disable dnssec for catalog zones on auth-dns

Catalog zones are not real zones in the DNS hierarchy and don't have a parent zone. Therefore they will never have a valid DNSSEC delegation so we should skip signing those zones.
2026-05-19 11:01:51 +02:00 · 2026-05-19 11:01:51 +02:00 · 3541c68357
commit 3541c68357
parent 6bb09901a0
1 changed files with 1 additions and 2 deletions
--- a/roles/knot/templates/knot.conf.j2
+++ b/roles/knot/templates/knot.conf.j2
@ -67,8 +67,7 @@ template:
  # template for automatically created special zones
  - id: catalog
    catalog-role: generate
-    dnssec-signing: on
-    dnssec-policy: default
+    dnssec-signing: off


 # define zones on this server