#
# DNSSEC-Tools Configuration
#
#	This file contains configuration information for DNSSEC-Tools.
#
#	This was automatically generated by dtinitconf on
#	Thu Apr  8 21:25:21 2010 (GMT).
#

#
# Settings for DNSSEC-Tools administration.
#
admin-email     mary.sysadmin

#
# Paths to needed programs.  These may need adjusting for individual hosts.
#
keyarch		/opt/local/bin/keyarch
rollchk		/opt/local/bin/rollchk
zonesigner	/opt/local/bin/zonesigner
# zonesigner	/froofy/local/bin/zonesigner

keygen		/usr/sbin/dnssec-keygen
rndc		/usr/sbin/rndc
zonecheck	/usr/sbin/named-checkzone
zonesign	/usr/sbin/dnssec-signzone


#
# Key-related values.
#
algorithm	rsasha1
ksklength	512
zsklength	512
random		/dev/urandom

#
# NSEC3 functionality
#
usensec3        no
nsec3iter       100
nsec3salt       random:64
nsec3optout     no

#
# Settings for dnssec-signzone.
#
endtime		+1500000

#
# Life-times for keys.  These defaults indicate how long a key has
# between rollovers.  The values are measured in seconds.

lifespan-max	86400
lifespan-min	30
ksklife		3600
zsklife		3600

#
# Settings for zonesigner.
#
archivedir	keysafe
entropy_msg	0
savekeys	1
kskcount	1
zskcount	2

#
# Settings for rollerd.
#
roll_loadzone   1
roll_logfile	/usr/local/etc/dnssec-tools/log.rollerd
roll_loglevel   phase
roll_phasemsg   short
roll_sleeptime  3600
# roll_username	tewok
autosign	1

log_tz		local

#
# Settings for trustman
#
tacontact	tewok
tasmtpserver	localhost
taresolvconf	/etc/resolv.conf
# tatmpdir	/tmp/dnssec-tools/trustman


#
# GUI-usage flag.
#
usegui		0
