From c7d1cde8c3d4c01ee6f3950e4f056be3d3e5d29c Mon Sep 17 00:00:00 2001
From: s3lph <s3lph@kabelsalat.ch>
Date: Wed, 5 Jun 2024 01:19:06 +0200
Subject: [PATCH] feat: add knot_dnssec_policy_nsec3_salt_length to
 argument_specs.yml

---
 roles/knot/meta/argument_specs.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/roles/knot/meta/argument_specs.yml b/roles/knot/meta/argument_specs.yml
index 44ce70f..0f886de 100644
--- a/roles/knot/meta/argument_specs.yml
+++ b/roles/knot/meta/argument_specs.yml
@@ -119,6 +119,14 @@ argument_specs:
           - If set to C(off), C(NSEC) is used, which allows full zone enumeration.
         type: str
         default: 'on'
+      knot_dnssec_policy_nsec3_salt_length:
+        description:
+          - Length of the NSEC3 salt field.
+          - >-
+            Use of a NSEC3 salt is discouraged by
+            U(RFC 9276,https://datatracker.ietf.org/doc/html/rfc9276#section-3.1).
+        type: int
+        default: 0
       knot_dnssec_policy_ksk_size:
         description:
           - Size (in bits) of the KSK.