<Configuration>

	<RepositoryList>

		<Repository name="SoftHSM">

			<Module>/usr/lib64/softhsm/libsofthsm.so</Module>

			<TokenLabel>OpenDNSSEC</TokenLabel>

			<PIN>1234</PIN>

			# Disabled so it stores the public key in the HSM too,

			# so bind's dnssec-signzone can be used as well

			<SkipPublicKey/>

-->

		</Repository>

		<Repository name="sca6000">

			<Module>/usr/lib64/opencryptoki/PKCS11_API.so</Module>

			<TokenLabel>Sun Metaslot</TokenLabel>

			<PIN>test:1234</PIN>

			<Capacity>255</Capacity>

			<RequireBackup/>

			<SkipPublicKey/>

		</Repository>

-->

	</RepositoryList>

	<Common>

		<Logging>

			<Syslog><Facility>local0</Facility></Syslog>

		</Logging>

		<PolicyFile>/etc/opendnssec/kasp.xml</PolicyFile>

		<ZoneListFile>/etc/opendnssec/zonelist.xml</ZoneListFile>

		<ZoneFetchFile>/etc/opendnssec/zonefetch.xml</ZoneFetchFile>

	-->

	</Common>

	<Enforcer>

		<Privileges>

			<User>ods</User>

			<Group>ods</Group>

		</Privileges>

		<Datastore><SQLite>/var/opendnssec/kasp.db</SQLite></Datastore>

		     DNSKEYs (as a RRset) on standard input

		-->

	</Enforcer>

	<Signer>

		<Privileges>

			<User>ods</User>

			<Group>ods</Group>

		</Privileges>

		<WorkingDirectory>/var/opendnssec/tmp</WorkingDirectory>

		<WorkerThreads>4</WorkerThreads>

                <Listener>

                        <Interface><Port>53</Port></Interface>

                </Listener>

-->

		     %zone      the name of the zone that was signed

		     %zonefile  the filename of the signed zone

		<NotifyCommand>sudo systemctl reload nsd.service</NotifyCommand>

		-->

		<NotifyCommand>/usr/sbin/rndc reload %zone</NotifyCommand>

-->

	</Signer>

</Configuration>