phunix/external/bsd/bind/dist/contrib/zkt-1.1.3/examples/hierarchical/dnssec.conf

#   
#   	@(#) dnssec.conf T1.0rc1 (c) Feb 2005 - Mar 2010 Holger Zuleger hznet.de
#   

#   dnssec-zkt options
Zonedir:	"."
Recursive:	True
PrintTime:	False
PrintAge:	True
LeftJustify:	False

#   zone specific values
ResignInterval:	1w	# (604800 seconds)
Sigvalidity:	10d	# (864000 seconds)
Max_TTL:	6h	# (21600 seconds)
Propagation:	5m	# (300 seconds)
KEY_TTL:	1h	# (3600 seconds)
Serialformat:	incremental

#   signing key parameters
Key_Algo:	RSASHA1	# (Algorithm ID 5)
KSK_lifetime:	30d
KSK_bits:	1300
KSK_randfile:	"/dev/urandom"
ZSK_lifetime:	10d
ZSK_bits:	512
ZSK_randfile:	"/dev/urandom"
SaltBits:	24

#   dnssec-signer options
LogFile:	"log"
LogLevel:	INFO
LogDomainDir:	"log"
SyslogFacility:	USER
SyslogLevel:	NOTICE
VerboseLog:	0
Keyfile:	"dnskey.db"
Zonefile:	"zone.db"
KeySetDir:	".."
DLV_Domain:	""
Sig_Pseudorand:	True
Sig_GenerateDS:	True
Sig_DnsKeyKSK:	True
Sig_Parameter:	""