s3lph/ansible-collection-nameserver
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Change default KSK/ZSK to ed25519

Browse source
This commit is contained in:
s3lph 2022-06-04 00:33:07 +02:00
parent 35ed3e09f2
commit 2abd8ccf02
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
roles/knot/defaults/main.yml
View file

@ -19,11 +19,11 @@ knot_zone_replica_storage_path: /var/lib/knot/replica
knot_zone_semantic_checks: 'on'
knot_zone_dnssec_signing: 'on'
knot_dnssec_policy_algorithm: ecdsap384sha384
knot_dnssec_policy_algorithm: ed25519
knot_dnssec_policy_nsec3: 'on'
knot_dnssec_policy_ksk_shared: 'on'
knot_dnssec_policy_ksk_size: 384
knot_dnssec_policy_zsk_size: 384
knot_dnssec_policy_ksk_shared: 'off'
knot_dnssec_policy_ksk_size: 256
knot_dnssec_policy_zsk_size: 256
knot_dnssec_policy_zsk_lifetime: 30d
knot_dnssec_policy_ksk_lifetime: 0
knot_dnssec_policy_cds_publish: 'double-ds'