opendnssec/conf.xml

   1 <?xml version="1.0" encoding="UTF-8"?>
   2
   3 <Configuration>
   4         <RepositoryList>
   5                 <Repository name="SoftHSM">
   6                         <Module>/usr/lib/libsofthsm.so</Module>
   7                         <TokenLabel>OpenDNSSEC</TokenLabel>
   8                         <PIN>1234</PIN>
   9                         <SkipPublicKey/>
  10                 </Repository>
  11         </RepositoryList>
  12
  13         <Common>
  14                 <Logging>
  15                         <Syslog><Facility>local0</Facility></Syslog>
  16                 </Logging>
  17
  18                 <PolicyFile>/etc/opendnssec/kasp.xml</PolicyFile>
  19                 <ZoneListFile>/etc/opendnssec/zonelist.xml</ZoneListFile>
  20
  21         <!--
  22                 <ZoneFetchFile>/etc/opendnssec/zonefetch.xml</ZoneFetchFile>
  23         -->
  24         </Common>
  25
  26         <Enforcer>
  27                 <Privileges>
  28                         <User>opendnssec</User>
  29                         <Group>opendnssec</Group>
  30                 </Privileges>
  31
  32                 <Datastore><SQLite>/var/lib/opendnssec/kasp.db</SQLite></Datastore>
  33                 <Interval>PT3600S</Interval>
  34                 <!-- <ManualKeyGeneration/> -->
  35                 <!-- <RolloverNotification>P14D</RolloverNotification> -->
  36
  37                 <!-- the <DelegationSignerSubmitCommand> will get all current
  38                      DNSKEYs (as a RRset) on standard input
  39                 -->
  40                 <!-- <DelegationSignerSubmitCommand>/usr/sbin/eppclient</DelegationSignerSubmitCommand> -->
  41         </Enforcer>
  42
  43         <Signer>
  44                 <Privileges>
  45                         <User>opendnssec</User>
  46                         <Group>opendnssec</Group>
  47                 </Privileges>
  48
  49                 <WorkingDirectory>/var/lib/opendnssec/tmp</WorkingDirectory>
  50                 <WorkerThreads>4</WorkerThreads>
  51 <!--
  52                 <SignerThreads>4</SignerThreads>
  53 -->
  54
  55                 <!-- the <NotifyCommmand> will expand the following variables:
  56
  57                      %zone      the name of the zone that was signed
  58                      %zonefile  the filename of the signed zone
  59                 -->
  60 <!--
  61                 <NotifyCommand>/usr/local/bin/my_nameserver_reload_command</NotifyCommand>
  62 -->
  63 <!--
  64                 <NotifyCommand>/usr/sbin/rndc reload %zone</NotifyCommand>
  65 -->
  66         </Signer>
  67
  68 <!--    <Auditor>
  69
  70                 <Privileges>
  71                         <User>opendnssec</User>
  72                         <Group>opendnssec</Group>
  73                 </Privileges>
  74
  75
  76                 <WorkingDirectory>/var/lib/opendnssec/tmp</WorkingDirectory>
  77         </Auditor>
  78 -->
  79 </Configuration>