix @@ -20,6 +20,8 @@ remote: - id: inwx_notify address: 185.181.104.96@53 + - id: google + address: ["8.8.8.8"] acl: - id: inwx_acl @@ -36,18 +38,24 @@ secret-lifetime: 4h badcookie-slip: 1 + submission: + - id: validating-resolver + parent: google + policy: - id: rsa2048 algorithm: rsasha256 ksk-size: 4096 zsk-size: 2048 zsk-lifetime: 30d + ksk-submission: validating-resolver - id: ed25519 algorithm: ed25519 nsec3: on nsec3-iterations: 0 ksk-lifetime: 360d signing-threads: 2 + ksk-submission: validating-resolver template: - id: default -- cgit v1.2.3