ansible-collection-nameserver/docs/host_vars/ns1.example.org/knot.yml

25 lines
741 B
YAML
Raw Normal View History

2021-01-19 21:12:53 +01:00
---
# Optional: Override nameserver identity and NSID
knot_server_identity: ns1.example.org
knot_server_nsid: ns1.example.org
# Mandatory for replicated setup: Addresses under which the nameserver
# is reachable
knot_dns_addresses:
- "2001:db8:42::1"
- "10.42.0.1"
2021-02-05 21:36:46 +01:00
# Optional for replicated setup: TSIG keys for notify/xfer/update. If
# not present, ACL will use knot_dns_addresses instead...
# THIS REEEAAAALLY SHOULD GO INTO A VAULT-ENCRYPTED FILE
knot_tsig_key:
name: tsig.ns1.example.org.
algorithm: hmac-sha384
secret: pZxgYlANxwWscfrZz4sdi6mQUlWFWlhUO/y7wjSJ6qdcXXGTaAxtwlaHWYYhJfTN
2021-01-19 21:12:53 +01:00
# Change other host specific options here
# knot 2.7 in Debian stable doesn't know double-ds yet
knot_dnssec_policy_cds_publish: always