xref: /netbsd-src/external/mpl/bind/dist/bin/tests/system/dnssec/ns3/named.conf.in (revision 2f62cc9c12bc202c40224f32c879f81443fee079) 
1/*
2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
3 *
4 * SPDX-License-Identifier: MPL-2.0
5 *
6 * This Source Code Form is subject to the terms of the Mozilla Public
7 * License, v. 2.0.  If a copy of the MPL was not distributed with this
8 * file, you can obtain one at https://mozilla.org/MPL/2.0/.
9 *
10 * See the COPYRIGHT file distributed with this work for additional
11 * information regarding copyright ownership.
12 */
13
14// NS3
15
16options {
17	query-source address 10.53.0.3;
18	notify-source 10.53.0.3;
19	transfer-source 10.53.0.3;
20	port @PORT@;
21	pid-file "named.pid";
22	listen-on { 10.53.0.3; };
23	listen-on-v6 { none; };
24	recursion no;
25	notify yes;
26	dnssec-validation yes;
27	session-keyfile "session.key";
28	minimal-responses no;
29};
30
31key rndc_key {
32	secret "1234abcd8765";
33	algorithm @DEFAULT_HMAC@;
34};
35
36controls {
37	inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
38};
39
40zone "." {
41	type hint;
42	file "../../_common/root.hint";
43};
44
45zone "example" {
46	type secondary;
47	primaries { 10.53.0.2; };
48	file "example.bk";
49};
50
51zone "secure.example" {
52	type primary;
53	file "secure.example.db.signed";
54	allow-update { any; };
55};
56
57zone "bogus.example" {
58	type primary;
59	file "bogus.example.db.signed";
60	allow-update { any; };
61};
62
63zone "badds.example" {
64	type primary;
65	file "badds.example.db.signed";
66	allow-update { any; };
67};
68
69zone "dynamic.example" {
70	type primary;
71	file "dynamic.example.db.signed";
72	allow-update { any; };
73};
74
75zone "insecure.example" {
76	type primary;
77	file "insecure.example.db";
78	allow-update { any; };
79};
80
81zone "insecure2.example" {
82	type primary;
83	file "insecure2.example.db";
84	allow-update { any; };
85};
86
87zone "insecure.nsec3.example" {
88	type primary;
89	file "insecure.nsec3.example.db";
90	allow-update { any; };
91};
92
93zone "insecure.optout.example" {
94	type primary;
95	file "insecure.optout.example.db";
96	allow-update { any; };
97};
98
99zone "keyless.example" {
100	type primary;
101	file "keyless.example.db.signed";
102};
103
104zone "nsec3.example" {
105	type primary;
106	file "nsec3.example.db.signed";
107};
108
109zone "optout.nsec3.example" {
110	type primary;
111	file "optout.nsec3.example.db.signed";
112};
113
114zone "nsec3.nsec3.example" {
115	type primary;
116	file "nsec3.nsec3.example.db.signed";
117};
118
119zone "secure.nsec3.example" {
120	type primary;
121	file "secure.nsec3.example.db.signed";
122};
123
124zone "optout.example" {
125	type primary;
126	file "optout.example.db.signed";
127};
128
129zone "secure.optout.example" {
130	type primary;
131	file "secure.optout.example.db.signed";
132};
133
134zone "nsec3.optout.example" {
135	type primary;
136	file "nsec3.optout.example.db.signed";
137};
138
139zone "optout.optout.example" {
140	type primary;
141	file "optout.optout.example.db.signed";
142};
143
144zone "nsec3-unknown.example" {
145	type primary;
146	nsec3-test-zone yes;
147	file "nsec3-unknown.example.db.signed";
148};
149
150zone "optout-unknown.example" {
151	type primary;
152	nsec3-test-zone yes;
153	file "optout-unknown.example.db.signed";
154};
155
156zone "dnskey-unknown.example" {
157	type primary;
158	file "dnskey-unknown.example.db.signed";
159};
160
161zone "dnskey-unsupported.example" {
162	type primary;
163	file "dnskey-unsupported.example.db.signed";
164};
165
166zone "dnskey-unsupported-2.example" {
167	type primary;
168	file "dnskey-unsupported-2.example.db.signed";
169};
170
171zone "dnskey-nsec3-unknown.example" {
172	type primary;
173	nsec3-test-zone yes;
174	file "dnskey-nsec3-unknown.example.db.signed";
175};
176
177zone "multiple.example" {
178	type primary;
179	file "multiple.example.db.signed";
180	allow-update { any; };
181};
182
183zone "rfc2335.example" {
184	type secondary;
185	primaries { 10.53.0.2; };
186	file "rfc2335.example.bk";
187};
188
189zone "rsasha256.example" {
190	type primary;
191	file "rsasha256.example.db.signed";
192};
193
194zone "rsasha512.example" {
195	type primary;
196	file "rsasha512.example.db.signed";
197};
198
199zone "kskonly.example" {
200	type primary;
201	file "kskonly.example.db.signed";
202};
203
204zone "expired.example" {
205	type primary;
206	allow-update { none; };
207	file "expired.example.db.signed";
208};
209
210zone "update-nsec3.example" {
211	type primary;
212	allow-update { any; };
213	file "update-nsec3.example.db.signed";
214};
215
216zone "auto-nsec.example" {
217	type primary;
218	auto-dnssec maintain;
219	allow-update { !0.0.0.0; };
220	file "auto-nsec.example.db.signed";
221};
222
223zone "auto-nsec3.example" {
224	type primary;
225	auto-dnssec maintain;
226	allow-update { !0.0.0.0; };
227	file "auto-nsec3.example.db.signed";
228};
229
230zone "insecure.below-cname.example" {
231	type primary;
232	file "insecure.below-cname.example.db";
233};
234
235zone "secure.below-cname.example" {
236	type primary;
237	file "secure.below-cname.example.db.signed";
238};
239
240zone "ttlpatch.example" {
241	type primary;
242	file "ttlpatch.example.db.patched";
243};
244
245zone "split-dnssec.example" {
246	type primary;
247	file "split-dnssec.example.db";
248};
249
250zone "split-smart.example" {
251	type primary;
252	file "split-smart.example.db";
253};
254
255zone "nsec3chain-test" {
256	type secondary;
257	file "nsec3chain-test.bk";
258	primaries { 10.53.0.2; };
259};
260
261zone "expiring.example" {
262	type primary;
263	allow-update { any; };
264	file "expiring.example.db.signed";
265};
266
267zone "nosign.example" {
268	type primary;
269	allow-update { any; };
270	dnssec-update-mode no-resign;
271	file "nosign.example.db.signed";
272};
273
274zone "upper.example" {
275	type primary;
276	file "upper.example.db.signed";
277};
278
279zone "LOWER.EXAMPLE" {
280	type primary;
281	file "lower.example.db.signed";
282};
283
284zone "inline.example" {
285	type primary;
286	file "inline.example.db";
287	inline-signing yes;
288	auto-dnssec maintain;
289};
290
291zone "publish-inactive.example" {
292	type primary;
293	file "publish-inactive.example.db";
294	auto-dnssec maintain;
295	dnssec-dnskey-kskonly no;
296	update-policy local;
297};
298
299zone "future.example" {
300	type primary;
301	file "future.example.db.signed";
302};
303
304zone "managed-future.example" {
305	type primary;
306	file "managed-future.example.db.signed";
307	allow-update { any; };
308};
309
310zone "revkey.example" {
311	type primary;
312	file "revkey.example.db.signed";
313};
314
315zone "dname-at-apex-nsec3.example" {
316	type primary;
317	file "dname-at-apex-nsec3.example.db.signed";
318};
319
320zone "occluded.example" {
321	type primary;
322	file "occluded.example.db.signed";
323};
324
325zone "secure.managed" {
326	type primary;
327	file "secure.managed.db.signed";
328};
329
330zone "disabled.managed" {
331	type primary;
332	file "disabled.managed.db.signed";
333};
334
335zone "enabled.managed" {
336	type primary;
337	file "enabled.managed.db.signed";
338};
339
340zone "unsupported.managed" {
341	type primary;
342	file "unsupported.managed.db.signed";
343};
344
345zone "revoked.managed" {
346	type primary;
347	file "revoked.managed.db.signed";
348};
349
350zone "secure.trusted" {
351	type primary;
352	file "secure.trusted.db.signed";
353};
354
355zone "disabled.trusted" {
356	type primary;
357	file "disabled.trusted.db.signed";
358};
359
360zone "enabled.trusted" {
361	type primary;
362	file "enabled.trusted.db.signed";
363};
364
365zone "unsupported.trusted" {
366	type primary;
367	file "unsupported.trusted.db.signed";
368};
369
370zone "revoked.trusted" {
371	type primary;
372	file "revoked.trusted.db.signed";
373};
374
375zone "too-many-iterations" {
376	type secondary;
377	primaries { 10.53.0.2; };
378	file "too-many-iterations.bk";
379};
380
381include "siginterval.conf";
382
383include "trusted.conf";
384