KASP: Key and Signature Policy

Policy: default

LPNZ policy

Signatures

Resign2 hours
Refresh3 days
Validity Default7 days
Validity NSEC/NSEC37 days
Jitter12 hours
Inception Offset3600 seconds

Denial of Existence

MethodNSEC

Key Parameters

TTL3600 seconds
Retire Safety3600 seconds
Publish Safety3600 seconds
Share Keys?No
Purge dead keys after14 days
KSK
AlgorithmRSA/SHA-256, 2048 bits
Lifetime2 years
RepositorySoftHSM-KSK
Number of Standby Keys
Manual Rollover?No
Use RFC5011?No
ZSK
AlgorithmRSA/SHA-256, 1024 bits
Lifetime30 days
RepositorySoftHSM-ZSK
Number of Standby Keys1
Manual Rollover?No

Zone Parameters

Propagation Delay43200 seconds
SOA TTL3600 seconds
SOA Minimum3600 seconds
SOA Serial FormatYYYYMMDDnn (Date + 2-Digit-Counter)

Parent Parameters

Propagation Delay9999 seconds
DS TTL3600 seconds
SOA TTL172800 seconds
SOA Minimum10800 seconds