<?xml version="1.0" encoding="UTF-8"?> <Configuration> <RepositoryList> <Repository name="SoftHSM"> <Module>/usr/lib64/softhsm/libsofthsm.so</Module> <TokenLabel>OpenDNSSEC</TokenLabel> <PIN>1234</PIN> <!-- # Disabled so it stores the public key in the HSM too, # so bind's dnssec-signzone can be used as well <SkipPublicKey/> --> </Repository> <!-- <Repository name="sca6000"> <Module>/usr/lib64/opencryptoki/PKCS11_API.so</Module> <TokenLabel>Sun Metaslot</TokenLabel> <PIN>test:1234</PIN> <Capacity>255</Capacity> <RequireBackup/> <SkipPublicKey/> </Repository> --> </RepositoryList> <Common> <Logging> <Syslog><Facility>local0</Facility></Syslog> </Logging> <PolicyFile>/etc/opendnssec/kasp.xml</PolicyFile> <ZoneListFile>/etc/opendnssec/zonelist.xml</ZoneListFile> <!-- <ZoneFetchFile>/etc/opendnssec/zonefetch.xml</ZoneFetchFile> --> </Common> <Enforcer> <Privileges> <User>ods</User> <Group>ods</Group> </Privileges> <Datastore><SQLite>/var/opendnssec/kasp.db</SQLite></Datastore> <Interval>PT3600S</Interval> <!-- <ManualKeyGeneration/> --> <!-- <RolloverNotification>P14D</RolloverNotification> --> <!-- the <DelegationSignerSubmitCommand> will get all current DNSKEYs (as a RRset) on standard input --> <!-- <DelegationSignerSubmitCommand>/usr/sbin/eppclient</DelegationSignerSubmitCommand> --> </Enforcer> <Signer> <Privileges> <User>ods</User> <Group>ods</Group> </Privileges> <WorkingDirectory>/var/opendnssec/tmp</WorkingDirectory> <WorkerThreads>4</WorkerThreads> <!-- <SignerThreads>4</SignerThreads> --> <!-- the <NotifyCommmand> will expand the following variables: %zone the name of the zone that was signed %zonefile the filename of the signed zone <NotifyCommand>sudo systemctl reload nsd.service</NotifyCommand> --> <!-- <NotifyCommand>/usr/sbin/rndc reload %zone</NotifyCommand> --> </Signer> </Configuration>