#   
#   	@(#) dnssec.conf 
#   	ZKT 1.0rc1 config file
#   

#   zkt-ls options
ZoneDir:	"."
Recursive:	False
PrintTime:	True
PrintAge:	False
LeftJustify:	False

#   zone specific values
ResignInterval:	1w	# (604800 seconds)
SigValidity:	10d	# (864000 seconds)
Max_TTL:	8h	# (28800 seconds)
Propagation:	5m	# (300 seconds)
Key_TTL:	4h	# (14400 seconds)
SerialFormat:	UnixTime	# (UnixTime|Incremental)

#   signing key parameters
Key_Algo:	RSASHA1	# (Algorithm ID 5)
KSK_lifetime:	1y	# (31536000 seconds)
KSK_bits:	1300
KSK_randfile:	"/dev/urandom"
ZSK_lifetime:	12w	# (7257600 seconds)
ZSK_bits:	512
ZSK_randfile:	"/dev/urandom"
NSEC3:		Off	# (On|Off|OptOut)
SaltBits:	24

#   zkt-signer options
LogFile:	""
LogLevel:	ERROR
LogDomainDir:	""
SyslogFacility:	NONE
SyslogLevel:	NOTICE
VerboseLog:	0
KeyFile:	"dnskey.db"
ZoneFile:	"zone.db"
DLV_Domain:	""
Sig_Pseudorand:	False
Sig_GenerateDS:	True
Sig_DnsKeyKSK:	False
Sig_Parameter:	""