77 lines
		
	
	
		
			1.5 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
			
		
		
	
	
			77 lines
		
	
	
		
			1.5 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
| ---
 | |
| knot_version: ""
 | |
| 
 | |
| # XDP datapath options
 | |
| # Note: rfc2136 aka nsupdate aka dynamic update 
 | |
| # not working with XDP
 | |
| knot_xdp: false
 | |
| knot_xdp_interface: "eth0"
 | |
| 
 | |
| # QUIC protocol
 | |
| knot_quic: false
 | |
| 
 | |
| knot_conf: |
 | |
|   # This is a sample of a minimal configuration file for Knot DNS.
 | |
|   # See knot.conf(5) or refer to the server documentation.
 | |
|   
 | |
|   server:
 | |
|       rundir: "/run/knot"
 | |
|       user: knot:knot
 | |
|       listen: [ 0.0.0.0@53, ::@53 ]
 | |
|       udp-max-payload: 1232
 | |
|   {% if knot_quic %}
 | |
|       listen-quic: [ 0.0.0.0, :: ]
 | |
|   {% endif %}
 | |
|   {% if knot_xdp %}
 | |
|   xdp:
 | |
|       listen: {{ knot_xdp_interface }}
 | |
|       udp: true
 | |
|       tcp: true
 | |
|       quic: true
 | |
|   {% endif %}
 | |
|   log:
 | |
|     - target: syslog
 | |
|       any: debug
 | |
|   
 | |
|   #key:
 | |
|   #  - id: k8s
 | |
|   #    algorithm: hmac-sha512
 | |
|   #    secret: changeme
 | |
|   
 | |
|   #remote:
 | |
|   #  - id: dns_server
 | |
|   #    address: 127.0.0.1@53
 | |
|   #
 | |
|   #submission:
 | |
|   #  - id: dns_zone_sbm
 | |
|   #    parent: [dns_server]
 | |
|   
 | |
|   #acl:
 | |
|   #  - id: deny_all
 | |
|   #    deny: on # no action specified and deny on implies denial of all actions
 | |
|   #
 | |
|   #  - id: key_rule
 | |
|   #    key: [k8s]                # Access based just on TSIG key
 | |
|   #    address: 192.168.0.0/16
 | |
|   #    action: [transfer, notify, update]
 | |
|   
 | |
|   #policy:
 | |
|   #  - id: rsa
 | |
|   #    algorithm: RSASHA512
 | |
|   #    ksk-size: 4096
 | |
|   #    zsk-size: 2048
 | |
|   #    nsec3: on
 | |
|   #    ksk-submission: dns_zone_sbm
 | |
| 
 | |
|   template:
 | |
|     - id: default
 | |
|       storage: "/var/lib/knot"
 | |
|       file: "%s.zone"
 | |
|   
 | |
|   zone:
 | |
|     - domain: example.com
 | |
|       storage: "/var/lib/knot/zones/"
 | |
|       file: "example.com.zone"
 | |
|       #acl: [deny_all, key_rule]
 | |
|   
 |