GIT.Harvie.CZ / mirrors / ArchLinux-Packages.git / blame
| Commit | Line | Data |
|---|---|---|
| 5db849a7 H |
1 | ####################################################################### |
| 2 | ####################################################################### | |
| 3 | ### | |
| 4 | ### You should NOT modify this file, use the following files instead: | |
| 9ba57e52 H |
5 | ### - /etc/dnssec-tools/dnsval.conf.head (for specifiing defaults) |
| 6 | ### - /etc/dnssec-tools/dnsval.conf.tail (for overriding) | |
| 7 | ### | |
| 8 | ### Root-zone trust anchor(s) are in the following file: | |
| 9 | ### - /usr/share/dnssec-trust-anchors/root-anchors.dnsval.conf | |
| 10 | ### (you will probably not need to modify it manualy) | |
| 5db849a7 H |
11 | ### |
| 12 | ####################################################################### | |
| 13 | ####################################################################### | |
| 14 | ||
| 15 | ################################## | |
| 16 | # Includes | |
| 17 | ################################## | |
| 18 | ||
| 19 | include /etc/dnssec-tools/dnsval.conf.head | |
| 9ba57e52 | 20 | include /usr/share/dnssec-trust-anchors/root-anchors.dnsval.conf |
| 5db849a7 H |
21 | # TRUSTMAN-ACTION bind-include /var/opt/named/named.conf |
| 22 | ||
| 23 | ################################## | |
| 24 | # Global Options | |
| 25 | ################################## | |
| 26 | ||
| 27 | global-options | |
| 28 | trust-oob-answers yes | |
| 29 | edns0-size 1492 | |
| 30 | env-policy enable | |
| 9ba57e52 H |
31 | app-policy enable |
| 32 | log 5:stderr | |
| 5db849a7 H |
33 | ; |
| 34 | ||
| 35 | ################################## | |
| 36 | # Default policies | |
| 37 | ################################## | |
| 38 | ||
| 9ba57e52 H |
39 | # Note that ArchLinux distribution by default uses root-zone trust anchor from file |
| 40 | # /usr/share/dnssec-trust-anchors/root-anchors.dnsval.conf and it will get overrided | |
| 41 | # by setting trust-anchor again, so if you want to add your user-specific keys, you | |
| 42 | # should also include the original root zone anchor. | |
| 43 | ||
| 44 | #: trust-anchor | |
| 45 | # dlv.isc.org DS 19297 5 2 A11D16F6733983E159EDF8053B2FB57B479D81A309A50EAA79A81AF4 8A47C617 | |
| 46 | # dlv.isc.org DS 19297 5 1 7D480DBEF530374D8A4333FCB22106EB10013B46 | |
| 9bf471d2 H |
47 | #; |
| 48 | ||
| 49 | #: zone-security-expectation | |
| 50 | # . validate | |
| 9ba57e52 H |
51 | #; |
| 52 | ||
| 53 | #: dlv-trust-points | |
| 54 | # . dlv.isc.org | |
| 9bf471d2 | 55 | #; |
| 5db849a7 H |
56 | |
| 57 | : provably-insecure-status | |
| 58 | . trusted | |
| 59 | ; | |
| 60 | ||
| 9ba57e52 H |
61 | #: clock-skew |
| 62 | # . 0 | |
| 63 | #; | |
| 5db849a7 H |
64 | |
| 65 | ################################## | |
| 66 | # MTA Policies | |
| 67 | ################################## | |
| 68 | ||
| 9ba57e52 H |
69 | #mta provably-insecure-status |
| 70 | # . trusted | |
| 71 | #; | |
| 5db849a7 | 72 | |
| 9ba57e52 H |
73 | #mta clock-skew |
| 74 | # . -1 | |
| 75 | #; | |
| 5db849a7 H |
76 | |
| 77 | ################################## | |
| 78 | # Web Browser Policies | |
| 79 | ################################## | |
| 80 | ||
| 9ba57e52 H |
81 | #browser provably-insecure-status |
| 82 | # . trusted | |
| 83 | #; | |
| 5db849a7 | 84 | |
| 9ba57e52 H |
85 | #browser clock-skew |
| 86 | # . 0 | |
| 87 | #; | |
| 5db849a7 H |
88 | |
| 89 | ||
| 90 | ################################## | |
| 91 | # Overrides | |
| 92 | ################################## | |
| 93 | ||
| 94 | include /etc/dnssec-tools/dnsval.conf.tail | |
| 95 | include $HOME/.config/dnsval.conf |