| 1 | ####################################################################### |
| 2 | ####################################################################### |
| 3 | ### |
| 4 | ### You should NOT modify this file, use the following files instead: |
| 5 | ### - /etc/dnssec-tools/dnsval.conf.head (for specifiing defaults) |
| 6 | ### - /etc/dnssec-tools/dnsval.conf.tail (for overriding) |
| 7 | ### |
| 8 | ### Root-zone trust anchor(s) are in the following file: |
| 9 | ### - /usr/share/dnssec-trust-anchors/root-anchors.dnsval.conf |
| 10 | ### (you will probably not need to modify it manualy) |
| 11 | ### |
| 12 | ####################################################################### |
| 13 | ####################################################################### |
| 14 | |
| 15 | ################################## |
| 16 | # Includes |
| 17 | ################################## |
| 18 | |
| 19 | include /etc/dnssec-tools/dnsval.conf.head |
| 20 | include /usr/share/dnssec-trust-anchors/root-anchors.dnsval.conf |
| 21 | # TRUSTMAN-ACTION bind-include /var/opt/named/named.conf |
| 22 | |
| 23 | ################################## |
| 24 | # Global Options |
| 25 | ################################## |
| 26 | |
| 27 | global-options |
| 28 | trust-oob-answers yes |
| 29 | edns0-size 1492 |
| 30 | env-policy enable |
| 31 | app-policy enable |
| 32 | log 5:stderr |
| 33 | ; |
| 34 | |
| 35 | ################################## |
| 36 | # Default policies |
| 37 | ################################## |
| 38 | |
| 39 | # Note that ArchLinux distribution by default uses root-zone trust anchor from file |
| 40 | # /usr/share/dnssec-trust-anchors/root-anchors.dnsval.conf and it will get overrided |
| 41 | # by setting trust-anchor again, so if you want to add your user-specific keys, you |
| 42 | # should also include the original root zone anchor. |
| 43 | |
| 44 | #: trust-anchor |
| 45 | # dlv.isc.org DS 19297 5 2 A11D16F6733983E159EDF8053B2FB57B479D81A309A50EAA79A81AF4 8A47C617 |
| 46 | # dlv.isc.org DS 19297 5 1 7D480DBEF530374D8A4333FCB22106EB10013B46 |
| 47 | #; |
| 48 | |
| 49 | #: zone-security-expectation |
| 50 | # . validate |
| 51 | #; |
| 52 | |
| 53 | #: dlv-trust-points |
| 54 | # . dlv.isc.org |
| 55 | #; |
| 56 | |
| 57 | : provably-insecure-status |
| 58 | . trusted |
| 59 | ; |
| 60 | |
| 61 | #: clock-skew |
| 62 | # . 0 |
| 63 | #; |
| 64 | |
| 65 | ################################## |
| 66 | # MTA Policies |
| 67 | ################################## |
| 68 | |
| 69 | #mta provably-insecure-status |
| 70 | # . trusted |
| 71 | #; |
| 72 | |
| 73 | #mta clock-skew |
| 74 | # . -1 |
| 75 | #; |
| 76 | |
| 77 | ################################## |
| 78 | # Web Browser Policies |
| 79 | ################################## |
| 80 | |
| 81 | #browser provably-insecure-status |
| 82 | # . trusted |
| 83 | #; |
| 84 | |
| 85 | #browser clock-skew |
| 86 | # . 0 |
| 87 | #; |
| 88 | |
| 89 | |
| 90 | ################################## |
| 91 | # Overrides |
| 92 | ################################## |
| 93 | |
| 94 | include /etc/dnssec-tools/dnsval.conf.tail |
| 95 | include $HOME/.config/dnsval.conf |