77 lines
1.5 KiB
YAML
77 lines
1.5 KiB
YAML
---
|
|
knot_version: ""
|
|
|
|
# XDP datapath options
|
|
# Note: rfc2136 aka nsupdate aka dynamic update
|
|
# not working with XDP
|
|
knot_xdp: false
|
|
knot_xdp_interface: "eth0"
|
|
|
|
# QUIC protocol
|
|
knot_quic: false
|
|
|
|
knot_conf: |
|
|
# This is a sample of a minimal configuration file for Knot DNS.
|
|
# See knot.conf(5) or refer to the server documentation.
|
|
|
|
server:
|
|
rundir: "/run/knot"
|
|
user: knot:knot
|
|
listen: [ 0.0.0.0@53, ::@53 ]
|
|
udp-max-payload: 1232
|
|
{% if knot_quic %}
|
|
listen-quic: [ 0.0.0.0, :: ]
|
|
{% endif %}
|
|
{% if knot_xdp %}
|
|
xdp:
|
|
listen: {{ knot_xdp_interface }}
|
|
udp: true
|
|
tcp: true
|
|
quic: true
|
|
{% endif %}
|
|
log:
|
|
- target: syslog
|
|
any: debug
|
|
|
|
#key:
|
|
# - id: k8s
|
|
# algorithm: hmac-sha512
|
|
# secret: changeme
|
|
|
|
#remote:
|
|
# - id: dns_server
|
|
# address: 127.0.0.1@53
|
|
#
|
|
#submission:
|
|
# - id: dns_zone_sbm
|
|
# parent: [dns_server]
|
|
|
|
#acl:
|
|
# - id: deny_all
|
|
# deny: on # no action specified and deny on implies denial of all actions
|
|
#
|
|
# - id: key_rule
|
|
# key: [k8s] # Access based just on TSIG key
|
|
# address: 192.168.0.0/16
|
|
# action: [transfer, notify, update]
|
|
|
|
#policy:
|
|
# - id: rsa
|
|
# algorithm: RSASHA512
|
|
# ksk-size: 4096
|
|
# zsk-size: 2048
|
|
# nsec3: on
|
|
# ksk-submission: dns_zone_sbm
|
|
|
|
template:
|
|
- id: default
|
|
storage: "/var/lib/knot"
|
|
file: "%s.zone"
|
|
|
|
zone:
|
|
- domain: example.com
|
|
storage: "/var/lib/knot/zones/"
|
|
file: "example.com.zone"
|
|
#acl: [deny_all, key_rule]
|
|
|