1/* 2 * Copyright (C) 2009-2012 Internet Systems Consortium, Inc. ("ISC") 3 * 4 * Permission to use, copy, modify, and/or distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 9 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 10 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 11 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 12 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 13 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 14 * PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17/* $Id: named.conf,v 1.7.18.5 2012/02/06 23:45:58 tbox Exp $ */ 18 19// NS3 20 21controls { /* empty */ }; 22 23options { 24 query-source address 10.53.0.3; 25 notify-source 10.53.0.3; 26 transfer-source 10.53.0.3; 27 port 5300; 28 session-keyfile "session.key"; 29 pid-file "named.pid"; 30 listen-on { 10.53.0.3; }; 31 listen-on-v6 { none; }; 32 recursion no; 33 notify yes; 34 dnssec-enable yes; 35 dnssec-validation yes; 36 allow-new-zones yes; 37}; 38 39key rndc_key { 40 secret "1234abcd8765"; 41 algorithm hmac-md5; 42}; 43 44controls { 45 inet 10.53.0.3 port 9953 allow { any; } keys { rndc_key; }; 46}; 47 48zone "." { 49 type hint; 50 file "../../common/root.hint"; 51}; 52 53zone "example" { 54 type slave; 55 masters { 10.53.0.2; }; 56 file "example.bk"; 57}; 58 59zone "bar" { 60 type slave; 61 masters { 10.53.0.2; }; 62 file "bar.bk"; 63}; 64 65zone "secure.example" { 66 type master; 67 file "secure.example.db"; 68 allow-update { any; }; 69 auto-dnssec maintain; 70}; 71 72zone "insecure.example" { 73 type master; 74 file "insecure.example.db"; 75}; 76 77zone "nsec3.example" { 78 type master; 79 file "nsec3.example.db"; 80 allow-update { any; }; 81 auto-dnssec maintain; 82}; 83 84zone "optout.nsec3.example" { 85 type master; 86 file "optout.nsec3.example.db"; 87 allow-update { any; }; 88 auto-dnssec maintain; 89}; 90 91zone "nsec3.nsec3.example" { 92 type master; 93 file "nsec3.nsec3.example.db"; 94 allow-update { any; }; 95 auto-dnssec maintain; 96}; 97 98zone "secure.nsec3.example" { 99 type master; 100 file "secure.nsec3.example.db"; 101 allow-update { any; }; 102 auto-dnssec maintain; 103}; 104 105zone "optout.example" { 106 type master; 107 file "optout.example.db"; 108 allow-update { any; }; 109 auto-dnssec maintain; 110}; 111 112zone "secure.optout.example" { 113 type master; 114 file "secure.optout.example.db"; 115 allow-update { any; }; 116 auto-dnssec maintain; 117}; 118 119zone "nsec3.optout.example" { 120 type master; 121 file "nsec3.optout.example.db"; 122 allow-update { any; }; 123 auto-dnssec maintain; 124}; 125 126zone "optout.optout.example" { 127 type master; 128 file "optout.optout.example.db"; 129 allow-update { any; }; 130 auto-dnssec maintain; 131}; 132 133zone "rsasha256.example" { 134 type master; 135 file "rsasha256.example.db"; 136 allow-update { any; }; 137 auto-dnssec maintain; 138}; 139 140zone "rsasha512.example" { 141 type master; 142 file "rsasha512.example.db"; 143 allow-update { any; }; 144 auto-dnssec maintain; 145}; 146 147zone "nsec.example" { 148 type master; 149 file "nsec.example.db"; 150 allow-update { any; }; 151 auto-dnssec maintain; 152}; 153 154zone "nsec3-to-nsec.example" { 155 type master; 156 file "nsec3-to-nsec.example.db"; 157 allow-update { any; }; 158 auto-dnssec maintain; 159}; 160 161zone "secure-to-insecure.example" { 162 type master; 163 file "secure-to-insecure.example.db"; 164 allow-update { any; }; 165 dnssec-secure-to-insecure yes; 166}; 167 168zone "secure-to-insecure2.example" { 169 type master; 170 file "secure-to-insecure2.example.db"; 171 allow-update { any; }; 172 auto-dnssec maintain; 173 dnssec-secure-to-insecure yes; 174}; 175 176zone "oldsigs.example" { 177 type master; 178 file "oldsigs.example.db"; 179 allow-update { any; }; 180 auto-dnssec maintain; 181}; 182 183zone "prepub.example" { 184 type master; 185 file "prepub.example.db"; 186 allow-update { any; }; 187 auto-dnssec maintain; 188}; 189 190zone "delay.example" { 191 type master; 192 file "delay.example.db"; 193 allow-update { any; }; 194 auto-dnssec maintain; 195}; 196 197zone "nozsk.example" { 198 type master; 199 file "nozsk.example.db"; 200 allow-update { any; }; 201 auto-dnssec maintain; 202}; 203 204zone "inaczsk.example" { 205 type master; 206 file "inaczsk.example.db"; 207 allow-update { any; }; 208 auto-dnssec maintain; 209}; 210include "trusted.conf"; 211