feat: add knot_dnssec_policy_nsec3_salt_length with default 0
All checks were successful
Ansible Lint / build (push) Successful in 1m30s
All checks were successful
Ansible Lint / build (push) Successful in 1m30s
This commit is contained in:
parent
2d034ea22d
commit
4fc51962e1
3 changed files with 5 additions and 2 deletions
|
@ -7,7 +7,7 @@ namespace: s3lph
|
|||
name: nameserver
|
||||
|
||||
# The version of the collection. Must be compatible with semantic versioning
|
||||
version: "0.4.2"
|
||||
version: "0.4.3"
|
||||
|
||||
# The path to the Markdown (.md) readme file. This path is relative to the root of the collection
|
||||
readme: README.md
|
||||
|
|
|
@ -25,6 +25,8 @@ knot_zone_dnssec_signing: 'on'
|
|||
|
||||
knot_dnssec_policy_algorithm: ed25519
|
||||
knot_dnssec_policy_nsec3: 'on'
|
||||
# Use of a NSEC3 salt is discouraged by RFC 9276, section 3.1
|
||||
knot_dnssec_policy_nsec3_salt_length: 0
|
||||
knot_dnssec_policy_ksk_shared: 'off'
|
||||
knot_dnssec_policy_ksk_size: 256
|
||||
knot_dnssec_policy_zsk_size: 256
|
||||
|
|
|
@ -104,7 +104,8 @@ policy:
|
|||
|
||||
- id: dnssec-{{ zone.name }}
|
||||
algorithm: {{ zone.algorithm | default(knot_dnssec_policy_algorithm) }}
|
||||
nsec3: {{ knot_dnssec_policy_nsec3 }}
|
||||
nsec3: {{ zone.nsec3 | default(knot_dnssec_policy_nsec3) }}
|
||||
nsec3-salt-length: {{ zone.nsec3_salt_length | default(knot_dnssec_policy_nsec3_salt_length) }}
|
||||
ksk-size: {{ zone.ksk_size | default(knot_dnssec_policy_ksk_size) }}
|
||||
zsk-size: {{ zone.zsk_size | default(knot_dnssec_policy_zsk_size) }}
|
||||
zsk-lifetime: {{ zone.zsk_lifetime | default(knot_dnssec_policy_zsk_lifetime) }}
|
||||
|
|
Loading…
Reference in a new issue