The DNSSEC-Tools configuration file contains many settings for customizing the DNSSEC-Tools suite of programs. The setting include things such as default authentication algorithm, directory for archived authentication keys, paths to various helper programs, and lengths of authentication keys. Configuration entries are in a keyword/value format. The keyword is a character string and the value is data associated with that keyword. /usr/local/etc/dnssec/dnssec-tools.conf is the default location for the configuration file.

The dtinitconf command will create a new DNSSEC-Tools configuration file. Command options will allow for automatic customization of the file. It is a plain text file, so any normal text editor (e.g., vi or emacs) may be used to modify the configuration file.

Several example option settings are given below. The man page for dnssec-tools.conf should be consulted for a complete list of possible options. Each option has a recommended setting, but that setting should not be considered a universally correct setting.