0c84e1
# Red Hat Enterprise Linux 7 version of dnssec-trigger.conf
9d5aef
9d5aef
# logging detail, 0=only errors, 1=operations, 2=detail, 3,4 debug detail.
9d5aef
# verbosity: 1
9d5aef
9d5aef
# pidfile location
9d5aef
pidfile: "/var/run/dnssec-triggerd.pid"
9d5aef
9d5aef
# log to a file instead of syslog, default is to syslog
9d5aef
# logfile: "/var/log/dnssec-trigger.log"
9d5aef
9d5aef
# log to syslog, or (log to to stderr or a logfile if specified). yes or no.
9d5aef
# use-syslog: yes
9d5aef
9d5aef
# chroot to this directory
9d5aef
# chroot: ""
9d5aef
9d5aef
# the unbound-control binary if not found in PATH.
9d5aef
# commandline options can be appended "unbound-control -c my.conf" if you wish.
9d5aef
# unbound-control: "/usr/sbin/unbound-control"
9d5aef
9d5aef
# where is resolv.conf to edit.
9d5aef
# resolvconf: "/etc/resolv.conf"
9d5aef
9d5aef
# the domain example.com line (if any) to add to resolv.conf(5). default none.
9d5aef
# domain: ""
9d5aef
9d5aef
# domain name search path to add to resolv.conf(5). default none.
9d5aef
# the search path from DHCP is not picked up, it could be used to misdirect.
9d5aef
# search: ""
9d5aef
9d5aef
# the command to run to open login pages on hot spots, a web browser.
9d5aef
# empty string runs no command.
9d5aef
# login-command: "xdg-open"
9d5aef
9d5aef
# the url to open to get hot spot login, it gets overridden by the hotspot.
9d5aef
login-location: "http://www.nlnetlabs.nl/projects/dnssec-trigger"
9d5aef
# should to be a ttl=0 entry
9d5aef
9d5aef
# do not perform actions (unbound-control or resolv.conf), for a dry-run.
9d5aef
# noaction: no
9d5aef
9d5aef
# port number to use for probe daemon.
9d5aef
# port: 8955
9d5aef
9d5aef
# keys and certificates generated by the dnssec-trigger-keygen systemd service
9d5aef
# (which called dnssec-trigger-control-setup)
9d5aef
server-key-file: "/etc/dnssec-trigger/dnssec_trigger_server.key"
9d5aef
server-cert-file: "/etc/dnssec-trigger/dnssec_trigger_server.pem"
9d5aef
control-key-file: "/etc/dnssec-trigger/dnssec_trigger_control.key"
9d5aef
control-cert-file: "/etc/dnssec-trigger/dnssec_trigger_control.pem"
9d5aef
9d5aef
# check for updates, download and ask to install them (for Windows, OSX).
9d5aef
# check-updates: no
9d5aef
9d5aef
# webservers that are probed to see if internet access is possible.
9d5aef
# They serve a simple static page over HTTP port 80.  It probes a random url:
9d5aef
# after a space is the content expected on the page, (the page can contain
9d5aef
# whitespace before and after this code).  Without urls it skips http probes.
9d5aef
9d5aef
# provided by NLnetLabs
9d5aef
# It is provided on a best effort basis, with no service guarantee.
9d5aef
url: "http://ster.nlnetlabs.nl/hotspot.txt OK"
9d5aef
9d5aef
# fallback open DNSSEC resolvers that run on TCP port 80 and TCP port 443.
9d5aef
# the ssl443 adds an ssl server IP, if you specify a hash it is checked, put
9d5aef
# the following on one line: ssl443:<space><IP><space><HASHoutput>
9d5aef
# hash is output of openssl x509 -sha256 -fingerprint -in server.pem
9d5aef
# You can add more with extra config lines.
9d5aef
9d5aef
# provided by Paul Wouters (pwouters@redhat.com)
9d5aef
# It is provided on a best effort basis, with no service guarantee.
9d5aef
# tcp80:  193.110.157.123
9d5aef
# tcp80:  2001:888:2003:1004::123
9d5aef
# ssl443: 193.110.157.123 16:41:49:E0:9D:62:CD:DB:79:A7:2B:71:58:C4:D5:E8:70:FA:BF:4D:6D:36:CC:07:35:33:C0:16:17:1B:61:E7
9d5aef
# ssl443: 2001:888:2003:1004::123 16:41:49:E0:9D:62:CD:DB:79:A7:2B:71:58:C4:D5:E8:70:FA:BF:4D:6D:36:CC:07:35:33:C0:16:17:1B:61:E7
9d5aef
9d5aef
# provided by NLnetLabs (www.nlnetlabs.nl)
9d5aef
# It is provided on a best effort basis, with no service guarantee.
9d5aef
tcp80: 213.154.224.3
9d5aef
tcp80: 2001:7b8:206:1:bb::
9d5aef
ssl443: 213.154.224.3 DC:22:7B:1C:00:1A:CE:C5:48:49:B1:E3:30:DE:61:93:61:12:4E:CB:5C:B4:33:C4:BC:75:8C:D6:16:9D:F0:9F
9d5aef
ssl443: 2001:7b8:206:1:bb:: DC:22:7B:1C:00:1A:CE:C5:48:49:B1:E3:30:DE:61:93:61:12:4E:CB:5C:B4:33:C4:BC:75:8C:D6:16:9D:F0:9F
9d5aef