You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
88 lines
2.0 KiB
88 lines
2.0 KiB
<?xml version="1.0" encoding="UTF-8"?>
|
|
|
|
<Configuration>
|
|
|
|
<RepositoryList>
|
|
|
|
<Repository name="SoftHSM">
|
|
<Module>/usr/lib64/softhsm/libsofthsm.so</Module>
|
|
<TokenLabel>OpenDNSSEC</TokenLabel>
|
|
<PIN>1234</PIN>
|
|
<!--
|
|
# Disabled so it stores the public key in the HSM too,
|
|
# so bind's dnssec-signzone can be used as well
|
|
<SkipPublicKey/>
|
|
-->
|
|
</Repository>
|
|
|
|
<!--
|
|
<Repository name="sca6000">
|
|
<Module>/usr/lib64/opencryptoki/PKCS11_API.so</Module>
|
|
<TokenLabel>Sun Metaslot</TokenLabel>
|
|
<PIN>test:1234</PIN>
|
|
<Capacity>255</Capacity>
|
|
<RequireBackup/>
|
|
<SkipPublicKey/>
|
|
</Repository>
|
|
-->
|
|
|
|
</RepositoryList>
|
|
|
|
<Common>
|
|
<Logging>
|
|
<Syslog><Facility>local0</Facility></Syslog>
|
|
</Logging>
|
|
|
|
<PolicyFile>/etc/opendnssec/kasp.xml</PolicyFile>
|
|
<ZoneListFile>/etc/opendnssec/zonelist.xml</ZoneListFile>
|
|
|
|
<!--
|
|
<ZoneFetchFile>/etc/opendnssec/zonefetch.xml</ZoneFetchFile>
|
|
-->
|
|
</Common>
|
|
|
|
<Enforcer>
|
|
<Privileges>
|
|
<User>ods</User>
|
|
<Group>ods</Group>
|
|
</Privileges>
|
|
|
|
<Datastore><SQLite>/var/opendnssec/kasp.db</SQLite></Datastore>
|
|
<!-- <ManualKeyGeneration/> -->
|
|
<!-- <RolloverNotification>P14D</RolloverNotification> -->
|
|
|
|
<!-- the <DelegationSignerSubmitCommand> will get all current
|
|
DNSKEYs (as a RRset) on standard input
|
|
-->
|
|
<!-- <DelegationSignerSubmitCommand>/usr/sbin/eppclient</DelegationSignerSubmitCommand> -->
|
|
</Enforcer>
|
|
|
|
<Signer>
|
|
<Privileges>
|
|
<User>ods</User>
|
|
<Group>ods</Group>
|
|
</Privileges>
|
|
|
|
<WorkingDirectory>/var/opendnssec/tmp</WorkingDirectory>
|
|
<WorkerThreads>4</WorkerThreads>
|
|
<!-- <SignerThreads>4</SignerThreads> -->
|
|
|
|
<!--
|
|
<Listener>
|
|
<Interface><Port>53</Port></Interface>
|
|
</Listener>
|
|
-->
|
|
|
|
<!-- the <NotifyCommmand> will expand the following variables:
|
|
|
|
%zone the name of the zone that was signed
|
|
%zonefile the filename of the signed zone
|
|
<NotifyCommand>sudo systemctl reload nsd.service</NotifyCommand>
|
|
-->
|
|
<!--
|
|
<NotifyCommand>/usr/sbin/rndc reload %zone</NotifyCommand>
|
|
-->
|
|
</Signer>
|
|
|
|
</Configuration>
|