From 25d546f6099cf70ec1ad5d9eb8923e01424057ab Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Mon, 14 Feb 2022 20:03:50 +0100 Subject: surtr: dns: ed25519 --- hosts/surtr/dns/default.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'hosts/surtr') diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix index 13ef110f..4a1b2482 100644 --- a/hosts/surtr/dns/default.nix +++ b/hosts/surtr/dns/default.nix @@ -47,15 +47,21 @@ journal-content: all semantic-checks: on dnssec-signing: on + dnssec-policy: ed25519 notify: [inwx_notify] acl: [inwx_acl] policy: - - id: rsa + - id: rsa2048 algorithm: rsasha256 ksk-size: 4096 zsk-size: 2048 zsk-lifetime: 30d + - id: ed25519 + algorithm: ed25519 + nsec3: on + ksk-lifetime: 360d + signing-threads: 2 zone: - domain: yggdrasil.li -- cgit v1.2.3