1/*
2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
3 *
4 * SPDX-License-Identifier: MPL-2.0
5 *
6 * This Source Code Form is subject to the terms of the Mozilla Public
7 * License, v. 2.0.  If a copy of the MPL was not distributed with this
8 * file, you can obtain one at https://mozilla.org/MPL/2.0/.
9 *
10 * See the COPYRIGHT file distributed with this work for additional
11 * information regarding copyright ownership.
12 */
13
14/*
15 * Main rpz test DNS server.
16 */
17
18options {
19	query-source address 10.53.0.3;
20	notify-source 10.53.0.3;
21	transfer-source 10.53.0.3;
22	port @PORT@;
23	pid-file "named.pid";
24	statistics-file	"named.stats";
25	session-keyfile "session.key";
26	listen-on { 10.53.0.3; };
27	listen-on-v6 { none; };
28	notify yes;
29	minimal-responses no;
30	recursion yes;
31	dnssec-validation yes;
32	min-refresh-time 1;
33	min-retry-time 1;
34
35	response-policy {
36	    zone "fast-expire";
37	    zone "bl"					max-policy-ttl 100;
38	    zone "bl-2";
39	    zone "bl-given"	policy given		recursive-only yes;
40	    zone "bl-passthru"	policy passthru;
41	    zone "bl-no-op"	policy no-op;		# obsolete for passthru
42	    zone "bl-disabled"	policy disabled;
43	    zone "bl-nodata"	policy nodata		recursive-only no;
44	    zone "bl-nxdomain"	policy nxdomain;
45	    zone "bl-cname"	policy cname txt-only.tld2.;
46	    zone "bl-wildcname"	policy cname *.tld4.;
47	    zone "bl-garden"	policy cname a12.tld2.;
48	    zone "bl-drop"	policy drop;
49	    zone "bl-tcp-only"	policy tcp-only;
50	    zone "bl.tld2";
51	    zone "manual-update-rpz";
52	    zone "mixed-case-rpz";
53	}
54	add-soa yes
55	min-ns-dots 0
56	qname-wait-recurse yes
57	min-update-interval 0
58	nsdname-enable yes
59	nsip-enable yes
60	;
61
62	include "../dnsrps.conf";
63	also-notify { 10.53.0.3 port @EXTRAPORT1@; };
64	notify-delay 0;
65};
66
67logging { category rpz { default_debug; }; };
68
69key rndc_key {
70	secret "1234abcd8765";
71	algorithm @DEFAULT_HMAC@;
72};
73controls {
74	inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
75};
76
77
78zone "." { type hint; file "hints"; };
79
80zone "bl."		{type primary; file "bl.db";
81				allow-update {any;};};
82zone "bl-2."		{type primary; file "bl-2.db";
83				allow-update {any;};};
84zone "bl-given."	{type primary; file "bl-given.db";
85				allow-update {any;};};
86zone "bl-passthru."	{type primary; file "bl-passthru.db";
87				allow-update {any;};};
88zone "bl-no-op."	{type primary; file "bl-no-op.db";
89				allow-update {any;};};
90zone "bl-disabled."	{type primary; file "bl-disabled.db";
91				allow-update {any;};};
92zone "bl-nodata."	{type primary; file "bl-nodata.db";
93				allow-update {any;};};
94zone "bl-nxdomain."	{type primary; file "bl-nxdomain.db";
95				allow-update {any;};};
96zone "bl-cname."	{type primary; file "bl-cname.db";
97				allow-update {any;};};
98zone "bl-wildcname."	{type primary; file "bl-wildcname.db";
99				allow-update {any;};};
100zone "bl-garden."	{type primary; file "bl-garden.db";
101				allow-update {any;};};
102zone "bl-drop."		{type primary; file "bl-drop.db";
103				allow-update {any;};};
104zone "bl-tcp-only."	{type primary; file "bl-tcp-only.db";
105				allow-update {any;};};
106
107zone "bl.tld2."		{type secondary; file "bl.tld2.db"; primaries {10.53.0.2;};
108				request-ixfr no; masterfile-format text;};
109
110zone "crash1.tld2"	{type primary; file "crash1"; notify no;};
111zone "crash2.tld3."	{type primary; file "crash2"; notify no;};
112
113zone "manual-update-rpz." {
114	type primary;
115	file "manual-update-rpz.db";
116	notify no;
117};
118
119zone "mixed-case-rpz." {
120	type primary;
121	file "mixed-case-rpz.db";
122	notify no;
123};
124
125zone "fast-expire." {
126	type secondary;
127	file "fast-expire.db";
128	primaries { 10.53.0.5; };
129	notify no;
130};
131
132zone "stub." {
133	type stub;
134	primaries { 10.53.0.2; };
135};
136
137zone "static-stub." {
138	type static-stub;
139	server-addresses { 10.53.0.2; };
140};
141
142zone "stub-nomatch." {
143	type stub;
144	primaries { 10.53.0.10; };
145};
146
147zone "static-stub-nomatch." {
148	type static-stub;
149	server-addresses { 10.53.0.10; };
150};
151
152# A faulty dlz configuration to check if named with response policy zones
153# survives a certain class of failed configuration attempts (see GL #3880).
154# "dlz" is used because the dlz processing code is located in an ideal place in
155# the view configuration function for the test to cover the view reverting code.
156# The "BAD" comments below are necessary, because they will be removed using
157# 'sed' by tests.sh in order to activate the faulty configuration.
158#BAD	dlz "bad-dlz" {
159#BAD		database "dlopen bad-dlz.so example.org";
160#BAD	};
161