xref: /src/external/mpl/bind/dist/bin/tests/system/rollover_ksk_doubleksk/ns3/kasp.conf

/*
 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 *
 * SPDX-License-Identifier: MPL-2.0
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0.  If a copy of the MPL was not distributed with this
 * file, you can obtain one at https://mozilla.org/MPL/2.0/.
 *
 * See the COPYRIGHT file distributed with this work for additional
 * information regarding copyright ownership.
 */

dnssec-policy "ksk-doubleksk-autosign" {
	signatures-refresh P1W;
	signatures-validity P2W;
	signatures-validity-dnskey P2W;

	dnskey-ttl 2h;
	publish-safety P1D;
	retire-safety P2D;
	purge-keys PT1H;

	cdnskey no;
	keys {
		ksk key-directory lifetime P60D algorithm ecdsa256;
		zsk key-directory lifetime unlimited algorithm ecdsa256;
	};

	zone-propagation-delay PT1H;
	max-zone-ttl 1d;

	parent-ds-ttl 3600;
	parent-propagation-delay PT1H;
};

dnssec-policy "ksk-doubleksk-manual" {
	manual-mode yes;

	signatures-refresh P1W;
	signatures-validity P2W;
	signatures-validity-dnskey P2W;

	dnskey-ttl 2h;
	publish-safety P1D;
	retire-safety P2D;
	purge-keys PT1H;

	cdnskey no;
	keys {
		ksk key-directory lifetime P60D algorithm ecdsa256;
		zsk key-directory lifetime unlimited algorithm ecdsa256;
	};

	zone-propagation-delay PT1H;
	max-zone-ttl 1d;

	parent-ds-ttl 3600;
	parent-propagation-delay PT1H;
};