/*
 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 *
 * SPDX-License-Identifier: MPL-2.0
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0.  If a copy of the MPL was not distributed with this
 * file, you can obtain one at https://mozilla.org/MPL/2.0/.
 *
 * See the COPYRIGHT file distributed with this work for additional
 * information regarding copyright ownership.
 */

dnssec-policy "warn1" {
	keys {
		// This policy has keys in the same algorithm with the same
		// role, this should trigger a warning.
		ksk lifetime unlimited algorithm ecdsa256;
		zsk lifetime unlimited algorithm ecdsa256;
		zsk lifetime unlimited algorithm ecdsa256;
		ksk lifetime unlimited algorithm ecdsa256;
	};
};

dnssec-policy "warn2" {
	keys {
		// This policy has keys in the same algorithm with the same
		// role, this should trigger a warning.
		csk lifetime unlimited algorithm rsasha256;
		ksk lifetime unlimited algorithm rsasha256;
		zsk lifetime unlimited algorithm rsasha256;
	};
};

dnssec-policy "warn3" {
	keys {
		// This policy has a key with a very short lifetime.
		csk lifetime PT2591999S algorithm rsasha256;
	};
};

zone "warn1.example.net" {
	type primary;
	file "warn1.example.db";
	inline-signing yes;
	dnssec-policy "warn1";
};

zone "warn2.example.net" {
	type primary;
	file "warn2.example.db";
	inline-signing yes;
	dnssec-policy "warn2";
};

zone "warn3.example.net" {
	type primary;
	file "warn3.example.db";
	inline-signing yes;
	dnssec-policy "warn3";
};