Sophie: autotrust-0.3.1-6.fc15 i686

autotrust-0.3.1-6.fc15.i686.rpm

# include another configfile, so you can split up configuration settings.
# for example, you can store your dynamica trust anchor configuration in 
# a file called keys.conf.
# include: "keys.conf"

# program configuration
config:
	# directory to go to for performing autotrust.
	# by default, autotrust will store files in the current directory.
	working-dir: "/var/lib/autotrust"

	# where to find the root-hints. 
	# by default, autotrust uses builtin root hints from libunbound.
	# root-hints:			"/etc/named.root"

	# where to log messages. by default, logs will be outputted to
	# @logfile@.
	# If no log-file is given, stderr is used.
	log-file: "/var/log/autotrust.log"

	# whether to use syslog as logging device. not default.
	# if set to "yes", the log-file option will be ignored.
	# use-syslog:			"no"

	# where to store the pid. by default, the pidfile is set to 
	# @pidfile@.
	# the pidfile is only used if autotrust runs as daemon.
	pid-file: "/var/run/autotrust.pid"

	# where to store trust anchor state. by default, it is stored in
	# @statefile@.
	state-file: "/var/lib/autotrust/autotrust.state"

	# where to find the the trust anchors (these can be used for Unbound).
	# trust-anchor-file:	"trust-anchor.file"

	# where to find the the trust anchors (these can be used for 
	# BIND9 and Unbound). you can also put your BIND configuration file 
	# here, though it is recommended to solely put the trusted-keys clause 
	# in this file and include it in your actual BIND configuration file.
	trusted-keys-file:      "/etc/pki/dnssec-keys/named.dnssec.keys"
	#trusted-keys-file:      "/etc/pki/dnssec-keys/production/*.conf"
	#trusted-keys-file:      "/etc/pki/dnssec-keys/production/reverse/*.conf"

	# what resolv.conf file to use. 
	# by default, autotrust doesn't use configured nameservers, but queries 
	# for the answers himself. By providing your resolver configuration, the 
	# program will run much faster.
	# resolv-conf:			"/etc/resolv.conf"

	# by default, autotrust makes use of both ipv4 and ipv6. setting one of 
	# these options to "no" eliminates the use of the that protocol version. 
	# do-ip4: 				"yes"
	# do-ip6: 				"yes"

	# specify the time when a trust anchor may be added.
	# by default, add holddown time is 30 days.
	# STRONGLY RECOMMENDED VALUE: 30days or higher
	# add-holddown:			2592000 # 30 days

	# specify the time when a trust anchor may be removed.
	# by default, del holddown time is 30 days.
	# STRONGLY RECOMMENDED VALUE: 30days or higher
	# del-holddown:			2592000 # 30 days

	# how many times must a pending trust anchor be seen, before adding it 
	# to the valid trust anchor set. by default, 2 times.
	# STRONGLY RECOMMENDED VALUE: 2 or higher
	# pending-count:		2

	# keep trust anchors with the START state in the state information file.
	# by default, trust anchors in the state START are not stored.
	# keep-start:			"no"

	# keep trust anchors with the REMOVED state in the state information.
	# by default, trust anchors in the state REMOVED are not stored.
	# keep-removed:			"no"

	# Fedora/EPEL: nameservers are restarted via the autostart.cron job
	# instead of via resolver-pidfile/resolver-reload

	# the pidfile that stores the process id of your resolver.
	# by default, autotrust does not know about your resolver and will not 
	# signal resolvers. You may configure multiple resolver pidfiles.
	# resolver-pidfile: "/var/run/unbound/unbound.pid"
	# resolver-pidfile: "/var/run/named/named.pid"

	# you may also specify the reload command to be executed.
	# resolver-reload:		"unbound-control reload"
	# resolver-reload:		"rndc reload"

	# if you use Unbound, you can specify the Undbound configuration 
	# here, so that autotrust uses the same configuration. This option was 
	# built in for debugging purposes (to configure stub zones), and is 
	# considered experimental.
	unbound-conf:			"/etc/unbound/unbound.conf"
	
	# specify the time when a missing trust anchor may not be used 
	# as valid trust anchor anymore. If keep-missing is 0, missing keys 
	# are never removed (unless revoked), which is the default.
	# STRONGLY RECOMMENDED VALUE: 0, or 1year or higher
	# keep-missing:			31536000 # 1 year

	# log if keys gone missing, regardless of the used verbosity level.
	# on by default.
	# alert-missing:		"yes"

	# run autotrust as daemon. By default "no".
	# daemonize:			"no"

	# if you have a superior trust point configured, the subordinate trust 
	# anchors will be removed after 180 days after the superior trust point 
	# was introduced. by default, this option is disabled, you may enable it 
	# by setting 'superior-trust' to "yes".
	# THIS OPTION IS NOT IMPLEMENTED YET
	# superior-trust:		"no"

	# set the level of verbosity. default it it set to 1. the higher this 
	# number, the more log messages you will get. if you want no 
	# output at all, set verbosity to 0 (you will log only error and 
	# warning messages).
	# verbosity:			1