server:
    version: "Knot"
    nsid: ""
    rundir: "/run/knot"
    user: "knot:knot"
    automatic-acl: "on"
    listen: [ "2001:db8::1@42053", "203.0.113.1@42053" ]

log:
  - target: "/var/log/knot/knot.log"
    any: "debug"

database:
    storage: "/var/lib/knot"

key:
  - id: "primary-to-secondary."
    algorithm: "hmac-sha256"
    secret: "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGH" # keymgr -t primary-to-secondary hmac-sha256

remote:
  - id: "secondary"
    address: [ "2001:db8::2@53", "203.0.113.2@53" ]
    key: "primary-to-secondary."

policy:
  - id: "servnest"
    algorithm: "ed25519"
    nsec3: "on"
    nsec3-iterations: 10

template:
  - id: "servnest"
    storage: "/srv/servnest/ns"
    file: "%s.zone"
    zonefile-load: "whole"
    journal-content: "all"
    dnssec-signing: "on"
    dnssec-policy: "servnest"
    catalog-role: "member"
    catalog-zone: "servnest.test.invalid."

zone:
  - domain: "servnest.test.invalid."
    notify: "secondary"
    zonefile-load: "whole"
    journal-content: "all"
    catalog-role: "generate"

  - domain: "servnest.test."
    template: "servnest"
    storage: "/srv/servnest/reg"
  - domain: "test.servnest.test."
    template: "servnest"
    storage: "/srv/servnest/reg"