s3lph/ansible-collection-nameserver
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Make DNSSEC algorithms configurable per zone

Browse source
This commit is contained in:
s3lph 2022-06-13 21:40:58 +02:00
parent 4fe9da8a6d
commit b9bb083f76
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
roles/knot/templates/etc/knot/knot.conf.j2
View file

@ -103,10 +103,10 @@ policy:
{% if inventory_hostname in zone.masters %}
- id: dnssec-{{ zone.name }}
algorithm: {{ knot_dnssec_policy_algorithm }}
algorithm: {{ zone.algorithm | default(knot_dnssec_policy_algorithm) }}
nsec3: {{ knot_dnssec_policy_nsec3 }}
ksk-size: {{ knot_dnssec_policy_ksk_size }}
zsk-size: {{ knot_dnssec_policy_zsk_size }}
ksk-size: {{ zone.ksk_size | default(knot_dnssec_policy_ksk_size) }}
zsk-size: {{ zone.zsk_size | default(knot_dnssec_policy_zsk_size) }}
zsk-lifetime: {{ zone.zsk_lifetime | default(knot_dnssec_policy_zsk_lifetime) }}
ksk-lifetime: {{ zone.ksk_lifetime | default(knot_dnssec_policy_ksk_lifetime) }}
ksk-submission: submission-{{ zone.name }}