From 7ab99411aa363a031c2e201db9d68e85de5025e9 Mon Sep 17 00:00:00 2001
From: Kjetil Orbekk <kj@orbekk.com>
Date: Sat, 21 May 2022 13:19:10 -0400
Subject: Update dnssec settings

---
 config/dns.nix | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'config/dns.nix')

diff --git a/config/dns.nix b/config/dns.nix
index 163bb28..aa36998 100644
--- a/config/dns.nix
+++ b/config/dns.nix
@@ -27,9 +27,10 @@ in
         zone ${zone} {
           type master;
           file "/var/run/named/db.${zone}.zone";
-          auto-dnssec maintain;
-          inline-signing yes;
-          sig-validity-interval 21 16;
+          // auto-dnssec maintain;
+          dnssec-policy default;
+          // inline-signing yes;
+          // sig-validity-interval 21 16;
           key-directory "/opt/secret/bind/${zone}";
           update-policy local;
           allow-query { any; };
@@ -57,7 +58,8 @@ in
       zone dynamic.orbekk.com {
         type master;
         file "/var/run/named/db.dynamic.orbekk.com.zone";
-        auto-dnssec maintain;
+        // auto-dnssec maintain;
+        dnssec-policy default;
         key-directory "/opt/secret/bind/dynamic.orbekk.com";
         allow-query { any; };
         allow-transfer {
-- 
cgit v1.2.3