This commit is contained in:
48
knot.conf
48
knot.conf
@@ -1,100 +1,54 @@
|
||||
# Knot DNS Configuration
|
||||
# Hidden Primary DNS server configuration for my-dnssec-test-domain.de
|
||||
# This server acts as a hidden primary - it's not listed in NS records
|
||||
# but provides zone transfers to the public secondary nameservers
|
||||
|
||||
server:
|
||||
# Server identification
|
||||
identity: "Hottis DNS Server"
|
||||
version: ""
|
||||
|
||||
# Listen on all interfaces
|
||||
listen: [ "0.0.0.0@8053", "::@8053" ]
|
||||
|
||||
# Disable recursion (authoritative only)
|
||||
answer-rotation: on
|
||||
|
||||
# Database configuration
|
||||
database:
|
||||
storage: "/var/lib/knot"
|
||||
|
||||
# Key management for DNSSEC
|
||||
keystore:
|
||||
- id: default
|
||||
backend: pem
|
||||
config: "/var/lib/knot/keys"
|
||||
|
||||
# DNSSEC policy
|
||||
policy:
|
||||
- id: default_policy
|
||||
algorithm: ECDSAP256SHA256
|
||||
ksk-lifetime: 365d
|
||||
zsk-lifetime: 90d
|
||||
propagation-delay: 3600
|
||||
dnskey-ttl: 3600
|
||||
zone-max-ttl: 86400
|
||||
cds-cdnskey-publish: always
|
||||
|
||||
# Remote server configuration (for zone transfers, notifications)
|
||||
remote:
|
||||
- id: dns1_nsdns
|
||||
address: 109.234.111.215@53
|
||||
|
||||
- id: dns2_nsdns
|
||||
address: 109.234.111.216@53
|
||||
|
||||
# Access Control Lists
|
||||
|
||||
acl:
|
||||
- id: transfer_acl
|
||||
address: [ "127.0.0.1", "109.234.111.215", "109.234.111.216" ]
|
||||
action: transfer
|
||||
|
||||
- id: notify_acl
|
||||
address: [ "127.0.0.1", "109.234.111.215", "109.234.111.216" ]
|
||||
action: notify
|
||||
|
||||
# Zone template
|
||||
template:
|
||||
- id: default_template
|
||||
storage: "/var/lib/knot"
|
||||
file: "%s.zone"
|
||||
|
||||
# DNSSEC configuration
|
||||
dnssec-signing: on
|
||||
dnssec-policy: default_policy
|
||||
|
||||
# Zone transfer settings (Hidden Primary)
|
||||
notify: [ dns1_nsdns, dns2_nsdns ]
|
||||
acl: [ transfer_acl, notify_acl ]
|
||||
|
||||
# Serial policy
|
||||
serial-policy: dateserial
|
||||
|
||||
# Zone journal
|
||||
journal-content: changes
|
||||
journal-max-usage: 10M
|
||||
|
||||
# Zone configuration
|
||||
zone:
|
||||
- domain: my-dnssec-test-domain.de
|
||||
template: default_template
|
||||
file: "/var/lib/knot/my-dnssec-test-domain.de.zone"
|
||||
|
||||
# Control interface
|
||||
control:
|
||||
listen: "/var/run/knot/knot.sock"
|
||||
timeout: 60
|
||||
|
||||
# Statistics
|
||||
stats:
|
||||
timer: 3600
|
||||
|
||||
# Logging configuration
|
||||
log:
|
||||
- target: stderr
|
||||
any: info
|
||||
zone: warning
|
||||
server: info
|
||||
|
||||
- target: syslog
|
||||
any: info
|
||||
Reference in New Issue
Block a user