named.conf.in revision 1.1.1.7
1/* 2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 3 * 4 * SPDX-License-Identifier: MPL-2.0 5 * 6 * This Source Code Form is subject to the terms of the Mozilla Public 7 * License, v. 2.0. If a copy of the MPL was not distributed with this 8 * file, you can obtain one at https://mozilla.org/MPL/2.0/. 9 * 10 * See the COPYRIGHT file distributed with this work for additional 11 * information regarding copyright ownership. 12 */ 13 14// NS4 15 16key rndc_key { 17 secret "1234abcd8765"; 18 algorithm @DEFAULT_HMAC@; 19}; 20 21controls { 22 inet 10.53.0.4 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; 23}; 24 25key "sha1" { 26 algorithm "hmac-sha1"; 27 secret "FrSt77yPTFx6hTs4i2tKLB9LmE0="; 28}; 29 30key "sha224" { 31 algorithm "hmac-sha224"; 32 secret "hXfwwwiag2QGqblopofai9NuW28q/1rH4CaTnA=="; 33}; 34 35key "sha256" { 36 algorithm "hmac-sha256"; 37 secret "R16NojROxtxH/xbDl//ehDsHm5DjWTQ2YXV+hGC2iBY="; 38}; 39 40key "keyforview1" { 41 algorithm @DEFAULT_HMAC@; 42 secret "YPfMoAk6h+3iN8MDRQC004iSNHY="; 43}; 44 45key "keyforview2" { 46 algorithm @DEFAULT_HMAC@; 47 secret "4xILSZQnuO1UKubXHkYUsvBRPu8="; 48}; 49 50key "keyforview3" { 51 algorithm @DEFAULT_HMAC@; 52 secret "C1Azf+gGPMmxrUg/WQINP6eV9Y0="; 53}; 54 55dnssec-policy "test" { 56 keys { 57 csk key-directory lifetime 0 algorithm 14; 58 }; 59}; 60 61options { 62 query-source address 10.53.0.4; 63 port @PORT@; 64 pid-file "named.pid"; 65 listen-on { 10.53.0.4; }; 66 listen-on-v6 { none; }; 67 recursion no; 68 dnssec-policy "test"; 69 dnssec-validation no; 70}; 71 72view "inherit" { 73 match-clients { key "sha1"; }; 74 75 /* Inherit dnssec-policy 'test' */ 76 zone "inherit.inherit.signed" { 77 type primary; 78 file "inherit.inherit.signed.db"; 79 inline-signing yes; 80 }; 81 82 /* Override dnssec-policy */ 83 zone "override.inherit.signed" { 84 type primary; 85 file "override.inherit.signed.db"; 86 inline-signing yes; 87 dnssec-policy "default"; 88 }; 89 90 /* Unset dnssec-policy */ 91 zone "none.inherit.signed" { 92 type primary; 93 file "none.inherit.signed.db"; 94 dnssec-policy "none"; 95 }; 96}; 97 98view "override" { 99 match-clients { key "sha224"; }; 100 dnssec-policy "default"; 101 102 /* Inherit dnssec-policy 'test' */ 103 zone "inherit.override.signed" { 104 type primary; 105 file "inherit.override.signed.db"; 106 inline-signing yes; 107 }; 108 109 /* Override dnssec-policy */ 110 zone "override.override.signed" { 111 type primary; 112 file "override.override.signed.db"; 113 inline-signing yes; 114 dnssec-policy "test"; 115 }; 116 117 /* Unset dnssec-policy */ 118 zone "none.override.signed" { 119 type primary; 120 file "none.override.signed.db"; 121 dnssec-policy "none"; 122 }; 123}; 124 125view "none" { 126 match-clients { key "sha256"; }; 127 dnssec-policy "none"; 128 129 /* Inherit dnssec-policy 'none' */ 130 zone "inherit.none.signed" { 131 type primary; 132 file "inherit.none.signed.db"; 133 }; 134 135 /* Override dnssec-policy */ 136 zone "override.none.signed" { 137 type primary; 138 file "override.none.signed.db"; 139 inline-signing yes; 140 dnssec-policy "test"; 141 }; 142 143 /* Unset dnssec-policy */ 144 zone "none.none.signed" { 145 type primary; 146 file "none.none.signed.db"; 147 dnssec-policy "none"; 148 }; 149}; 150 151view "example1" { 152 match-clients { key "keyforview1"; }; 153 154 allow-update { any; }; 155 156 zone "example.net" { 157 type primary; 158 file "example1.db"; 159 }; 160}; 161 162view "example2" { 163 match-clients { key "keyforview2"; }; 164 165 zone "example.net" { 166 type primary; 167 file "example2.db"; 168 inline-signing yes; 169 }; 170}; 171 172view "example3" { 173 match-clients { key "keyforview3"; }; 174 zone "example.net" { 175 in-view example2; 176 }; 177}; 178