---
knot_conf: |
  # This is a sample of a minimal configuration file for Knot DNS.
  # See knot.conf(5) or refer to the server documentation.
  
  server:
      rundir: "/run/knot"
      user: knot:knot
      listen: [ 0.0.0.0@53, ::@53 ]
      udp-max-payload: 1232
  
  log:
    - target: syslog
      any: debug
  
  #key:
  #  - id: k8s
  #    algorithm: hmac-sha512
  #    secret: changeme
  
  #remote:
  #  - id: dns_server
  #    address: 127.0.0.1@53
  #
  #submission:
  #  - id: dns_zone_sbm
  #    parent: [dns_server]
  
  #acl:
  #  - id: deny_all
  #    deny: on # no action specified and deny on implies denial of all actions
  #
  #  - id: key_rule
  #    key: [k8s]                # Access based just on TSIG key
  #    address: 192.168.0.0/16
  #    action: [transfer, notify, update]
  
  #policy:
  #  - id: rsa
  #    algorithm: RSASHA512
  #    ksk-size: 4096
  #    zsk-size: 2048
  #    nsec3: on
  #    ksk-submission: dns_zone_sbm

  template:
    - id: default
      storage: "/var/lib/knot"
      file: "%s.zone"
  
  zone:
    - domain: example.com
      storage: "/var/lib/knot/zones/"
      file: "example.com.zone"
      #acl: [deny_all, key_rule]