1/* 2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 3 * 4 * SPDX-License-Identifier: MPL-2.0 5 * 6 * This Source Code Form is subject to the terms of the Mozilla Public 7 * License, v. 2.0. If a copy of the MPL was not distributed with this 8 * file, you can obtain one at https://mozilla.org/MPL/2.0/. 9 * 10 * See the COPYRIGHT file distributed with this work for additional 11 * information regarding copyright ownership. 12 */ 13 14// NS4 15 16options { 17 query-source address 10.53.0.4 dscp 1; 18 notify-source 10.53.0.4 dscp 2; 19 transfer-source 10.53.0.4 dscp 3; 20 port @PORT@; 21 pid-file "named.pid"; 22 listen-on { 10.53.0.4; }; 23 listen-on-v6 { none; }; 24 recursion yes; 25 dnssec-validation yes; 26 dnssec-must-be-secure mustbesecure.example yes; 27 minimal-responses no; 28 29 nta-lifetime 12s; 30 nta-recheck 9s; 31 32 validate-except { corp; }; 33 34 # Note: We only reference the bind.keys file here to confirm that it 35 # is *not* being used. It contains the real root key, and we're 36 # using a local toy root zone for the tests, so it wouldn't work. 37 # But since dnssec-validation is set to "yes" not "auto", that 38 # won't matter. 39 bindkeys-file "../../../../../bind.keys"; 40}; 41 42key rndc_key { 43 secret "1234abcd8765"; 44 algorithm hmac-sha256; 45}; 46 47controls { 48 inet 10.53.0.4 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; 49}; 50 51zone "." { 52 type hint; 53 file "../../common/root.hint"; 54}; 55 56zone "corp" { 57 type static-stub; 58 server-addresses { 10.53.0.2; }; 59}; 60 61include "trusted.conf"; 62