/*
 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 *
 * SPDX-License-Identifier: MPL-2.0
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0.  If a copy of the MPL was not distributed with this
 * file, you can obtain one at https://mozilla.org/MPL/2.0/.
 *
 * See the COPYRIGHT file distributed with this work for additional
 * information regarding copyright ownership.
 */

/*
 * This is just a random selection of DNSSEC configuration options.
 */

/* cut here */
dnssec-policy "test" {
	cdnskey yes;
	cds-digest-types {
		"sha-256";
	};
	dnskey-ttl 3600;
	inline-signing yes;
	keys {
		ksk key-directory lifetime P1Y algorithm ecdsa256;
		zsk lifetime P30D algorithm 13;
		csk key-store "hsm" lifetime unlimited algorithm rsasha256 2048;
	};
	max-zone-ttl 86400;
	nsec3param iterations 0 optout no salt-length 8;
	offline-ksk no;
	parent-ds-ttl 7200;
	parent-propagation-delay PT1H;
	publish-safety PT3600S;
	retire-safety PT3600S;
	signatures-jitter PT12H;
	signatures-refresh P3D;
	signatures-validity P2W;
	signatures-validity-dnskey P14D;
	zone-propagation-delay PT5M;
};
key-store "hsm" {
	directory ".";
	pkcs11-uri "pkcs11:token=bind9;pin-value=1234";
};
options {
	dnssec-policy "default";
};
zone "example1" {
	type primary;
	file "example1.db";
};
zone "example2" {
	type primary;
	file "example2.db";
	allow-update {
		"any";
	};
	dnssec-policy "test";
};
zone "example3" {
	type primary;
	file "example3.db";
	dnssec-policy "default";
};
zone "dnssec-policy-none-shared-zonefile1" {
	type primary;
	file "shared.db";
	dnssec-policy "none";
};
zone "dnssec-policy-none-shared-zonefile2" {
	type primary;
	file "shared.db";
	dnssec-policy "none";
};