--- /dev/null
+#
+# @(#) dnssec.conf vT0.99d (c) Feb 2005 - Aug 2009 Holger Zuleger hznet.de
+#
+
+# dnssec-zkt options
+Zonedir: "."
+Recursive: False
+PrintTime: True
+PrintAge: False
+LeftJustify: False
+
+# zone specific values
+ResignInterval: 1w # (604800 seconds)
+Sigvalidity: 10d # (864000 seconds)
+Max_TTL: 8h # (28800 seconds)
+Propagation: 5m # (300 seconds)
+KEY_TTL: 4h # (14400 seconds)
+Serialformat: incremental
+
+# signing key parameters
+Key_algo: RSASHA1 # (Algorithm ID 5)
+KSK_lifetime: 1y # (31536000 seconds)
+KSK_bits: 1300
+KSK_randfile: "/dev/urandom"
+ZSK_lifetime: 12w # (7257600 seconds)
+ZSK_bits: 512
+ZSK_randfile: "/dev/urandom"
+SaltBits: 24
+
+# dnssec-signer options
+LogFile: ""
+LogLevel: ERROR
+SyslogFacility: NONE
+SyslogLevel: NOTICE
+VerboseLog: 0
+Keyfile: "dnskey.db"
+Zonefile: "zone.db"
+DLV_Domain: ""
+Sig_Pseudorand: False
+Sig_GenerateDS: True
+Sig_Parameter: ""