named.conf.in revision 1.1.1.1
1/* 2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 3 * 4 * This Source Code Form is subject to the terms of the Mozilla Public 5 * License, v. 2.0. If a copy of the MPL was not distributed with this 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. 7 * 8 * See the COPYRIGHT file distributed with this work for additional 9 * information regarding copyright ownership. 10 */ 11 12// NS6 13 14include "policies/kasp.conf"; 15include "policies/csk1.conf"; 16 17options { 18 query-source address 10.53.0.6; 19 notify-source 10.53.0.6; 20 transfer-source 10.53.0.6; 21 port @PORT@; 22 pid-file "named.pid"; 23 listen-on { 10.53.0.6; }; 24 listen-on-v6 { none; }; 25 allow-transfer { any; }; 26 recursion no; 27 key-directory "."; 28}; 29 30key rndc_key { 31 secret "1234abcd8765"; 32 algorithm hmac-sha256; 33}; 34 35controls { 36 inet 10.53.0.6 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; 37}; 38 39/* These are zones that migrate to dnssec-policy. */ 40zone "migrate.kasp" { 41 type master; 42 file "migrate.kasp.db"; 43 auto-dnssec maintain; 44 allow-update { any; }; 45 dnssec-dnskey-kskonly yes; 46 update-check-ksk yes; 47}; 48 49zone "migrate-nomatch-algnum.kasp" { 50 type master; 51 file "migrate-nomatch-algnum.kasp.db"; 52 auto-dnssec maintain; 53 allow-update { any; }; 54 dnssec-dnskey-kskonly yes; 55 update-check-ksk yes; 56}; 57 58zone "migrate-nomatch-alglen.kasp" { 59 type master; 60 file "migrate-nomatch-alglen.kasp.db"; 61 auto-dnssec maintain; 62 allow-update { any; }; 63 dnssec-dnskey-kskonly yes; 64 update-check-ksk yes; 65}; 66 67/* These are alorithm rollover test zones. */ 68zone "step1.algorithm-roll.kasp" { 69 type master; 70 file "step1.algorithm-roll.kasp.db"; 71 dnssec-policy "rsasha1"; 72}; 73 74zone "step1.csk-algorithm-roll.kasp" { 75 type master; 76 file "step1.csk-algorithm-roll.kasp.db"; 77 dnssec-policy "csk-algoroll"; 78}; 79