From ce27010642107e734e991bcc56797a6131d193aa Mon Sep 17 00:00:00 2001
From: s3lph <account-gitlab-ideynizv@kernelpanic.lol>
Date: Tue, 14 Jun 2022 21:17:14 +0200
Subject: [PATCH] Change default cds-cdnskey-publish to always

---
 galaxy.yml                   | 2 +-
 roles/knot/defaults/main.yml | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/galaxy.yml b/galaxy.yml
index 31ac599..79f47d2 100644
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -7,7 +7,7 @@ namespace: s3lph
 name: nameserver
 
 # The version of the collection. Must be compatible with semantic versioning
-version: "0.3.3"
+version: "0.3.4"
 
 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
 readme: README.md
diff --git a/roles/knot/defaults/main.yml b/roles/knot/defaults/main.yml
index 5b17cce..1278fa2 100644
--- a/roles/knot/defaults/main.yml
+++ b/roles/knot/defaults/main.yml
@@ -30,7 +30,8 @@ knot_dnssec_policy_ksk_size: 256
 knot_dnssec_policy_zsk_size: 256
 knot_dnssec_policy_zsk_lifetime: 30d
 knot_dnssec_policy_ksk_lifetime: 0
-knot_dnssec_policy_cds_publish: 'double-ds'
+# double-ds breaks algorithm rollovers: https://gitlab.nic.cz/knot/knot-dns/-/issues/804
+knot_dnssec_policy_cds_publish: 'always'
 knot_dnssec_policy_propagation_delay: 1h
 
 knot_dnssec_submission_check_interval: 1h