1/* 2 * Copyright (C) 2004, 2006-2012 Internet Systems Consortium, Inc. ("ISC") 3 * Copyright (C) 2000-2002 Internet Software Consortium. 4 * 5 * Permission to use, copy, modify, and/or distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 10 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 11 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 12 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 13 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 14 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 15 * PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18/* Id: named.conf,v 1.49 2011/10/28 06:20:05 each Exp */ 19 20// NS3 21 22controls { /* empty */ }; 23 24options { 25 query-source address 10.53.0.3; 26 notify-source 10.53.0.3; 27 transfer-source 10.53.0.3; 28 port 5300; 29 pid-file "named.pid"; 30 listen-on { 10.53.0.3; }; 31 listen-on-v6 { none; }; 32 recursion no; 33 notify yes; 34 dnssec-enable yes; 35 dnssec-validation yes; 36}; 37 38key rndc_key { 39 secret "1234abcd8765"; 40 algorithm hmac-md5; 41}; 42 43controls { 44 inet 10.53.0.3 port 9953 allow { any; } keys { rndc_key; }; 45}; 46 47zone "." { 48 type hint; 49 file "../../common/root.hint"; 50}; 51 52zone "example" { 53 type slave; 54 masters { 10.53.0.2; }; 55 file "example.bk"; 56}; 57 58zone "secure.example" { 59 type master; 60 file "secure.example.db.signed"; 61 allow-update { any; }; 62}; 63 64zone "bogus.example" { 65 type master; 66 file "bogus.example.db.signed"; 67 allow-update { any; }; 68}; 69 70zone "dynamic.example" { 71 type master; 72 file "dynamic.example.db.signed"; 73 allow-update { any; }; 74}; 75 76zone "insecure.example" { 77 type master; 78 file "insecure.example.db"; 79 allow-update { any; }; 80}; 81 82zone "insecure.nsec3.example" { 83 type master; 84 file "insecure.nsec3.example.db"; 85 allow-update { any; }; 86}; 87 88zone "insecure.optout.example" { 89 type master; 90 file "insecure.optout.example.db"; 91 allow-update { any; }; 92}; 93 94zone "keyless.example" { 95 type master; 96 file "keyless.example.db.signed"; 97}; 98 99zone "nsec3.example" { 100 type master; 101 file "nsec3.example.db.signed"; 102}; 103 104zone "optout.nsec3.example" { 105 type master; 106 file "optout.nsec3.example.db.signed"; 107}; 108 109zone "nsec3.nsec3.example" { 110 type master; 111 file "nsec3.nsec3.example.db.signed"; 112}; 113 114zone "secure.nsec3.example" { 115 type master; 116 file "secure.nsec3.example.db.signed"; 117}; 118 119zone "optout.example" { 120 type master; 121 file "optout.example.db.signed"; 122}; 123 124zone "secure.optout.example" { 125 type master; 126 file "secure.optout.example.db.signed"; 127}; 128 129zone "nsec3.optout.example" { 130 type master; 131 file "nsec3.optout.example.db.signed"; 132}; 133 134zone "optout.optout.example" { 135 type master; 136 file "optout.optout.example.db.signed"; 137}; 138 139zone "nsec3-unknown.example" { 140 type master; 141 nsec3-test-zone yes; 142 file "nsec3-unknown.example.db.signed"; 143}; 144 145zone "optout-unknown.example" { 146 type master; 147 nsec3-test-zone yes; 148 file "optout-unknown.example.db.signed"; 149}; 150 151zone "multiple.example" { 152 type master; 153 file "multiple.example.db.signed"; 154 allow-update { any; }; 155}; 156 157zone "rfc2335.example" { 158 type slave; 159 masters { 10.53.0.2; }; 160 file "rfc2335.example.bk"; 161}; 162 163zone "rsasha256.example" { 164 type master; 165 file "rsasha256.example.db.signed"; 166}; 167 168zone "rsasha512.example" { 169 type master; 170 file "rsasha512.example.db.signed"; 171}; 172 173zone "kskonly.example" { 174 type master; 175 file "kskonly.example.db.signed"; 176}; 177 178zone "expired.example" { 179 type master; 180 allow-update { none; }; 181 file "expired.example.db.signed"; 182}; 183 184zone "update-nsec3.example" { 185 type master; 186 allow-update { any; }; 187 file "update-nsec3.example.db.signed"; 188}; 189 190zone "auto-nsec.example" { 191 type master; 192 auto-dnssec maintain; 193 allow-update { !0.0.0.0; }; 194 file "auto-nsec.example.db.signed"; 195}; 196 197zone "auto-nsec3.example" { 198 type master; 199 auto-dnssec maintain; 200 allow-update { !0.0.0.0; }; 201 file "auto-nsec3.example.db.signed"; 202}; 203 204zone "insecure.below-cname.example" { 205 type master; 206 file "insecure.below-cname.example.db"; 207}; 208 209zone "secure.below-cname.example" { 210 type master; 211 file "secure.below-cname.example.db.signed"; 212}; 213 214zone "ttlpatch.example" { 215 type master; 216 file "ttlpatch.example.db.patched"; 217}; 218 219zone "split-dnssec.example" { 220 type master; 221 file "split-dnssec.example.db"; 222}; 223 224zone "split-smart.example" { 225 type master; 226 file "split-smart.example.db"; 227}; 228 229zone "nsec3chain-test" { 230 type slave; 231 file "nsec3chain-test.bk"; 232 masters { 10.53.0.2; }; 233}; 234 235zone "expiring.example" { 236 type master; 237 allow-update { any; }; 238 file "expiring.example.db.signed"; 239}; 240 241zone "nosign.example" { 242 type master; 243 allow-update { any; }; 244 dnssec-update-mode no-resign; 245 file "nosign.example.db.signed"; 246}; 247 248zone "upper.example" { 249 type master; 250 file "upper.example.db.signed"; 251}; 252 253zone "LOWER.EXAMPLE" { 254 type master; 255 file "lower.example.db.signed"; 256}; 257 258zone "inline.example" { 259 type master; 260 file "inline.example.db"; 261 inline-signing yes; 262 auto-dnssec maintain; 263}; 264 265include "trusted.conf"; 266