23 lines
740 B
YAML
23 lines
740 B
YAML
---
|
|
|
|
# Optional: Override nameserver identity and NSID
|
|
knot_server_identity: ns2.example.org
|
|
knot_server_nsid: ns2.example.org
|
|
|
|
# Mandatory for replicated setup: Addresses under which the nameserver
|
|
# is reachable
|
|
knot_dns_addresses:
|
|
- "2001:db8:42::2"
|
|
- "10.42.0.2"
|
|
|
|
# Optional for replicated setup: TSIG keys for notify/xfer/update. If
|
|
# not present, ACL will use knot_dns_addresses instead...
|
|
# THIS REEEAAAALLY SHOULD GO INTO A VAULT-ENCRYPTED FILE
|
|
knot_tsig_key:
|
|
name: tsig.ns2.example.org.
|
|
algorithm: hmac-sha384
|
|
secret: poAeCzXByHLuuHjDfLceKmlUWFD+08p8QfV0ikXMBn0qTSJEXnBaDUupaG8aRS8M
|
|
# Change other host specific options here
|
|
|
|
# knot 2.7 in Debian stable doesn't know double-ds yet
|
|
knot_dnssec_policy_cds_publish: always
|