From b9bb083f76b1b440e65a05371e839f1fa6688be1 Mon Sep 17 00:00:00 2001 From: s3lph Date: Mon, 13 Jun 2022 21:40:58 +0200 Subject: [PATCH] Make DNSSEC algorithms configurable per zone --- roles/knot/templates/etc/knot/knot.conf.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/knot/templates/etc/knot/knot.conf.j2 b/roles/knot/templates/etc/knot/knot.conf.j2 index 03eebd9..420837d 100644 --- a/roles/knot/templates/etc/knot/knot.conf.j2 +++ b/roles/knot/templates/etc/knot/knot.conf.j2 @@ -103,10 +103,10 @@ policy: {% if inventory_hostname in zone.masters %} - id: dnssec-{{ zone.name }} - algorithm: {{ knot_dnssec_policy_algorithm }} + algorithm: {{ zone.algorithm | default(knot_dnssec_policy_algorithm) }} nsec3: {{ knot_dnssec_policy_nsec3 }} - ksk-size: {{ knot_dnssec_policy_ksk_size }} - zsk-size: {{ knot_dnssec_policy_zsk_size }} + ksk-size: {{ zone.ksk_size | default(knot_dnssec_policy_ksk_size) }} + zsk-size: {{ zone.zsk_size | default(knot_dnssec_policy_zsk_size) }} zsk-lifetime: {{ zone.zsk_lifetime | default(knot_dnssec_policy_zsk_lifetime) }} ksk-lifetime: {{ zone.ksk_lifetime | default(knot_dnssec_policy_ksk_lifetime) }} ksk-submission: submission-{{ zone.name }}