64 lines
1.4 KiB
Django/Jinja
64 lines
1.4 KiB
Django/Jinja
# {{ ansible_managed }}
|
|
# See knot.conf(5) or refer to the server documentation.
|
|
|
|
server:
|
|
rundir: "/rundir"
|
|
user: knot:knot
|
|
automatic-acl: on
|
|
listen: [ "212.12.48.124", "2a00:14b0:4200:3000:124::1" ]
|
|
|
|
log:
|
|
- target: stderr
|
|
any: info
|
|
|
|
database:
|
|
storage: "/storage"
|
|
|
|
key:
|
|
- id: auth-dns.hamburg.ccc.de
|
|
algorithm: hmac-sha512
|
|
secret: ""
|
|
|
|
remote:
|
|
- id: quad9
|
|
address: "2620:fe::fe"
|
|
|
|
# define how the presence of parent KSK keys is checked
|
|
# in this case, we just ask quad9 which is an open resolver
|
|
submission:
|
|
- id: default
|
|
parent: quad9
|
|
parent-delay: 1h
|
|
|
|
# define how dnssec signing is done
|
|
# in this case we don't do anything special but teach knot how to check of KSK presence
|
|
policy:
|
|
- id: default
|
|
ksk-submission: default
|
|
nsec3: true
|
|
nsec3-salt-length: 0
|
|
|
|
# define default settings that apply to all zones
|
|
template:
|
|
- id: default
|
|
storage: "/config/zones"
|
|
file: "%s.zone"
|
|
semantic-checks: on
|
|
zonefile-sync: -1
|
|
zonefile-load: difference-no-serial
|
|
journal-content: all
|
|
default-ttl: 60
|
|
catalog-role: member
|
|
catalog-zone: hamburg.ccc.de.catalog.
|
|
dnssec-signing: on
|
|
dnssec-policy: default
|
|
{# notify: ["ns1.hanse.de", "ns.bsd.network."] #}
|
|
|
|
- id: minimal
|
|
{# notify: ["ns1.hanse.de", "ns.bsd.network."] #}
|
|
|
|
zone:
|
|
{# - domain: onsite.eurofurence.catalog. #}
|
|
{# template: minimal #}
|
|
{# catalog-role: generate #}
|
|
{# - domain: "onsite.eurofurence.org" #}
|