# Fedora/EPEL version of dnssec-trigger.conf # logging detail, 0=only errors, 1=operations, 2=detail, 3,4 debug detail. # verbosity: 1 # pidfile location pidfile: "/var/run/dnssec-triggerd.pid" # log to a file instead of syslog, default is to syslog # logfile: "/var/log/dnssec-trigger.log" # log to syslog, or (log to to stderr or a logfile if specified). yes or no. # use-syslog: yes # chroot to this directory # chroot: "" # the unbound-control binary if not found in PATH. # commandline options can be appended "unbound-control -c my.conf" if you wish. # unbound-control: "/usr/sbin/unbound-control" # where is resolv.conf to edit. # resolvconf: "/etc/resolv.conf" # the domain example.com line (if any) to add to resolv.conf(5). default none. # domain: "" # domain name search path to add to resolv.conf(5). default none. # the search path from DHCP is not picked up, it could be used to misdirect. # search: "" # the command to run to open login pages on hot spots, a web browser. # empty string runs no command. # login-command: "xdg-open" # the url to open to get hot spot login, it gets overridden by the hotspot. # login-location: "http://www.nlnetlabs.nl/projects/dnssec-trigger" # should to be a ttl=0 entry login-location: "http://hotspot-nocache.fedoraproject.org/" # do not perform actions (unbound-control or resolv.conf), for a dry-run. # noaction: no # port number to use for probe daemon. # port: 8955 # keys and certificates generated by the dnssec-trigger-keygen systemd service # (which called dnssec-trigger-control-setup) server-key-file: "/etc/dnssec-trigger/dnssec_trigger_server.key" server-cert-file: "/etc/dnssec-trigger/dnssec_trigger_server.pem" control-key-file: "/etc/dnssec-trigger/dnssec_trigger_control.key" control-cert-file: "/etc/dnssec-trigger/dnssec_trigger_control.pem" # check for updates, download and ask to install them (for Windows, OSX). # check-updates: no # webservers that are probed to see if internet access is possible. # They serve a simple static page over HTTP port 80. It probes a random url: # after a space is the content expected on the page, (the page can contain # whitespace before and after this code). Without urls it skips http probes. # provided by NLnetLabs # It is provided on a best effort basis, with no service guarantee. # url: "http://ster.nlnetlabs.nl/hotspot.txt OK" # provided by FedoraProject url: "http://fedoraproject.org/static/hotspot.txt OK" # fallback open DNSSEC resolvers that run on TCP port 80 and TCP port 443. # the ssl443 adds an ssl server IP, if you specify a hash it is checked, put # the following on one line: ssl443: # hash is output of openssl x509 -sha256 -fingerprint -in server.pem # You can add more with extra config lines. # Provided by fedoraproject.org, #fedora-admin # It is provided on a best effort basis, with no service guarantee. ssl443: 140.211.169.201 A8:3E:DA:F0:12:82:55:7E:60:B5:B5:56:F1:66:BB:13:A8:BD:FC:B4:51:41:C0:F2:E7:8E:7B:64:AA:87:E6:F2 tcp80: 140.211.169.201 ssl443: 66.35.62.163 A8:3E:DA:F0:12:82:55:7E:60:B5:B5:56:F1:66:BB:13:A8:BD:FC:B4:51:41:C0:F2:E7:8E:7B:64:AA:87:E6:F2 tcp80: 66.35.62.163 ssl443: 152.19.134.150 A8:3E:DA:F0:12:82:55:7E:60:B5:B5:56:F1:66:BB:13:A8:BD:FC:B4:51:41:C0:F2:E7:8E:7B:64:AA:87:E6:F2 tcp80: 152.19.134.150 ssl443: 2610:28:3090:3001:dead:beef:cafe:fed9 A8:3E:DA:F0:12:82:55:7E:60:B5:B5:56:F1:66:BB:13:A8:BD:FC:B4:51:41:C0:F2:E7:8E:7B:64:AA:87:E6:F2 tcp80: 2610:28:3090:3001:dead:beef:cafe:fed9 # provided by Paul Wouters (pwouters@redhat.com) # It is provided on a best effort basis, with no service guarantee. # tcp80: 193.110.157.123 # tcp80: 2001:888:2003:1004::123 # ssl443: 193.110.157.123 16:41:49:E0:9D:62:CD:DB:79:A7:2B:71:58:C4:D5:E8:70:FA:BF:4D:6D:36:CC:07:35:33:C0:16:17:1B:61:E7 # ssl443: 2001:888:2003:1004::123 16:41:49:E0:9D:62:CD:DB:79:A7:2B:71:58:C4:D5:E8:70:FA:BF:4D:6D:36:CC:07:35:33:C0:16:17:1B:61:E7 # provided by NLnetLabs (www.nlnetlabs.nl) # It is provided on a best effort basis, with no service guarantee. # tcp80: 213.154.224.3 # tcp80: 2001:7b8:206:1:bb:: # ssl443: 213.154.224.3 DC:22:7B:1C:00:1A:CE:C5:48:49:B1:E3:30:DE:61:93:61:12:4E:CB:5C:B4:33:C4:BC:75:8C:D6:16:9D:F0:9F # ssl443: 2001:7b8:206:1:bb:: DC:22:7B:1C:00:1A:CE:C5:48:49:B1:E3:30:DE:61:93:61:12:4E:CB:5C:B4:33:C4:BC:75:8C:D6:16:9D:F0:9F