xref: /netbsd-src/external/mpl/bind/dist/bin/tests/system/autosign/ns3/named.conf.in (revision 32d1c65c71fbdb65a012e8392a62a757dd6853e9) 
1/*
2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
3 *
4 * SPDX-License-Identifier: MPL-2.0
5 *
6 * This Source Code Form is subject to the terms of the Mozilla Public
7 * License, v. 2.0.  If a copy of the MPL was not distributed with this
8 * file, you can obtain one at https://mozilla.org/MPL/2.0/.
9 *
10 * See the COPYRIGHT file distributed with this work for additional
11 * information regarding copyright ownership.
12 */
13
14// NS3
15
16controls { /* empty */ };
17
18options {
19	query-source address 10.53.0.3;
20	notify-source 10.53.0.3;
21	transfer-source 10.53.0.3;
22	port @PORT@;
23	session-keyfile "session.key";
24	pid-file "named.pid";
25	listen-on { 10.53.0.3; };
26	listen-on-v6 { none; };
27	recursion no;
28	notify yes;
29	dnssec-validation yes;
30	dnssec-loadkeys-interval 10;
31	allow-new-zones yes;
32};
33
34key rndc_key {
35	secret "1234abcd8765";
36	algorithm @DEFAULT_HMAC@;
37};
38
39controls {
40	inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
41};
42
43zone "." {
44	type hint;
45	file "../../_common/root.hint";
46};
47
48zone "example" {
49	type secondary;
50	primaries { 10.53.0.2; };
51	file "example.bk";
52};
53
54zone "bar" {
55	type secondary;
56	primaries { 10.53.0.2; };
57	file "bar.bk";
58};
59
60zone "secure.example" {
61	type primary;
62	file "secure.example.db";
63	allow-update { any; };
64	auto-dnssec maintain;
65};
66
67zone "insecure.example" {
68	type primary;
69	file "insecure.example.db";
70};
71
72zone "nsec3.example" {
73	type primary;
74	file "nsec3.example.db";
75	allow-update { any; };
76	auto-dnssec maintain;
77};
78
79zone "autonsec3.example" {
80	type primary;
81	file "autonsec3.example.db";
82	allow-update { any; };
83	auto-dnssec maintain;
84};
85
86zone "optout.nsec3.example" {
87	type primary;
88	file "optout.nsec3.example.db";
89	allow-update { any; };
90	auto-dnssec maintain;
91};
92
93zone "nsec3.nsec3.example" {
94	type primary;
95	file "nsec3.nsec3.example.db";
96	allow-update { any; };
97	auto-dnssec maintain;
98};
99
100zone "jitter.nsec3.example" {
101	type primary;
102	file "jitter.nsec3.example.db";
103	allow-update { any; };
104	auto-dnssec maintain;
105	sig-validity-interval 10 2;
106	sig-signing-nodes 1000;
107	sig-signing-signatures 100;
108};
109
110zone "secure.nsec3.example" {
111	type primary;
112	file "secure.nsec3.example.db";
113	allow-update { any; };
114	auto-dnssec maintain;
115};
116
117zone "optout.example" {
118	type primary;
119	file "optout.example.db";
120	allow-update { any; };
121	auto-dnssec maintain;
122};
123
124zone "secure.optout.example" {
125	type primary;
126	file "secure.optout.example.db";
127	allow-update { any; };
128	auto-dnssec maintain;
129};
130
131zone "nsec3.optout.example" {
132	type primary;
133	file "nsec3.optout.example.db";
134	allow-update { any; };
135	auto-dnssec maintain;
136};
137
138zone "optout.optout.example" {
139	type primary;
140	file "optout.optout.example.db";
141	allow-update { any; };
142	auto-dnssec maintain;
143};
144
145zone "rsasha256.example" {
146	type primary;
147	file "rsasha256.example.db";
148	allow-update { any; };
149	auto-dnssec maintain;
150};
151
152zone "rsasha512.example" {
153	type primary;
154	file "rsasha512.example.db";
155	allow-update { any; };
156	auto-dnssec maintain;
157};
158
159zone "nsec-only.example" {
160	type primary;
161	file "nsec-only.example.db";
162	allow-update { any; };
163	auto-dnssec maintain;
164};
165
166zone "nsec3-to-nsec.example" {
167	type primary;
168	file "nsec3-to-nsec.example.db";
169	allow-update { any; };
170	max-journal-size 10M;
171	auto-dnssec maintain;
172};
173
174zone "secure-to-insecure.example" {
175	type primary;
176	file "secure-to-insecure.example.db";
177	allow-update { any; };
178	dnssec-secure-to-insecure yes;
179};
180
181zone "secure-to-insecure2.example" {
182	type primary;
183	file "secure-to-insecure2.example.db";
184	allow-update { any; };
185	auto-dnssec maintain;
186	dnssec-secure-to-insecure yes;
187};
188
189zone "nsec3-to-nsec3.example" {
190	type primary;
191	file "nsec3-to-nsec3.example.db";
192	allow-update { any; };
193	inline-signing no;
194	max-journal-size 10M;
195};
196
197zone "oldsigs.example" {
198	type primary;
199	file "oldsigs.example.db";
200	allow-update { any; };
201	auto-dnssec maintain;
202	sig-validity-interval 10 2;
203	sig-signing-nodes 1000;
204	sig-signing-signatures 100;
205};
206
207zone "prepub.example" {
208	type primary;
209	file "prepub.example.db";
210	allow-update { any; };
211	auto-dnssec maintain;
212};
213
214zone "ttl1.example" {
215	type primary;
216	file "ttl1.example.db";
217	allow-update { any; };
218	auto-dnssec maintain;
219};
220
221zone "ttl2.example" {
222	type primary;
223	file "ttl2.example.db";
224	allow-update { any; };
225	auto-dnssec maintain;
226};
227
228zone "ttl3.example" {
229	type primary;
230	file "ttl3.example.db";
231	allow-update { any; };
232	auto-dnssec maintain;
233};
234
235zone "ttl4.example" {
236	type primary;
237	file "ttl4.example.db";
238	allow-update { any; };
239	auto-dnssec maintain;
240};
241
242zone "delay.example" {
243	type primary;
244	file "delay.example.db";
245	allow-update { any; };
246	auto-dnssec maintain;
247};
248
249zone "nozsk.example" {
250	type primary;
251	file "nozsk.example.db";
252	allow-update { any; };
253	auto-dnssec maintain;
254};
255
256zone "inaczsk.example" {
257	type primary;
258	file "inaczsk.example.db";
259	allow-update { any; };
260	auto-dnssec maintain;
261};
262
263zone "noksk.example" {
264	type primary;
265	file "noksk.example.db";
266	allow-update { any; };
267	auto-dnssec maintain;
268};
269
270zone "sync.example" {
271	type primary;
272	file "sync.example.db";
273	allow-update { any; };
274	dnssec-dnskey-kskonly no;
275	auto-dnssec maintain;
276};
277
278zone "kskonly.example" {
279	type primary;
280	file "kskonly.example.db";
281	allow-update { any; };
282	dnssec-dnskey-kskonly yes;
283	auto-dnssec maintain;
284};
285
286zone "inacksk2.example" {
287	type primary;
288	file "inacksk2.example.db";
289	allow-update { any; };
290	dnssec-dnskey-kskonly yes;
291	auto-dnssec maintain;
292};
293
294zone "inacksk3.example" {
295	type primary;
296	file "inacksk3.example.db";
297	allow-update { any; };
298	dnssec-dnskey-kskonly yes;
299	auto-dnssec maintain;
300};
301
302zone "inaczsk2.example" {
303	type primary;
304	file "inaczsk2.example.db";
305	allow-update { any; };
306	auto-dnssec maintain;
307};
308
309zone "inaczsk3.example" {
310	type primary;
311	file "inaczsk3.example.db";
312	allow-update { any; };
313	auto-dnssec maintain;
314};
315
316zone "delzsk.example." {
317	type primary;
318	file "delzsk.example.db";
319	allow-update { any; };
320	auto-dnssec maintain;
321};
322
323zone "dname-at-apex-nsec3.example" {
324	type primary;
325	file "dname-at-apex-nsec3.example.db";
326	allow-update { any; };
327	auto-dnssec maintain;
328};
329
330zone "cds-delete.example" {
331	type primary;
332	file "cds-delete.example.db";
333	allow-update { any; };
334	auto-dnssec maintain;
335};
336
337zone "cdnskey-delete.example" {
338	type primary;
339	file "cdnskey-delete.example.db";
340	allow-update { any; };
341	auto-dnssec maintain;
342};
343
344include "trusted.conf";
345