xref: /netbsd-src/external/mpl/bind/dist/bin/tests/system/dnssec/ns3/named.conf.in (revision 6db267571823ee3b0a1d61478df085a087f2e990) 
1/*
2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
3 *
4 * SPDX-License-Identifier: MPL-2.0
5 *
6 * This Source Code Form is subject to the terms of the Mozilla Public
7 * License, v. 2.0.  If a copy of the MPL was not distributed with this
8 * file, you can obtain one at https://mozilla.org/MPL/2.0/.
9 *
10 * See the COPYRIGHT file distributed with this work for additional
11 * information regarding copyright ownership.
12 */
13
14// NS3
15
16options {
17	query-source address 10.53.0.3;
18	notify-source 10.53.0.3;
19	transfer-source 10.53.0.3;
20	port @PORT@;
21	pid-file "named.pid";
22	listen-on { 10.53.0.3; };
23	listen-on-v6 { none; };
24	recursion no;
25	notify yes;
26	dnssec-validation yes;
27	session-keyfile "session.key";
28	minimal-responses no;
29};
30
31key rndc_key {
32	secret "1234abcd8765";
33	algorithm hmac-sha256;
34};
35
36controls {
37	inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
38};
39
40zone "." {
41	type hint;
42	file "../../common/root.hint";
43};
44
45zone "example" {
46	type secondary;
47	primaries { 10.53.0.2; };
48	file "example.bk";
49};
50
51zone "secure.example" {
52	type primary;
53	file "secure.example.db.signed";
54	allow-update { any; };
55};
56
57zone "bogus.example" {
58	type primary;
59	file "bogus.example.db.signed";
60	allow-update { any; };
61};
62
63zone "badds.example" {
64	type primary;
65	file "badds.example.db.signed";
66	allow-update { any; };
67};
68
69zone "dynamic.example" {
70	type primary;
71	file "dynamic.example.db.signed";
72	allow-update { any; };
73};
74
75zone "insecure.example" {
76	type primary;
77	file "insecure.example.db";
78	allow-update { any; };
79};
80
81zone "insecure2.example" {
82	type primary;
83	file "insecure2.example.db";
84	allow-update { any; };
85};
86
87zone "insecure.nsec3.example" {
88	type primary;
89	file "insecure.nsec3.example.db";
90	allow-update { any; };
91};
92
93zone "insecure.optout.example" {
94	type primary;
95	file "insecure.optout.example.db";
96	allow-update { any; };
97};
98
99zone "keyless.example" {
100	type primary;
101	file "keyless.example.db.signed";
102};
103
104zone "nsec3.example" {
105	type primary;
106	file "nsec3.example.db.signed";
107};
108
109zone "optout.nsec3.example" {
110	type primary;
111	file "optout.nsec3.example.db.signed";
112};
113
114zone "nsec3.nsec3.example" {
115	type primary;
116	file "nsec3.nsec3.example.db.signed";
117};
118
119zone "secure.nsec3.example" {
120	type primary;
121	file "secure.nsec3.example.db.signed";
122};
123
124zone "optout.example" {
125	type primary;
126	file "optout.example.db.signed";
127};
128
129zone "secure.optout.example" {
130	type primary;
131	file "secure.optout.example.db.signed";
132};
133
134zone "nsec3.optout.example" {
135	type primary;
136	file "nsec3.optout.example.db.signed";
137};
138
139zone "optout.optout.example" {
140	type primary;
141	file "optout.optout.example.db.signed";
142};
143
144zone "nsec3-unknown.example" {
145	type primary;
146	nsec3-test-zone yes;
147	file "nsec3-unknown.example.db.signed";
148};
149
150zone "optout-unknown.example" {
151	type primary;
152	nsec3-test-zone yes;
153	file "optout-unknown.example.db.signed";
154};
155
156zone "dnskey-unknown.example" {
157	type primary;
158	file "dnskey-unknown.example.db.signed";
159};
160
161zone "dnskey-unsupported.example" {
162	type primary;
163	file "dnskey-unsupported.example.db.signed";
164};
165
166zone "dnskey-unsupported-2.example" {
167	type primary;
168	file "dnskey-unsupported-2.example.db.signed";
169};
170
171zone "dnskey-nsec3-unknown.example" {
172	type primary;
173	nsec3-test-zone yes;
174	file "dnskey-nsec3-unknown.example.db.signed";
175};
176
177zone "multiple.example" {
178	type primary;
179	file "multiple.example.db.signed";
180	allow-update { any; };
181};
182
183zone "rfc2335.example" {
184	type secondary;
185	primaries { 10.53.0.2; };
186	file "rfc2335.example.bk";
187};
188
189zone "rsasha256.example" {
190	type primary;
191	file "rsasha256.example.db.signed";
192};
193
194zone "rsasha512.example" {
195	type primary;
196	file "rsasha512.example.db.signed";
197};
198
199zone "kskonly.example" {
200	type primary;
201	file "kskonly.example.db.signed";
202};
203
204zone "expired.example" {
205	type primary;
206	allow-update { none; };
207	file "expired.example.db.signed";
208};
209
210zone "update-nsec3.example" {
211	type primary;
212	allow-update { any; };
213	file "update-nsec3.example.db.signed";
214};
215
216zone "auto-nsec.example" {
217	type primary;
218	auto-dnssec maintain;
219	allow-update { !0.0.0.0; };
220	file "auto-nsec.example.db.signed";
221};
222
223zone "auto-nsec3.example" {
224	type primary;
225	auto-dnssec maintain;
226	allow-update { !0.0.0.0; };
227	file "auto-nsec3.example.db.signed";
228};
229
230zone "insecure.below-cname.example" {
231	type primary;
232	file "insecure.below-cname.example.db";
233};
234
235zone "secure.below-cname.example" {
236	type primary;
237	file "secure.below-cname.example.db.signed";
238};
239
240zone "ttlpatch.example" {
241	type primary;
242	file "ttlpatch.example.db.patched";
243};
244
245zone "split-dnssec.example" {
246	type primary;
247	file "split-dnssec.example.db";
248};
249
250zone "split-smart.example" {
251	type primary;
252	file "split-smart.example.db";
253};
254
255zone "nsec3chain-test" {
256	type secondary;
257	file "nsec3chain-test.bk";
258	primaries { 10.53.0.2; };
259};
260
261zone "expiring.example" {
262	type primary;
263	allow-update { any; };
264	file "expiring.example.db.signed";
265};
266
267zone "nosign.example" {
268	type primary;
269	allow-update { any; };
270	dnssec-update-mode no-resign;
271	file "nosign.example.db.signed";
272};
273
274zone "upper.example" {
275	type primary;
276	file "upper.example.db.signed";
277};
278
279zone "LOWER.EXAMPLE" {
280	type primary;
281	file "lower.example.db.signed";
282};
283
284zone "inline.example" {
285	type primary;
286	file "inline.example.db";
287	inline-signing yes;
288	auto-dnssec maintain;
289};
290
291zone "publish-inactive.example" {
292	type primary;
293	file "publish-inactive.example.db";
294	auto-dnssec maintain;
295	update-policy local;
296};
297
298zone "future.example" {
299	type primary;
300	file "future.example.db.signed";
301};
302
303zone "managed-future.example" {
304	type primary;
305	file "managed-future.example.db.signed";
306	allow-update { any; };
307};
308
309zone "revkey.example" {
310	type primary;
311	file "revkey.example.db.signed";
312};
313
314zone "dname-at-apex-nsec3.example" {
315	type primary;
316	file "dname-at-apex-nsec3.example.db.signed";
317};
318
319zone "occluded.example" {
320	type primary;
321	file "occluded.example.db.signed";
322};
323
324zone "secure.managed" {
325	type primary;
326	file "secure.managed.db.signed";
327};
328
329zone "disabled.managed" {
330	type primary;
331	file "disabled.managed.db.signed";
332};
333
334zone "enabled.managed" {
335	type primary;
336	file "enabled.managed.db.signed";
337};
338
339zone "unsupported.managed" {
340	type primary;
341	file "unsupported.managed.db.signed";
342};
343
344zone "revoked.managed" {
345	type primary;
346	file "revoked.managed.db.signed";
347};
348
349zone "secure.trusted" {
350	type primary;
351	file "secure.trusted.db.signed";
352};
353
354zone "disabled.trusted" {
355	type primary;
356	file "disabled.trusted.db.signed";
357};
358
359zone "enabled.trusted" {
360	type primary;
361	file "enabled.trusted.db.signed";
362};
363
364zone "unsupported.trusted" {
365	type primary;
366	file "unsupported.trusted.db.signed";
367};
368
369zone "revoked.trusted" {
370	type primary;
371	file "revoked.trusted.db.signed";
372};
373
374zone "too-many-iterations" {
375	type secondary;
376	primaries { 10.53.0.2; };
377	file "too-many-iterations.bk";
378};
379
380include "siginterval.conf";
381
382include "trusted.conf";
383