From c92b33218b4d2912a5aea6e4456df64e4d292336 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sat, 29 May 2021 16:22:38 +0200
Subject: knot@surtr: yggdrasil.li dnssec

---
 hosts/surtr/dns/default.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'hosts')

diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix
index 23edfab5..5afdfedf 100644
--- a/hosts/surtr/dns/default.nix
+++ b/hosts/surtr/dns/default.nix
@@ -15,10 +15,18 @@
           listen: 202.61.241.61@53
           listen: 2a03:4000:52:ada::@53
 
+        policy:
+          - id: rsa
+            algorithm: RSASHA256
+            ksk-size: 4096
+            zsk-size: 2048
+            zsk-lifetime: 30d
+
         zone:
           - domain: yggdrasil.li
             file: ${./zones/li.yggdrasil.soa}
             semantic-checks: on
+            dnssec-signing: on
       '';
     };
   };
-- 
cgit v1.2.3