From bf5b1d50fbba62c27d5d5ecead866976646f0d46 Mon Sep 17 00:00:00 2001 From: s3lph Date: Thu, 30 Sep 2021 21:38:04 +0200 Subject: [PATCH] Add dnssec policy propagation-delay option --- galaxy.yml | 3 +-- roles/knot/defaults/main.yml | 1 + roles/knot/templates/etc/knot/knot.conf.j2 | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/galaxy.yml b/galaxy.yml index a6a773f..bcfcd92 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -1,4 +1,3 @@ -### REQUIRED # The namespace of the collection. This can be a company/brand/organization or product namespace under which all # content lives. May only contain alphanumeric lowercase characters and underscores. Namespaces cannot start with # underscores or numbers and cannot contain consecutive underscores @@ -8,7 +7,7 @@ namespace: s3lph name: nameserver # The version of the collection. Must be compatible with semantic versioning -version: "0.3.1" +version: "0.3.2" # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: README.md diff --git a/roles/knot/defaults/main.yml b/roles/knot/defaults/main.yml index 92c31dd..fe50e3b 100644 --- a/roles/knot/defaults/main.yml +++ b/roles/knot/defaults/main.yml @@ -27,6 +27,7 @@ knot_dnssec_policy_zsk_size: 384 knot_dnssec_policy_zsk_lifetime: 30d knot_dnssec_policy_ksk_lifetime: 0 knot_dnssec_policy_cds_publish: 'double-ds' +knot_dnssec_policy_propagation_delay: 1h knot_dnssec_submission_check_interval: 1h knot_dnssec_submission_timeout: 0 diff --git a/roles/knot/templates/etc/knot/knot.conf.j2 b/roles/knot/templates/etc/knot/knot.conf.j2 index 64b7394..c7e4c4c 100644 --- a/roles/knot/templates/etc/knot/knot.conf.j2 +++ b/roles/knot/templates/etc/knot/knot.conf.j2 @@ -112,6 +112,7 @@ policy: ksk-lifetime: {{ zone.ksk_lifetime | default(knot_dnssec_policy_ksk_lifetime) }} ksk-submission: submission-{{ zone.name }} ksk-shared: {{ knot_dnssec_policy_ksk_shared }} + propagation-delay: {{ zone.propagation_delay | default(knot_dnssec_policy_propagation_delay) }} cds-cdnskey-publish: {{ knot_dnssec_policy_cds_publish }} {% endif %} {% endfor %}