| 1 | ####################################################################### |
| 2 | ####################################################################### |
| 3 | ### |
| 4 | ### You should NOT modify this file, use the following files instead: |
| 5 | ### - /etc/dnssec-tools/dnsval.conf.head |
| 6 | ### - /etc/dnssec-tools/dnsval.conf.tail |
| 7 | ### |
| 8 | ####################################################################### |
| 9 | ####################################################################### |
| 10 | |
| 11 | ################################## |
| 12 | # Includes |
| 13 | ################################## |
| 14 | |
| 15 | include /etc/dnssec-tools/dnsval.conf.head |
| 16 | include /usr/share/dnssec-trust-anchors/root-anchor.dnsval.conf |
| 17 | # TRUSTMAN-ACTION bind-include /var/opt/named/named.conf |
| 18 | |
| 19 | ################################## |
| 20 | # Global Options |
| 21 | ################################## |
| 22 | |
| 23 | global-options |
| 24 | trust-oob-answers yes |
| 25 | edns0-size 1492 |
| 26 | env-policy enable |
| 27 | app-policy disable |
| 28 | log 10:stderr |
| 29 | ; |
| 30 | |
| 31 | ################################## |
| 32 | # Default policies |
| 33 | ################################## |
| 34 | |
| 35 | #: trust-anchor |
| 36 | # . "974 0 0 MIIDyjCCArKgAwIBAgIBBDANBgkqhkiG9w0BAQsFADBLMQ4wDAYDVQQKEwVJQ0FOTjEYMBYGA1UEAxMPSUNBTk4gRE5TU0VDIENBMR8wHQYJKoZIhvcNAQkBExBkbnNzZWNAaWNhbm4ub3JnMB4XDTEwMDcxNDE3MDEyNVoXDTExMDcxNDE3MDEyNVowgbMxDjAMBgNVBAoTBUlDQU5OMQ0wCwYDVQQLEwRJQU5BMTAwLgYDVQQDEydSb290IFpvbmUgS1NLIDIwMTAtMDYtMTZUMjE6MTk6MjQrMDA6MDAxYDBeBggrBgEEAYdoNRNSLiBJTiBEUyAxOTAzNiA4IDIgNDlBQUMxMUQ3QjZGNjQ0NjcwMkU1NEExNjA3MzcxNjA3QTFBNDE4NTUyMDBGRDJDRTFDRERFMzJGMjRFOEZCNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKgAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0CAwEAAaNQME4wDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBSPskJpw53kPPoTuf/ywKTv2A/oIjAdBgNVHQ4EFgQUQRqS+htWdh5iK3HNGv27Q5lfCckwDQYJKoZIhvcNAQELBQADggEBAI+NnJjL8bGgilX7lb5b6eMimeZeRw6fMgkVQzxt9c4kQ6p8h048II4aP8QUBIzeDZtKuvRsyNjM9oil9OUXCNp3NTY/bsr6oSy9kwdz1G/bg7OfEb+3QXPmXTvCPpwCjIBsz9nfXp+bjzJ0vGi0YkVImML9EClLCOfnHtwrG+fQQSjyCeppHZVe354qwjOv/3Lf7gH0m9FudgA4tFZ7ncsmHn2OKSlJZkkdxZegY83ZigxjMCvL2hG1lcRhast6RJSVaAi81mwQhQk2c3h2HM5DhDR1WikGqBeKID//MoI3v2CK43wpm6I/zciC/Avg1tyOtCFHiAR2lD9b9U/M598=" |
| 37 | # dnssec-tools.org DS 54556 5 2 6B026928292D452A5CC37B3EF327F27F50A29936CB31E664EB066D71A476E282 |
| 38 | #; |
| 39 | |
| 40 | #: zone-security-expectation |
| 41 | # . validate |
| 42 | # dnssec-tools.org validate |
| 43 | #; |
| 44 | |
| 45 | : provably-insecure-status |
| 46 | . trusted |
| 47 | ; |
| 48 | |
| 49 | : clock-skew |
| 50 | . 0 |
| 51 | ; |
| 52 | |
| 53 | ################################## |
| 54 | # MTA Policies |
| 55 | ################################## |
| 56 | |
| 57 | mta provably-insecure-status |
| 58 | . trusted |
| 59 | ; |
| 60 | |
| 61 | mta clock-skew |
| 62 | . -1 |
| 63 | ; |
| 64 | |
| 65 | ################################## |
| 66 | # Web Browser Policies |
| 67 | ################################## |
| 68 | |
| 69 | browser provably-insecure-status |
| 70 | . trusted |
| 71 | ; |
| 72 | |
| 73 | browser clock-skew |
| 74 | . 0 |
| 75 | ; |
| 76 | |
| 77 | |
| 78 | ################################## |
| 79 | # Overrides |
| 80 | ################################## |
| 81 | |
| 82 | include /etc/dnssec-tools/dnsval.conf.tail |
| 83 | include $HOME/.config/dnsval.conf |