2021-01-19 21:12:53 +01:00
|
|
|
---
|
|
|
|
|
|
|
|
# Optional: Override nameserver identity and NSID
|
|
|
|
knot_server_identity: ns1.example.org
|
|
|
|
knot_server_nsid: ns1.example.org
|
|
|
|
|
|
|
|
# Mandatory for replicated setup: Addresses under which the nameserver
|
|
|
|
# is reachable
|
|
|
|
knot_dns_addresses:
|
|
|
|
- "2001:db8:42::1"
|
|
|
|
- "10.42.0.1"
|
|
|
|
|
2021-02-05 21:36:46 +01:00
|
|
|
# Optional for replicated setup: TSIG keys for notify/xfer/update. If
|
|
|
|
# not present, ACL will use knot_dns_addresses instead...
|
|
|
|
# THIS REEEAAAALLY SHOULD GO INTO A VAULT-ENCRYPTED FILE
|
|
|
|
knot_tsig_key:
|
|
|
|
name: tsig.ns1.example.org.
|
|
|
|
algorithm: hmac-sha384
|
|
|
|
secret: pZxgYlANxwWscfrZz4sdi6mQUlWFWlhUO/y7wjSJ6qdcXXGTaAxtwlaHWYYhJfTN
|
|
|
|
|
2021-01-19 21:12:53 +01:00
|
|
|
# Change other host specific options here
|
|
|
|
|
|
|
|
# knot 2.7 in Debian stable doesn't know double-ds yet
|
|
|
|
knot_dnssec_policy_cds_publish: always
|