1 1.1 christos /* 2 1.1 christos * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 3 1.1 christos * 4 1.1 christos * SPDX-License-Identifier: MPL-2.0 5 1.1 christos * 6 1.1 christos * This Source Code Form is subject to the terms of the Mozilla Public 7 1.1 christos * License, v. 2.0. If a copy of the MPL was not distributed with this 8 1.1 christos * file, you can obtain one at https://mozilla.org/MPL/2.0/. 9 1.1 christos * 10 1.1 christos * See the COPYRIGHT file distributed with this work for additional 11 1.1 christos * information regarding copyright ownership. 12 1.1 christos */ 13 1.1 christos 14 1.1 christos dnssec-policy "bad-lifetime-ksk" { 15 1.1 christos /* 16 1.1 christos * The KSK lifetime is too short. 17 1.1 christos * The ZSK lifetime is good enough but should trigger a warning. 18 1.1 christos */ 19 1.1 christos keys { 20 1.1 christos ksk lifetime PT3H algorithm 13; 21 1.1 christos zsk lifetime P8DT2H1S algorithm 13; 22 1.1 christos }; 23 1.1 christos 24 1.1 christos dnskey-ttl PT1H; 25 1.1 christos publish-safety PT1H; 26 1.1 christos retire-safety PT1H; 27 1.1 christos zone-propagation-delay PT1H; 28 1.1 christos max-zone-ttl P1D; 29 1.1 christos signatures-validity P10D; 30 1.1 christos signatures-refresh P3D; 31 1.1 christos parent-ds-ttl PT1H; 32 1.1 christos parent-propagation-delay PT5M; 33 1.1 christos }; 34 1.1 christos 35 1.1 christos dnssec-policy "bad-lifetime-zsk" { 36 1.1 christos /* 37 1.1 christos * The ZSK lifetime is too short. 38 1.1 christos * The KSK lifetime is good enough but should trigger a warning. 39 1.1 christos */ 40 1.1 christos keys { 41 1.1 christos ksk lifetime PT3H1S algorithm 13; 42 1.1 christos zsk lifetime P8DT2H algorithm 13; 43 1.1 christos }; 44 1.1 christos 45 1.1 christos dnskey-ttl PT1H; 46 1.1 christos publish-safety PT1H; 47 1.1 christos retire-safety PT1H; 48 1.1 christos zone-propagation-delay PT1H; 49 1.1 christos max-zone-ttl P1D; 50 1.1 christos signatures-validity P10D; 51 1.1 christos signatures-refresh P3D; 52 1.1 christos parent-ds-ttl PT1H; 53 1.1 christos parent-propagation-delay PT5M; 54 1.1 christos }; 55 1.1 christos 56 1.1 christos dnssec-policy "bad-lifetime-csk" { 57 1.1 christos /* 58 1.1 christos * The CSK lifetime is too short. 59 1.1 christos */ 60 1.1 christos keys { 61 1.1 christos csk lifetime PT3H algorithm 13; 62 1.1 christos }; 63 1.1 christos 64 1.1 christos dnskey-ttl PT1H; 65 1.1 christos publish-safety PT1H; 66 1.1 christos retire-safety PT1H; 67 1.1 christos zone-propagation-delay PT1H; 68 1.1 christos max-zone-ttl P1D; 69 1.1 christos signatures-validity P10D; 70 1.1 christos signatures-refresh P3D; 71 1.1 christos parent-ds-ttl PT1H; 72 1.1 christos parent-propagation-delay PT5M; 73 1.1 christos }; 74 1.1 christos 75 1.1 christos zone "bad-lifetime-ksk.example.net" { 76 1.1 christos type primary; 77 1.1 christos file "bad-lifetime-ksk.example.db"; 78 1.1 christos dnssec-policy "bad-lifetime-ksk"; 79 1.1 christos }; 80 1.1 christos 81 1.1 christos zone "bad-lifetime-zsk.example.net" { 82 1.1 christos type primary; 83 1.1 christos file "bad-lifetime-zsk.example.db"; 84 1.1 christos dnssec-policy "bad-lifetime-zsk"; 85 1.1 christos }; 86 1.1 christos 87 1.1 christos zone "bad-lifetime-csk.example.net" { 88 1.1 christos type primary; 89 1.1 christos file "bad-lifetime-csk.example.db"; 90 1.1 christos dnssec-policy "bad-lifetime-csk"; 91 1.1 christos }; 92
Indexes created Sun Apr 26 00:22:38 UTC 2026