Commit | Line | Data |
---|---|---|
5db849a7 H |
1 | ####################################################################### |
2 | ####################################################################### | |
3 | ### | |
4 | ### You should NOT modify this file, use the following files instead: | |
5 | ### - /etc/dnssec-tools/dnsval.conf.head | |
6 | ### - /etc/dnssec-tools/dnsval.conf.tail | |
7 | ### | |
8 | ####################################################################### | |
9 | ####################################################################### | |
10 | ||
11 | ################################## | |
12 | # Includes | |
13 | ################################## | |
14 | ||
15 | include /etc/dnssec-tools/dnsval.conf.head | |
16 | include /usr/share/dnssec-trust-anchors/root-anchor.dnsval.conf | |
17 | # TRUSTMAN-ACTION bind-include /var/opt/named/named.conf | |
18 | ||
19 | ################################## | |
20 | # Global Options | |
21 | ################################## | |
22 | ||
23 | global-options | |
24 | trust-oob-answers yes | |
25 | edns0-size 1492 | |
26 | env-policy enable | |
27 | app-policy disable | |
28 | log 10:stderr | |
29 | ; | |
30 | ||
31 | ################################## | |
32 | # Default policies | |
33 | ################################## | |
34 | ||
35 | : trust-anchor | |
36 | dnssec-tools.org DS 54556 5 2 6B026928292D452A5CC37B3EF327F27F50A29936CB31E664EB066D71A476E282 | |
37 | ; | |
38 | ||
39 | : zone-security-expectation | |
40 | dnssec-tools.org validate | |
41 | ; | |
42 | ||
43 | : provably-insecure-status | |
44 | . trusted | |
45 | ; | |
46 | ||
47 | : clock-skew | |
48 | . 0 | |
49 | ; | |
50 | ||
51 | ################################## | |
52 | # MTA Policies | |
53 | ################################## | |
54 | ||
55 | mta provably-insecure-status | |
56 | . trusted | |
57 | ; | |
58 | ||
59 | mta clock-skew | |
60 | . -1 | |
61 | ; | |
62 | ||
63 | ################################## | |
64 | # Web Browser Policies | |
65 | ################################## | |
66 | ||
67 | browser provably-insecure-status | |
68 | . trusted | |
69 | ; | |
70 | ||
71 | browser clock-skew | |
72 | . 0 | |
73 | ; | |
74 | ||
75 | ||
76 | ################################## | |
77 | # Overrides | |
78 | ################################## | |
79 | ||
80 | include /etc/dnssec-tools/dnsval.conf.tail | |
81 | include $HOME/.config/dnsval.conf |