upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-27 20:11:12 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/doc/misc/dnssec-policy.default.conf
Matthijs Mekking a25f49f153 Make 'parent-registration-delay' obsolete 
With the introduction of 'checkds', the 'parent-registration-delay'
option becomes obsolete.
2020-08-07 11:26:09 +02:00

24 lines
429 B
Text
Raw Blame History

dnssec-policy "default" {
// Keys
keys {
csk key-directory lifetime unlimited algorithm 13;
};
// Key timings
dnskey-ttl 3600;
publish-safety 1h;
retire-safety 1h;
// Signature timings
signatures-refresh 5d;
signatures-validity 14d;
signatures-validity-dnskey 14d;
// Zone parameters
max-zone-ttl 86400;
zone-propagation-delay 300;
// Parent parameters
parent-ds-ttl 86400;
parent-propagation-delay 1h;
};
Reference in a new issue View git blame Copy permalink