Make DNSSEC algorithms configurable per zone

This commit is contained in:
s3lph 2022-06-13 21:40:58 +02:00
parent 4fe9da8a6d
commit b9bb083f76

View file

@ -103,10 +103,10 @@ policy:
{% if inventory_hostname in zone.masters %}
- id: dnssec-{{ zone.name }}
algorithm: {{ knot_dnssec_policy_algorithm }}
algorithm: {{ zone.algorithm | default(knot_dnssec_policy_algorithm) }}
nsec3: {{ knot_dnssec_policy_nsec3 }}
ksk-size: {{ knot_dnssec_policy_ksk_size }}
zsk-size: {{ knot_dnssec_policy_zsk_size }}
ksk-size: {{ zone.ksk_size | default(knot_dnssec_policy_ksk_size) }}
zsk-size: {{ zone.zsk_size | default(knot_dnssec_policy_zsk_size) }}
zsk-lifetime: {{ zone.zsk_lifetime | default(knot_dnssec_policy_zsk_lifetime) }}
ksk-lifetime: {{ zone.ksk_lifetime | default(knot_dnssec_policy_ksk_lifetime) }}
ksk-submission: submission-{{ zone.name }}