xref: /netbsd-src/external/mpl/bind/dist/bin/tests/system/autosign/ns3/named.conf.in (revision ae87de8892f277bece3527c15b186ebcfa188227) 
1/*
2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
3 *
4 * SPDX-License-Identifier: MPL-2.0
5 *
6 * This Source Code Form is subject to the terms of the Mozilla Public
7 * License, v. 2.0.  If a copy of the MPL was not distributed with this
8 * file, you can obtain one at https://mozilla.org/MPL/2.0/.
9 *
10 * See the COPYRIGHT file distributed with this work for additional
11 * information regarding copyright ownership.
12 */
13
14// NS3
15
16controls { /* empty */ };
17
18options {
19	query-source address 10.53.0.3;
20	notify-source 10.53.0.3;
21	transfer-source 10.53.0.3;
22	port @PORT@;
23	session-keyfile "session.key";
24	pid-file "named.pid";
25	listen-on { 10.53.0.3; };
26	listen-on-v6 { none; };
27	recursion no;
28	notify yes;
29	dnssec-validation yes;
30	dnssec-loadkeys-interval 10;
31	allow-new-zones yes;
32};
33
34key rndc_key {
35	secret "1234abcd8765";
36	algorithm hmac-sha256;
37};
38
39controls {
40	inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
41};
42
43zone "." {
44	type hint;
45	file "../../common/root.hint";
46};
47
48zone "example" {
49	type secondary;
50	primaries { 10.53.0.2; };
51	file "example.bk";
52};
53
54zone "bar" {
55	type secondary;
56	primaries { 10.53.0.2; };
57	file "bar.bk";
58};
59
60zone "secure.example" {
61	type primary;
62	file "secure.example.db";
63	allow-update { any; };
64	auto-dnssec maintain;
65};
66
67zone "insecure.example" {
68	type primary;
69	file "insecure.example.db";
70};
71
72zone "nsec3.example" {
73	type primary;
74	file "nsec3.example.db";
75	allow-update { any; };
76	auto-dnssec maintain;
77};
78
79zone "autonsec3.example" {
80	type primary;
81	file "autonsec3.example.db";
82	allow-update { any; };
83	auto-dnssec maintain;
84};
85
86zone "optout.nsec3.example" {
87	type primary;
88	file "optout.nsec3.example.db";
89	allow-update { any; };
90	auto-dnssec maintain;
91};
92
93zone "nsec3.nsec3.example" {
94	type primary;
95	file "nsec3.nsec3.example.db";
96	allow-update { any; };
97	auto-dnssec maintain;
98};
99
100zone "jitter.nsec3.example" {
101	type primary;
102	file "jitter.nsec3.example.db";
103	allow-update { any; };
104	auto-dnssec maintain;
105	sig-validity-interval 10 2;
106	sig-signing-nodes 1000;
107	sig-signing-signatures 100;
108};
109
110zone "secure.nsec3.example" {
111	type primary;
112	file "secure.nsec3.example.db";
113	allow-update { any; };
114	auto-dnssec maintain;
115};
116
117zone "optout.example" {
118	type primary;
119	file "optout.example.db";
120	allow-update { any; };
121	auto-dnssec maintain;
122};
123
124zone "secure.optout.example" {
125	type primary;
126	file "secure.optout.example.db";
127	allow-update { any; };
128	auto-dnssec maintain;
129};
130
131zone "nsec3.optout.example" {
132	type primary;
133	file "nsec3.optout.example.db";
134	allow-update { any; };
135	auto-dnssec maintain;
136};
137
138zone "optout.optout.example" {
139	type primary;
140	file "optout.optout.example.db";
141	allow-update { any; };
142	auto-dnssec maintain;
143};
144
145zone "rsasha256.example" {
146	type primary;
147	file "rsasha256.example.db";
148	allow-update { any; };
149	auto-dnssec maintain;
150};
151
152zone "rsasha512.example" {
153	type primary;
154	file "rsasha512.example.db";
155	allow-update { any; };
156	auto-dnssec maintain;
157};
158
159zone "nsec-only.example" {
160	type primary;
161	file "nsec-only.example.db";
162	allow-update { any; };
163	auto-dnssec maintain;
164};
165
166zone "nsec3-to-nsec.example" {
167	type primary;
168	file "nsec3-to-nsec.example.db";
169	allow-update { any; };
170	auto-dnssec maintain;
171};
172
173zone "secure-to-insecure.example" {
174	type primary;
175	file "secure-to-insecure.example.db";
176	allow-update { any; };
177	dnssec-secure-to-insecure yes;
178};
179
180zone "secure-to-insecure2.example" {
181	type primary;
182	file "secure-to-insecure2.example.db";
183	allow-update { any; };
184	auto-dnssec maintain;
185	dnssec-secure-to-insecure yes;
186};
187
188zone "oldsigs.example" {
189	type primary;
190	file "oldsigs.example.db";
191	allow-update { any; };
192	auto-dnssec maintain;
193	sig-validity-interval 10 2;
194	sig-signing-nodes 1000;
195	sig-signing-signatures 100;
196};
197
198zone "prepub.example" {
199	type primary;
200	file "prepub.example.db";
201	allow-update { any; };
202	auto-dnssec maintain;
203};
204
205zone "ttl1.example" {
206	type primary;
207	file "ttl1.example.db";
208	allow-update { any; };
209	auto-dnssec maintain;
210};
211
212zone "ttl2.example" {
213	type primary;
214	file "ttl2.example.db";
215	allow-update { any; };
216	auto-dnssec maintain;
217};
218
219zone "ttl3.example" {
220	type primary;
221	file "ttl3.example.db";
222	allow-update { any; };
223	auto-dnssec maintain;
224};
225
226zone "ttl4.example" {
227	type primary;
228	file "ttl4.example.db";
229	allow-update { any; };
230	auto-dnssec maintain;
231};
232
233zone "delay.example" {
234	type primary;
235	file "delay.example.db";
236	allow-update { any; };
237	auto-dnssec maintain;
238};
239
240zone "nozsk.example" {
241	type primary;
242	file "nozsk.example.db";
243	allow-update { any; };
244	auto-dnssec maintain;
245};
246
247zone "inaczsk.example" {
248	type primary;
249	file "inaczsk.example.db";
250	allow-update { any; };
251	auto-dnssec maintain;
252};
253
254zone "noksk.example" {
255	type primary;
256	file "noksk.example.db";
257	allow-update { any; };
258	auto-dnssec maintain;
259};
260
261zone "sync.example" {
262	type primary;
263	file "sync.example.db";
264	allow-update { any; };
265	auto-dnssec maintain;
266};
267
268zone "kskonly.example" {
269	type primary;
270	file "kskonly.example.db";
271	allow-update { any; };
272	dnssec-dnskey-kskonly yes;
273	auto-dnssec maintain;
274};
275
276zone "inacksk2.example" {
277	type primary;
278	file "inacksk2.example.db";
279	allow-update { any; };
280	dnssec-dnskey-kskonly yes;
281	auto-dnssec maintain;
282};
283
284zone "inacksk3.example" {
285	type primary;
286	file "inacksk3.example.db";
287	allow-update { any; };
288	dnssec-dnskey-kskonly yes;
289	auto-dnssec maintain;
290};
291
292zone "inaczsk2.example" {
293	type primary;
294	file "inaczsk2.example.db";
295	allow-update { any; };
296	auto-dnssec maintain;
297};
298
299zone "inaczsk3.example" {
300	type primary;
301	file "inaczsk3.example.db";
302	allow-update { any; };
303	auto-dnssec maintain;
304};
305
306zone "delzsk.example." {
307	type primary;
308	file "delzsk.example.db";
309	allow-update { any; };
310	auto-dnssec maintain;
311};
312
313zone "dname-at-apex-nsec3.example" {
314	type primary;
315	file "dname-at-apex-nsec3.example.db";
316	allow-update { any; };
317	auto-dnssec maintain;
318};
319
320zone "cds-delete.example" {
321	type primary;
322	file "cds-delete.example.db";
323	allow-update { any; };
324	auto-dnssec maintain;
325};
326
327zone "cdnskey-delete.example" {
328	type primary;
329	file "cdnskey-delete.example.db";
330	allow-update { any; };
331	auto-dnssec maintain;
332};
333
334include "trusted.conf";
335