Commit | Line | Data |
---|---|---|
5db849a7 H |
1 | ####################################################################### |
2 | ####################################################################### | |
3 | ### | |
4 | ### You should NOT modify this file, use the following files instead: | |
9ba57e52 H |
5 | ### - /etc/dnssec-tools/dnsval.conf.head (for specifiing defaults) |
6 | ### - /etc/dnssec-tools/dnsval.conf.tail (for overriding) | |
7 | ### | |
8 | ### Root-zone trust anchor(s) are in the following file: | |
9 | ### - /usr/share/dnssec-trust-anchors/root-anchors.dnsval.conf | |
10 | ### (you will probably not need to modify it manualy) | |
5db849a7 H |
11 | ### |
12 | ####################################################################### | |
13 | ####################################################################### | |
14 | ||
15 | ################################## | |
16 | # Includes | |
17 | ################################## | |
18 | ||
19 | include /etc/dnssec-tools/dnsval.conf.head | |
9ba57e52 | 20 | include /usr/share/dnssec-trust-anchors/root-anchors.dnsval.conf |
5db849a7 H |
21 | # TRUSTMAN-ACTION bind-include /var/opt/named/named.conf |
22 | ||
23 | ################################## | |
24 | # Global Options | |
25 | ################################## | |
26 | ||
27 | global-options | |
28 | trust-oob-answers yes | |
29 | edns0-size 1492 | |
30 | env-policy enable | |
9ba57e52 H |
31 | app-policy enable |
32 | log 5:stderr | |
5db849a7 H |
33 | ; |
34 | ||
35 | ################################## | |
36 | # Default policies | |
37 | ################################## | |
38 | ||
9ba57e52 H |
39 | # Note that ArchLinux distribution by default uses root-zone trust anchor from file |
40 | # /usr/share/dnssec-trust-anchors/root-anchors.dnsval.conf and it will get overrided | |
41 | # by setting trust-anchor again, so if you want to add your user-specific keys, you | |
42 | # should also include the original root zone anchor. | |
43 | ||
44 | #: trust-anchor | |
45 | # dlv.isc.org DS 19297 5 2 A11D16F6733983E159EDF8053B2FB57B479D81A309A50EAA79A81AF4 8A47C617 | |
46 | # dlv.isc.org DS 19297 5 1 7D480DBEF530374D8A4333FCB22106EB10013B46 | |
9bf471d2 H |
47 | #; |
48 | ||
49 | #: zone-security-expectation | |
50 | # . validate | |
9ba57e52 H |
51 | #; |
52 | ||
53 | #: dlv-trust-points | |
54 | # . dlv.isc.org | |
9bf471d2 | 55 | #; |
5db849a7 H |
56 | |
57 | : provably-insecure-status | |
58 | . trusted | |
59 | ; | |
60 | ||
9ba57e52 H |
61 | #: clock-skew |
62 | # . 0 | |
63 | #; | |
5db849a7 H |
64 | |
65 | ################################## | |
66 | # MTA Policies | |
67 | ################################## | |
68 | ||
9ba57e52 H |
69 | #mta provably-insecure-status |
70 | # . trusted | |
71 | #; | |
5db849a7 | 72 | |
9ba57e52 H |
73 | #mta clock-skew |
74 | # . -1 | |
75 | #; | |
5db849a7 H |
76 | |
77 | ################################## | |
78 | # Web Browser Policies | |
79 | ################################## | |
80 | ||
9ba57e52 H |
81 | #browser provably-insecure-status |
82 | # . trusted | |
83 | #; | |
5db849a7 | 84 | |
9ba57e52 H |
85 | #browser clock-skew |
86 | # . 0 | |
87 | #; | |
5db849a7 H |
88 | |
89 | ||
90 | ################################## | |
91 | # Overrides | |
92 | ################################## | |
93 | ||
94 | include /etc/dnssec-tools/dnsval.conf.tail | |
95 | include $HOME/.config/dnsval.conf |