40 lines
1.2 KiB
YAML
40 lines
1.2 KiB
YAML
---
|
|
|
|
knot_repository_install: false
|
|
knot_repository_url: https://deb.knot-dns.cz/knot/
|
|
knot_repository_distribution: "{{ ansible_facts.distribution_release }}"
|
|
|
|
knot_server_rundir: /run/knot
|
|
knot_server_user: knot
|
|
knot_server_group: knot
|
|
knot_server_identity: "{{ ansible_facts.hostname }}"
|
|
knot_server_nsid: "{{ ansible_facts.hostname }}"
|
|
knot_server_version: "{{ ansible_facts.hostname }}"
|
|
knot_server_listen:
|
|
- "::@53"
|
|
- "0.0.0.0@53"
|
|
|
|
knot_log_targets:
|
|
- target: syslog
|
|
level: info
|
|
|
|
knot_zone_master_storage_path: /var/lib/knot/master
|
|
knot_zone_replica_storage_path: /var/lib/knot/replica
|
|
knot_zone_semantic_checks: 'on'
|
|
knot_zone_dnssec_signing: 'on'
|
|
|
|
knot_dnssec_policy_algorithm: ed25519
|
|
knot_dnssec_policy_nsec3: 'on'
|
|
# Use of a NSEC3 salt is discouraged by RFC 9276, section 3.1
|
|
knot_dnssec_policy_nsec3_salt_length: 0
|
|
knot_dnssec_policy_ksk_shared: 'off'
|
|
knot_dnssec_policy_ksk_size: 256
|
|
knot_dnssec_policy_zsk_size: 256
|
|
knot_dnssec_policy_zsk_lifetime: 30d
|
|
knot_dnssec_policy_ksk_lifetime: 0
|
|
# double-ds breaks algorithm rollovers: https://gitlab.nic.cz/knot/knot-dns/-/issues/804
|
|
knot_dnssec_policy_cds_publish: 'always'
|
|
knot_dnssec_policy_propagation_delay: 1h
|
|
|
|
knot_dnssec_submission_check_interval: 1h
|
|
knot_dnssec_submission_timeout: 0
|