From 2abd8ccf02ed76720038ed07b5bd8a54cdf34c5a Mon Sep 17 00:00:00 2001
From: s3lph <account-gitlab-ideynizv@kernelpanic.lol>
Date: Sat, 4 Jun 2022 00:33:07 +0200
Subject: [PATCH] Change default KSK/ZSK to ed25519

---
 roles/knot/defaults/main.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/roles/knot/defaults/main.yml b/roles/knot/defaults/main.yml
index fe50e3b..ce20362 100644
--- a/roles/knot/defaults/main.yml
+++ b/roles/knot/defaults/main.yml
@@ -19,11 +19,11 @@ knot_zone_replica_storage_path: /var/lib/knot/replica
 knot_zone_semantic_checks: 'on'
 knot_zone_dnssec_signing: 'on'
 
-knot_dnssec_policy_algorithm: ecdsap384sha384
+knot_dnssec_policy_algorithm: ed25519
 knot_dnssec_policy_nsec3: 'on'
-knot_dnssec_policy_ksk_shared: 'on'
-knot_dnssec_policy_ksk_size: 384
-knot_dnssec_policy_zsk_size: 384
+knot_dnssec_policy_ksk_shared: 'off'
+knot_dnssec_policy_ksk_size: 256
+knot_dnssec_policy_zsk_size: 256
 knot_dnssec_policy_zsk_lifetime: 30d
 knot_dnssec_policy_ksk_lifetime: 0
 knot_dnssec_policy_cds_publish: 'double-ds'