#   
#   	@(#) dnssec.conf T1.0rc1 (c) Feb 2005 - Mar 2010 Holger Zuleger hznet.de
#   

#   dnssec-zkt options
Zonedir:	"."
Recursive:	True
PrintTime:	False
PrintAge:	True
LeftJustify:	False

#   zone specific values
ResignInterval:	2d	# (172800 seconds)
Sigvalidity:	6d	# (518400 seconds)
Max_TTL:	8h	# (28800 seconds)
Propagation:	5m	# (300 seconds)
KEY_TTL:	1h	# (3600 seconds)
Serialformat:	incremental

#   signing key parameters
Key_Algo:	RSASHA512
KSK_lifetime:	60d	# (5184000 seconds)
KSK_bits:	1300
KSK_randfile:	"/dev/urandom"
ZSK_lifetime:	2w	# (1209600 seconds)
ZSK_bits:	1024
ZSK_randfile:	"/dev/urandom"
SaltBits:	24

#   dnssec-signer options
LogFile:	"zkt.log"
LogLevel:	DEBUG
LogDomainDir:	"."
SyslogFacility:	USER
SyslogLevel:	NOTICE
VerboseLog:	2
Keyfile:	"dnskey.db"
Zonefile:	"zone.db"
KeySetDir:	"../keysets"
DLV_Domain:	""
Sig_Pseudorand:	True
Sig_GenerateDS:	True
Sig_DnsKeyKSK:	False
Sig_Parameter:	"-n 1"
Distribute_Cmd:	"./dist.sh"