--- # Optional: Override nameserver identity and NSID knot_server_identity: ns2.example.org knot_server_nsid: ns2.example.org # Mandatory for replicated setup: Addresses under which the nameserver # is reachable knot_dns_addresses: - "2001:db8:42::2" - "10.42.0.2" # Optional for replicated setup: TSIG keys for notify/xfer/update. If # not present, ACL will use knot_dns_addresses instead... # THIS REEEAAAALLY SHOULD GO INTO A VAULT-ENCRYPTED FILE knot_tsig_key: name: tsig.ns2.example.org. algorithm: hmac-sha384 secret: poAeCzXByHLuuHjDfLceKmlUWFD+08p8QfV0ikXMBn0qTSJEXnBaDUupaG8aRS8M # Change other host specific options here # knot 2.7 in Debian stable doesn't know double-ds yet knot_dnssec_policy_cds_publish: always