<literallayout class="normal">
dnssec-policy <replaceable>string</replaceable> {
dnskey-ttl <replaceable>ttlval</replaceable>;
- keys { ( csk | ksk | zsk ) key-directory <replaceable>duration</replaceable> <replaceable>integer</replaceable> [ <replaceable>integer</replaceable> ] ; ... };
+ keys { ( csk | ksk | zsk ) key-directory lifetime <replaceable>duration</replaceable> algorithm <replaceable>integer</replaceable> [ <replaceable>integer</replaceable> ] ; ... };
parent-ds-ttl <replaceable>duration</replaceable>;
parent-propagation-delay <replaceable>duration</replaceable>;
parent-registration-delay <replaceable>duration</replaceable>;
dnssec-policy "test" {
dnskey-ttl 3600;
keys {
- ksk key-directory P1Y 13 256;
- zsk key-directory P30D 13;
- csk key-directory P30D 8 2048;
+ ksk key-directory lifetime P1Y algorithm 13 256;
+ zsk key-directory lifetime P30D algorithm 13;
+ csk key-directory lifetime P30D algorithm 8 2048;
};
publish-safety PT3600S;
retire-safety PT3600S;
dnskey-ttl 200;
keys {
- csk key-directory P1Y 13;
- ksk key-directory P1Y 8;
- zsk key-directory P30D 8 1024;
- zsk key-directory P6M 8 2000;
+ csk key-directory lifetime P1Y algorithm 13;
+ ksk key-directory lifetime P1Y algorithm 8;
+ zsk key-directory lifetime P30D algorithm 8 1024;
+ zsk key-directory lifetime P6M algorithm 8 2000;
};
};
dnskey-ttl 300;
keys {
- ksk key-directory P2Y 13;
- zsk key-directory P1Y 13;
+ ksk key-directory lifetime P2Y algorithm 13;
+ zsk key-directory lifetime P1Y algorithm 13;
};
};
retire-safety P2D;
keys {
- ksk key-directory P2Y 13;
- zsk key-directory P30D 13;
+ ksk key-directory lifetime P2Y algorithm 13;
+ zsk key-directory lifetime P30D algorithm 13;
};
zone-propagation-delay PT1H;
retire-safety P2D;
keys {
- ksk key-directory P60D 13;
- zsk key-directory P1Y 13;
+ ksk key-directory lifetime P60D algorithm 13;
+ zsk key-directory lifetime P1Y algorithm 13;
};
zone-propagation-delay PT1H;
dnskey-ttl 1234;
keys {
- ksk key-directory P10Y 5;
- zsk key-directory P5Y 5;
- zsk key-directory P1Y 5 2000;
+ ksk key-directory lifetime P10Y algorithm 5;
+ zsk key-directory lifetime P5Y algorithm 5;
+ zsk key-directory lifetime P1Y algorithm 5 2000;
};
};
dnskey-ttl 1234;
keys {
- ksk key-directory P10Y 7;
- zsk key-directory P5Y 7;
- zsk key-directory P1Y 7 2000;
+ ksk key-directory lifetime P10Y algorithm 7;
+ zsk key-directory lifetime P5Y algorithm 7;
+ zsk key-directory lifetime P1Y algorithm 7 2000;
};
};
dnskey-ttl 1234;
keys {
- ksk key-directory P10Y 8;
- zsk key-directory P5Y 8;
- zsk key-directory P1Y 8 2000;
+ ksk key-directory lifetime P10Y algorithm 8;
+ zsk key-directory lifetime P5Y algorithm 8;
+ zsk key-directory lifetime P1Y algorithm 8 2000;
};
};
dnskey-ttl 1234;
keys {
- ksk key-directory P10Y 10;
- zsk key-directory P5Y 10;
- zsk key-directory P1Y 10 2000;
+ ksk key-directory lifetime P10Y algorithm 10;
+ zsk key-directory lifetime P5Y algorithm 10;
+ zsk key-directory lifetime P1Y algorithm 10 2000;
};
};
dnskey-ttl 1234;
keys {
- ksk key-directory P10Y 13;
- zsk key-directory P5Y 13;
- zsk key-directory P1Y 13 256;
+ ksk key-directory lifetime P10Y algorithm 13;
+ zsk key-directory lifetime P5Y algorithm 13;
+ zsk key-directory lifetime P1Y algorithm 13 256;
};
};
dnskey-ttl 1234;
keys {
- ksk key-directory P10Y 14;
- zsk key-directory P5Y 14;
- zsk key-directory P1Y 14 384;
+ ksk key-directory lifetime P10Y algorithm 14;
+ zsk key-directory lifetime P5Y algorithm 14;
+ zsk key-directory lifetime P1Y algorithm 14 384;
};
};
</para>
<programlisting>keys {
- ksk key-directory P5Y 8 2048;
- zsk key-directory P30D 8;
- csk key-directory P6MT12H3M15S 13;
+ ksk key-directory lifetime P5Y algorithm 8 2048;
+ zsk key-directory lifetime P30D algorithm 8;
+ csk key-directory lifetime P6MT12H3M15S algorithm 13;
};
</programlisting>
<programlisting>
dnssec-policy csk {
keys {
- csk key-directory P5Y 13;
+ csk key-directory lifetime P5Y algorithm 13;
};
};
</programlisting>
of keys:
```
keys {
- ksk key-directory P5Y ECDSAP256SHA256;
- zsk key-directory P30D ECDSAP256SHA256;
- csk key-directory PT0S 8 2048;
+ ksk key-directory lifetime P5Y algorithm ECDSAP256SHA256;
+ zsk key-directory lifetime P30D algorithm ECDSAP256SHA256;
+ csk key-directory lifetime PT0S algorithm 8 2048;
};
```
dnssec-policy <string> {
dnskey-ttl <ttlval>;
- keys { ( csk | ksk | zsk ) key-directory <duration> <string>
+ keys { ( csk | ksk | zsk ) key-directory lifetime <duration> algorithm <integer>
[ <integer> ]; ... };
parent-ds-ttl <duration>;
parent-propagation-delay <duration>;
/*%
* A dnssec key, as used in the "keys" statement in a "dnssec-policy".
*/
+static keyword_type_t algorithm_kw = { "algorithm", &cfg_type_uint32 };
+static cfg_type_t cfg_type_algorithm = {
+ "algorithm", parse_keyvalue, print_keyvalue,
+ doc_keyvalue, &cfg_rep_uint32, &algorithm_kw
+};
+
+static keyword_type_t lifetime_kw = { "lifetime", &cfg_type_duration };
+static cfg_type_t cfg_type_lifetime = {
+ "lifetime", parse_keyvalue, print_keyvalue,
+ doc_keyvalue, &cfg_rep_duration, &lifetime_kw
+};
+
static cfg_tuplefielddef_t kaspkey_fields[] = {
{ "role", &cfg_type_dnsseckeyrole, 0 },
{ "keystore-type", &cfg_type_dnsseckeystore, 0 },
- { "lifetime", &cfg_type_duration, 0 },
- { "algorithm", &cfg_type_uint32, 0 },
+ { "lifetime", &cfg_type_lifetime, 0 },
+ { "algorithm", &cfg_type_algorithm, 0 },
{ "length", &cfg_type_optional_uint32, 0 },
{ NULL, NULL, 0 }
};
&cfg_rep_tuple, kaspkey_fields
};
+/*%
+ * Wild class, type, name.
+ */
static keyword_type_t wild_class_kw = { "class", &cfg_type_ustring };
static cfg_type_t cfg_type_optional_wild_class = {
projects / thirdparty / bind9.git / commitdiff
