1/* 2 * Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") 3 * 4 * Permission to use, copy, modify, and/or distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 9 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 10 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 11 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 12 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 13 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 14 * PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17/* $Id: named1.conf,v 1.3 2011/01/04 23:47:13 tbox Exp $ */ 18 19// NS4 20 21controls { /* empty */ }; 22 23options { 24 query-source address 10.53.0.4; 25 notify-source 10.53.0.4; 26 transfer-source 10.53.0.4; 27 port 5300; 28 pid-file "named.pid"; 29 listen-on { 10.53.0.4; }; 30 listen-on-v6 { none; }; 31 recursion yes; 32 acache-enable yes; 33 dnssec-enable yes; 34 dnssec-validation yes; 35 dnssec-must-be-secure mustbesecure.example yes; 36 37 # Note: We only reference the bind.keys file here to confirm that it 38 # is *not* being used. It contains the real root key, and we're 39 # using a local toy root zone for the tests, so it wouldn't work. 40 # But since dnssec-validation is set to "yes" not "auto", that 41 # won't matter. 42 bindkeys-file "../../../../../bind.keys"; 43}; 44 45key rndc_key { 46 secret "1234abcd8765"; 47 algorithm hmac-md5; 48}; 49 50controls { 51 inet 10.53.0.4 port 9953 allow { any; } keys { rndc_key; }; 52}; 53 54zone "." { 55 type hint; 56 file "../../common/root.hint"; 57}; 58 59include "trusted.conf"; 60