# Knot DNS Configuration
# Hidden Primary DNS server configuration for my-dnssec-test-domain.de

server:
    identity: "Hottis DNS Server"
    listen: [ "0.0.0.0@8053", "::@8053" ]
    pidfile: "/var/lib/knot/knot.pid"
    daemonize: off

database:
    storage: "/var/lib/knot"

keystore:
  - id: default
    backend: pem
    config: "/var/lib/knot/keys"

policy:
  - id: default_policy
    algorithm: ECDSAP256SHA256
    ksk-lifetime: 365d
    zsk-lifetime: 90d

remote:
  - id: dns1_nsdns
    address: 109.234.111.215@53
  - id: dns2_nsdns
    address: 109.234.111.216@53

acl:
  - id: transfer_acl
    address: [ "127.0.0.1", "109.234.111.215", "109.234.111.216" ]
    action: transfer
  - id: notify_acl
    address: [ "127.0.0.1", "109.234.111.215", "109.234.111.216" ]
    action: notify

template:
  - id: default_template
    storage: "/var/lib/knot"
    dnssec-signing: on
    dnssec-policy: default_policy
    notify: [ dns1_nsdns, dns2_nsdns ]
    acl: [ transfer_acl, notify_acl ]

zone:
  - domain: my-dnssec-test-domain.de
    template: default_template
    file: "/var/lib/knot/my-dnssec-test-domain.de.zone"

control:
    listen: "/var/run/knot/knot.sock"

log:
  - target: stderr
    any: info