From 37696b9682d6dcd6ca7bd996c38344d4bc4bb51e Mon Sep 17 00:00:00 2001
From: Benjamin Graillot <graillot@crans.org>
Date: Thu, 14 Oct 2021 14:26:02 +0200
Subject: [PATCH] [bind-authoritative] Sign zones with DNSSEC

---
 roles/bind-authoritative/templates/bind/named.conf.local.j2 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/roles/bind-authoritative/templates/bind/named.conf.local.j2 b/roles/bind-authoritative/templates/bind/named.conf.local.j2
index a91863c7..cff2b991 100644
--- a/roles/bind-authoritative/templates/bind/named.conf.local.j2
+++ b/roles/bind-authoritative/templates/bind/named.conf.local.j2
@@ -110,6 +110,9 @@ zone "{{ zone }}" {
 	// Apparmor: Need to ln -s /var/cache/bind/generated /var/local/re2o-services/dns/generated
 	file "generated/{{ zone }}.db";
 	notify yes;
+	inline-signing yes;
+	auto-dnssec maintain;
+	serial-update-method increment;
 {% else %}
 	type slave;
 	file "bak.{{ zone }}";