#######################################################################
###
### You should NOT modify this file, use the following files instead:
-### - /etc/dnssec-tools/dnsval.conf.head
-### - /etc/dnssec-tools/dnsval.conf.tail
+### - /etc/dnssec-tools/dnsval.conf.head (for specifiing defaults)
+### - /etc/dnssec-tools/dnsval.conf.tail (for overriding)
+###
+### Root-zone trust anchor(s) are in the following file:
+### - /usr/share/dnssec-trust-anchors/root-anchors.dnsval.conf
+### (you will probably not need to modify it manualy)
###
#######################################################################
#######################################################################
##################################
include /etc/dnssec-tools/dnsval.conf.head
-include /usr/share/dnssec-trust-anchors/root-anchor.dnsval.conf
+include /usr/share/dnssec-trust-anchors/root-anchors.dnsval.conf
# TRUSTMAN-ACTION bind-include /var/opt/named/named.conf
##################################
trust-oob-answers yes
edns0-size 1492
env-policy enable
- app-policy disable
- log 10:stderr
+ app-policy enable
+ log 5:stderr
;
##################################
# Default policies
##################################
-: trust-anchor
- dnssec-tools.org DS 54556 5 2 6B026928292D452A5CC37B3EF327F27F50A29936CB31E664EB066D71A476E282
-;
+# Note that ArchLinux distribution by default uses root-zone trust anchor from file
+# /usr/share/dnssec-trust-anchors/root-anchors.dnsval.conf and it will get overrided
+# by setting trust-anchor again, so if you want to add your user-specific keys, you
+# should also include the original root zone anchor.
-: zone-security-expectation
- dnssec-tools.org validate
-;
+#: trust-anchor
+# dlv.isc.org DS 19297 5 2 A11D16F6733983E159EDF8053B2FB57B479D81A309A50EAA79A81AF4 8A47C617
+# dlv.isc.org DS 19297 5 1 7D480DBEF530374D8A4333FCB22106EB10013B46
+#;
+
+#: zone-security-expectation
+# . validate
+#;
+
+#: dlv-trust-points
+# . dlv.isc.org
+#;
: provably-insecure-status
. trusted
;
-: clock-skew
- . 0
-;
+#: clock-skew
+# . 0
+#;
##################################
# MTA Policies
##################################
-mta provably-insecure-status
- . trusted
-;
+#mta provably-insecure-status
+# . trusted
+#;
-mta clock-skew
- . -1
-;
+#mta clock-skew
+# . -1
+#;
##################################
# Web Browser Policies
##################################
-browser provably-insecure-status
- . trusted
-;
+#browser provably-insecure-status
+# . trusted
+#;
-browser clock-skew
- . 0
-;
+#browser clock-skew
+# . 0
+#;
##################################