Update dnssec settings

author: Kjetil Orbekk <kj@orbekk.com> 2022-05-21 13:19:10 -0400
committer: Kjetil Orbekk <kj@orbekk.com> 2022-05-21 13:19:10 -0400
commit: 7ab99411aa363a031c2e201db9d68e85de5025e9 (patch)
tree: 78f71fbc14c6b4a3c235def5eec2554b26a05d14
parent: 7f6be565d19c8219098cf1e0dc9fa671f0b8938e (diff)
1 files changed, 6 insertions, 4 deletions
diff --git a/config/dns.nix b/config/dns.nix
index 163bb28..aa36998 100644
--- a/config/dns.nix
+++ b/config/dns.nix
@@ -27,9 +27,10 @@ in
         zone ${zone} {
           type master;
           file "/var/run/named/db.${zone}.zone";
-          auto-dnssec maintain;
-          inline-signing yes;
-          sig-validity-interval 21 16;
+          // auto-dnssec maintain;
+          dnssec-policy default;
+          // inline-signing yes;
+          // sig-validity-interval 21 16;
           key-directory "/opt/secret/bind/${zone}";
           update-policy local;
           allow-query { any; };
@@ -57,7 +58,8 @@ in
       zone dynamic.orbekk.com {
         type master;
         file "/var/run/named/db.dynamic.orbekk.com.zone";
-        auto-dnssec maintain;
+        // auto-dnssec maintain;
+        dnssec-policy default;
         key-directory "/opt/secret/bind/dynamic.orbekk.com";
         allow-query { any; };
         allow-transfer {
author	Kjetil Orbekk <kj@orbekk.com>	2022-05-21 13:19:10 -0400
committer	Kjetil Orbekk <kj@orbekk.com>	2022-05-21 13:19:10 -0400
commit	7ab99411aa363a031c2e201db9d68e85de5025e9 (patch)
tree	78f71fbc14c6b4a3c235def5eec2554b26a05d14
parent	7f6be565d19c8219098cf1e0dc9fa671f0b8938e (diff)