1/* 2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 3 * 4 * SPDX-License-Identifier: MPL-2.0 5 * 6 * This Source Code Form is subject to the terms of the Mozilla Public 7 * License, v. 2.0. If a copy of the MPL was not distributed with this 8 * file, you can obtain one at https://mozilla.org/MPL/2.0/. 9 * 10 * See the COPYRIGHT file distributed with this work for additional 11 * information regarding copyright ownership. 12 */ 13 14// NS2 15 16options { 17 query-source address 10.53.0.2; 18 notify-source 10.53.0.2; 19 transfer-source 10.53.0.2; 20 port @PORT@; 21 pid-file "named.pid"; 22 listen-on { 10.53.0.2; }; 23 listen-on-v6 { none; }; 24 recursion no; 25 notify yes; 26 dnssec-validation yes; 27 notify-delay 1; 28 minimal-responses no; 29}; 30 31key rndc_key { 32 secret "1234abcd8765"; 33 algorithm @DEFAULT_HMAC@; 34}; 35 36controls { 37 inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; 38}; 39 40zone "." { 41 type hint; 42 file "../../_common/root.hint"; 43}; 44 45zone "trusted" { 46 type primary; 47 file "trusted.db.signed"; 48}; 49 50zone "managed" { 51 type primary; 52 file "managed.db.signed"; 53}; 54 55zone "example" { 56 type primary; 57 file "example.db.signed"; 58 allow-update { any; }; 59}; 60 61zone "insecure.secure.example" { 62 type primary; 63 file "insecure.secure.example.db"; 64 allow-update { any; }; 65}; 66 67zone "rfc2335.example" { 68 type primary; 69 file "rfc2335.example.db"; 70}; 71 72zone "child.nsec3.example" { 73 type primary; 74 file "child.nsec3.example.db"; 75 allow-update { none; }; 76}; 77 78zone "child.optout.example" { 79 type primary; 80 file "child.optout.example.db"; 81 allow-update { none; }; 82}; 83 84zone "badparam" { 85 type primary; 86 file "badparam.db.bad"; 87}; 88 89zone "single-nsec3" { 90 type primary; 91 file "single-nsec3.db.signed"; 92}; 93 94zone "algroll" { 95 type primary; 96 file "algroll.db.signed"; 97}; 98 99zone "nsec3chain-test" { 100 type primary; 101 file "nsec3chain-test.db.signed"; 102 allow-update {any;}; 103}; 104 105zone "in-addr.arpa" { 106 type primary; 107 file "in-addr.arpa.db.signed"; 108}; 109 110zone "cds.secure" { 111 type primary; 112 file "cds.secure.db.signed"; 113}; 114 115zone "cds-x.secure" { 116 type primary; 117 file "cds-x.secure.db.signed"; 118}; 119 120zone "cds-update.secure" { 121 type primary; 122 dnssec-dnskey-kskonly no; 123 file "cds-update.secure.db.signed"; 124 allow-update { any; }; 125}; 126 127zone "cds-kskonly.secure" { 128 type primary; 129 dnssec-dnskey-kskonly yes; 130 file "cds-kskonly.secure.db.signed"; 131 allow-update { any; }; 132}; 133 134zone "cds-auto.secure" { 135 type primary; 136 dnssec-dnskey-kskonly no; 137 file "cds-auto.secure.db.signed"; 138 auto-dnssec maintain; 139 allow-update { any; }; 140}; 141 142zone "cdnskey.secure" { 143 type primary; 144 file "cdnskey.secure.db.signed"; 145}; 146 147zone "cdnskey-x.secure" { 148 type primary; 149 file "cdnskey-x.secure.db.signed"; 150}; 151 152zone "cdnskey-update.secure" { 153 type primary; 154 dnssec-dnskey-kskonly no; 155 file "cdnskey-update.secure.db.signed"; 156 allow-update { any; }; 157}; 158 159zone "cdnskey-kskonly.secure" { 160 type primary; 161 dnssec-dnskey-kskonly yes; 162 file "cdnskey-kskonly.secure.db.signed"; 163 allow-update { any; }; 164}; 165 166zone "cdnskey-auto.secure" { 167 type primary; 168 dnssec-dnskey-kskonly no; 169 file "cdnskey-auto.secure.db.signed"; 170 auto-dnssec maintain; 171 allow-update { any; }; 172}; 173 174zone "updatecheck-kskonly.secure" { 175 type primary; 176 auto-dnssec maintain; 177 key-directory "."; 178 dnssec-dnskey-kskonly yes; 179 update-check-ksk yes; 180 sig-validity-interval 10; 181 dnskey-sig-validity 40; 182 file "updatecheck-kskonly.secure.db.signed"; 183 allow-update { any; }; 184}; 185 186zone "corp" { 187 type primary; 188 file "corp.db"; 189}; 190 191zone "hours-vs-days" { 192 type primary; 193 file "hours-vs-days.db.signed"; 194 auto-dnssec maintain; 195 /* validity 500 days, resign in 499 days */ 196 sig-validity-interval 500 499; 197 allow-update { any; }; 198}; 199 200zone "too-many-iterations" { 201 type primary; 202 file "too-many-iterations.db.signed"; 203}; 204 205include "trusted.conf"; 206