2020-11-20 00:54:31 +01:00
|
|
|
---
|
|
|
|
|
2024-04-14 22:41:41 +02:00
|
|
|
knot_repository_install: false
|
2022-06-13 21:21:46 +02:00
|
|
|
knot_repository_url: https://deb.knot-dns.cz/knot/
|
2024-04-14 22:41:41 +02:00
|
|
|
knot_repository_distribution: "{{ ansible_facts.distribution_release }}"
|
2022-06-13 21:21:46 +02:00
|
|
|
|
2020-11-20 00:54:31 +01:00
|
|
|
knot_server_rundir: /run/knot
|
|
|
|
knot_server_user: knot
|
|
|
|
knot_server_group: knot
|
2024-04-14 22:41:41 +02:00
|
|
|
knot_server_identity: "{{ ansible_facts.hostname }}"
|
|
|
|
knot_server_nsid: "{{ ansible_facts.hostname }}"
|
|
|
|
knot_server_version: "{{ ansible_facts.hostname }}"
|
2020-11-20 00:54:31 +01:00
|
|
|
knot_server_listen:
|
|
|
|
- "::@53"
|
|
|
|
- "0.0.0.0@53"
|
|
|
|
|
|
|
|
knot_log_targets:
|
|
|
|
- target: syslog
|
|
|
|
level: info
|
|
|
|
|
2021-01-16 02:00:19 +01:00
|
|
|
knot_zone_master_storage_path: /var/lib/knot/master
|
|
|
|
knot_zone_replica_storage_path: /var/lib/knot/replica
|
2020-11-20 00:54:31 +01:00
|
|
|
knot_zone_semantic_checks: 'on'
|
|
|
|
knot_zone_dnssec_signing: 'on'
|
|
|
|
|
2022-06-04 00:33:07 +02:00
|
|
|
knot_dnssec_policy_algorithm: ed25519
|
2020-11-20 00:54:31 +01:00
|
|
|
knot_dnssec_policy_nsec3: 'on'
|
2022-06-04 00:33:07 +02:00
|
|
|
knot_dnssec_policy_ksk_shared: 'off'
|
|
|
|
knot_dnssec_policy_ksk_size: 256
|
|
|
|
knot_dnssec_policy_zsk_size: 256
|
2021-09-29 23:17:38 +02:00
|
|
|
knot_dnssec_policy_zsk_lifetime: 30d
|
|
|
|
knot_dnssec_policy_ksk_lifetime: 0
|
2022-06-14 21:17:14 +02:00
|
|
|
# double-ds breaks algorithm rollovers: https://gitlab.nic.cz/knot/knot-dns/-/issues/804
|
|
|
|
knot_dnssec_policy_cds_publish: 'always'
|
2021-09-30 21:38:04 +02:00
|
|
|
knot_dnssec_policy_propagation_delay: 1h
|
2021-09-29 23:17:38 +02:00
|
|
|
|
|
|
|
knot_dnssec_submission_check_interval: 1h
|
|
|
|
knot_dnssec_submission_timeout: 0
|