dnssec-trigger/dnssec-trigger-default.conf
Petr Menšík 83370a1698 Update upstream servers to zus.nlnetlabs.nl.
Upstream servers no longer have the original IP addresses or that hash.
Fix addresses to working set actually instead of uncommenting the very
old set. The set were changed in 2014 by upstream commit bafdcd5.
2023-07-25 11:37:35 +02:00

81 lines
3.1 KiB
Text

# Fedora/EPEL version of dnssec-trigger.conf
# logging detail, 0=only errors, 1=operations, 2=detail, 3,4 debug detail.
# verbosity: 1
# pidfile location
pidfile: "/var/run/dnssec-triggerd.pid"
# log to a file instead of syslog, default is to syslog
# logfile: "/var/log/dnssec-trigger.log"
# log to syslog, or (log to to stderr or a logfile if specified). yes or no.
# use-syslog: yes
# chroot to this directory
# chroot: ""
# the unbound-control binary if not found in PATH.
# commandline options can be appended "unbound-control -c my.conf" if you wish.
# unbound-control: "/usr/sbin/unbound-control"
# where is resolv.conf to edit.
# resolvconf: "/etc/resolv.conf"
# the domain example.com line (if any) to add to resolv.conf(5). default none.
# domain: ""
# domain name search path to add to resolv.conf(5). default none.
# the search path from DHCP is not picked up, it could be used to misdirect.
# search: ""
# the command to run to open login pages on hot spots, a web browser.
# empty string runs no command.
# login-command: "xdg-open"
# the url to open to get hot spot login, it gets overridden by the hotspot.
# login-location: "http://www.nlnetlabs.nl/projects/dnssec-trigger"
# should to be a ttl=0 entry
login-location: "http://hotspot-nocache.fedoraproject.org/"
# do not perform actions (unbound-control or resolv.conf), for a dry-run.
# noaction: no
# port number to use for probe daemon.
# port: 8955
# keys and certificates generated by the dnssec-trigger-keygen systemd service
# (which called dnssec-trigger-control-setup)
server-key-file: "/etc/dnssec-trigger/dnssec_trigger_server.key"
server-cert-file: "/etc/dnssec-trigger/dnssec_trigger_server.pem"
control-key-file: "/etc/dnssec-trigger/dnssec_trigger_control.key"
control-cert-file: "/etc/dnssec-trigger/dnssec_trigger_control.pem"
# check for updates, download and ask to install them (for Windows, OSX).
# check-updates: no
# webservers that are probed to see if internet access is possible.
# They serve a simple static page over HTTP port 80. It probes a random url:
# after a space is the content expected on the page, (the page can contain
# whitespace before and after this code). Without urls it skips http probes.
# provided by NLnetLabs
# It is provided on a best effort basis, with no service guarantee.
# url: "http://ster.nlnetlabs.nl/hotspot.txt OK"
# provided by FedoraProject
url: "http://fedoraproject.org/static/hotspot.txt OK"
# fallback open DNSSEC resolvers that run on TCP port 80 and TCP port 443.
# the ssl443 adds an ssl server IP, if you specify a hash it is checked, put
# the following on one line: ssl443:<space><IP><space><HASHoutput>
# hash is output of openssl x509 -sha256 -fingerprint -in server.pem
# You can add more with extra config lines.
# provided by NLnetLabs (www.nlnetlabs.nl)
# It is provided on a best effort basis, with no service guarantee.
tcp80: 185.49.140.67
tcp80: 2a04:b900::10:0:0:67
ssl443: 185.49.140.67 7E:CF:B4:BE:B9:9A:56:0D:F7:3B:40:51:A4:78:E6:A6:FD:66:0F:10:58:DC:A8:2E:C0:43:D4:77:5A:71:8A:CF
ssl443: 2a04:b900::10:0:0:67 7E:CF:B4:BE:B9:9A:56:0D:F7:3B:40:51:A4:78:E6:A6:FD:66:0F:10:58:DC:A8:2E:C0:43:D4:77:5A:71:8A:CF