Make DNSSEC algorithms configurable per zone
This commit is contained in:
parent
4fe9da8a6d
commit
b9bb083f76
1 changed files with 3 additions and 3 deletions
|
@ -103,10 +103,10 @@ policy:
|
|||
{% if inventory_hostname in zone.masters %}
|
||||
|
||||
- id: dnssec-{{ zone.name }}
|
||||
algorithm: {{ knot_dnssec_policy_algorithm }}
|
||||
algorithm: {{ zone.algorithm | default(knot_dnssec_policy_algorithm) }}
|
||||
nsec3: {{ knot_dnssec_policy_nsec3 }}
|
||||
ksk-size: {{ knot_dnssec_policy_ksk_size }}
|
||||
zsk-size: {{ knot_dnssec_policy_zsk_size }}
|
||||
ksk-size: {{ zone.ksk_size | default(knot_dnssec_policy_ksk_size) }}
|
||||
zsk-size: {{ zone.zsk_size | default(knot_dnssec_policy_zsk_size) }}
|
||||
zsk-lifetime: {{ zone.zsk_lifetime | default(knot_dnssec_policy_zsk_lifetime) }}
|
||||
ksk-lifetime: {{ zone.ksk_lifetime | default(knot_dnssec_policy_ksk_lifetime) }}
|
||||
ksk-submission: submission-{{ zone.name }}
|
||||
|
|
Loading…
Reference in a new issue