/usr/share/opendnssec/conf.xml is in opendnssec-common 1:2.1.3-0.2build1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 | <?xml version="1.0" encoding="UTF-8"?>
<Configuration>
<RepositoryList>
<!--
<Repository name="SoftHSM">
<Module>/usr/lib/softhsm/libsofthsm.so</Module>
<TokenLabel>OpenDNSSEC</TokenLabel>
<PIN>1234</PIN>
<SkipPublicKey/>
<!--
<AllowExtraction/>
-->
</Repository>
-->
<!--
<Repository name="sca6000">
<Module>/usr/lib/libpkcs11.so</Module>
<TokenLabel>Sun Metaslot</TokenLabel>
<PIN>test:1234</PIN>
<Capacity>255</Capacity>
<RequireBackup/>
<SkipPublicKey/>
</Repository>
-->
</RepositoryList>
<Common>
<Logging>
<!-- Command line verbosity will overwrite configure file -->
<Verbosity>3</Verbosity>
<Syslog><Facility>local0</Facility></Syslog>
</Logging>
<PolicyFile>/etc/opendnssec/kasp.xml</PolicyFile>
<ZoneListFile>/etc/opendnssec/zonelist.xml</ZoneListFile>
</Common>
<Enforcer>
<Datastore><SQLite>/var/lib/opendnssec/kasp.db</SQLite></Datastore>
<!-- <ManualKeyGeneration/> -->
<AutomaticKeyGenerationPeriod>P1Y</AutomaticKeyGenerationPeriod>
<!-- <RolloverNotification>P14D</RolloverNotification> -->
<!-- the <DelegationSignerSubmitCommand> will get all current
DNSKEYs (as a RRset) on standard input (with optional CKA_ID) -->
<!-- <DelegationSignerSubmitCommand>/usr/sbin/simple-dnskey-mailer.sh</DelegationSignerSubmitCommand> -->
<WorkingDirectory>/var/lib/opendnssec/enforcer</WorkingDirectory>
<!--<WorkerThreads>4</WorkerThreads>-->
</Enforcer>
<Signer>
<WorkingDirectory>/var/lib/opendnssec/signer</WorkingDirectory>
<WorkerThreads>4</WorkerThreads>
<!--
<SignerThreads>4</SignerThreads>
-->
<!-- Multiple interfaces can be specified in the <Listener> section. OpenDNSSEC
will bind() to the first interface. I.e. outgoing packets will have the
source address of the first mentioned interface. -->
<!--
<Listener>
<Interface><Port>53</Port></Interface>
</Listener>
-->
<!-- the <NotifyCommmand> will expand the following variables:
%zone the name of the zone that was signed
%zonefile the filename of the signed zone
-->
<!--
<NotifyCommand>/usr/local/bin/my_nameserver_reload_command</NotifyCommand>
-->
<!--
<NotifyCommand>/usr/sbin/rndc reload %zone</NotifyCommand>
-->
</Signer>
</Configuration>
|