From 26201154db4a9dcc11a0b6b0e956580ce60f4f35 Mon Sep 17 00:00:00 2001
From: "Steinar H. Gunderson" <sesse@samfundet.no>
Date: Tue, 25 Jun 2013 23:39:19 +0200
Subject: [PATCH] Add example itkacl.conf (it was missing previously).

---
 itkacl-2.1/itkacl.conf | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 itkacl-2.1/itkacl.conf

diff --git a/itkacl-2.1/itkacl.conf b/itkacl-2.1/itkacl.conf
new file mode 100644
index 0000000..4be7f0d
--- /dev/null
+++ b/itkacl-2.1/itkacl.conf
@@ -0,0 +1,26 @@
+# Example /etc/itkacl.conf. These are the only accepted keywords currently.
+
+# What zone to look up results in.
+zone itkacl.as58302.net
+
+# Recommended.
+#
+# NOTE: For performance reasons, the library will read /etc/resolv.conf
+# and use the resolver there (if you have one). This means that
+# 
+#   a) Your recursive resolver(s) must support DNSSEC, too.
+#   b) You must trust the path between yourself and the resolvers.
+#
+# The simplest way to satisfy both of these is probably to run a local
+# instance of unbound or BIND, and then point resolv.conf to localhost.
+
+#require-dnssec
+
+# You need a trust anchor if you want DNSSEC to work. If you have working
+# DNSSEC delegation all the way from the root, you can generate this with:
+#
+#   sudo unbound-anchor -a /etc/unbound/root.key
+#
+# If not, you will need to add your own trust anchor in the right format here.
+
+#dnssec-public-key /etc/unbound/root.key
-- 
2.39.2