1/* 2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 3 * 4 * SPDX-License-Identifier: MPL-2.0 5 * 6 * This Source Code Form is subject to the terms of the Mozilla Public 7 * License, v. 2.0. If a copy of the MPL was not distributed with this 8 * file, you can obtain one at https://mozilla.org/MPL/2.0/. 9 * 10 * See the COPYRIGHT file distributed with this work for additional 11 * information regarding copyright ownership. 12 */ 13 14// NS3 15 16include "../../common/rndc.key"; 17 18controls { 19 inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; 20}; 21 22options { 23 query-source address 10.53.0.3; 24 notify-source 10.53.0.3; 25 transfer-source 10.53.0.3; 26 port @PORT@; 27 pid-file "named.pid"; 28 listen-on { 10.53.0.3; }; 29 listen-on-v6 { none; }; 30 recursion no; 31 notify yes; 32 try-tcp-refresh no; 33 notify-delay 0; 34 allow-new-zones yes; 35}; 36 37zone "bits" { 38 type secondary; 39 primaries { 10.53.0.2; }; 40 inline-signing yes; 41 auto-dnssec maintain; 42 allow-update-forwarding { any; }; 43 file "bits.bk"; 44 sig-signing-signatures 1; // force incremental processing 45}; 46 47server 10.53.0.4 { request-ixfr no; }; 48 49zone "noixfr" { 50 type secondary; 51 primaries { 10.53.0.4; }; 52 inline-signing yes; 53 auto-dnssec maintain; 54 allow-update-forwarding { any; }; 55 file "noixfr.bk"; 56}; 57 58zone "master" { 59 type primary; 60 inline-signing yes; 61 auto-dnssec maintain; 62 file "master.db"; 63 notify explicit; 64 also-notify { 65 10.53.0.3; 66 }; 67}; 68 69zone "dynamic" { 70 type primary; 71 inline-signing yes; 72 auto-dnssec maintain; 73 allow-update { any; }; 74 file "dynamic.db"; 75}; 76 77zone "updated" { 78 type primary; 79 inline-signing yes; 80 auto-dnssec maintain; 81 allow-update { none; }; 82 file "updated.db"; 83}; 84 85zone "expired" { 86 type primary; 87 inline-signing yes; 88 auto-dnssec maintain; 89 allow-update { any; }; 90 file "expired.db"; 91}; 92 93zone "retransfer" { 94 type secondary; 95 primaries { 10.53.0.2; }; 96 inline-signing yes; 97 auto-dnssec maintain; 98 file "retransfer.bk"; 99}; 100 101zone "nsec3" { 102 type primary; 103 inline-signing yes; 104 auto-dnssec maintain; 105 allow-update { any; }; 106 file "nsec3.db"; 107}; 108 109zone "externalkey" { 110 type primary; 111 inline-signing yes; 112 auto-dnssec maintain; 113 allow-update { any; }; 114 file "externalkey.db"; 115}; 116 117zone "retransfer3" { 118 type secondary; 119 primaries { 10.53.0.2; }; 120 inline-signing yes; 121 auto-dnssec maintain; 122 file "retransfer3.bk"; 123}; 124 125zone "inactiveksk" { 126 type secondary; 127 primaries { 10.53.0.2; }; 128 inline-signing yes; 129 auto-dnssec maintain; 130 dnssec-dnskey-kskonly yes; 131 file "inactiveksk.bk"; 132}; 133 134zone "inactivezsk" { 135 type secondary; 136 primaries { 10.53.0.2; }; 137 inline-signing yes; 138 auto-dnssec maintain; 139 file "inactivezsk.bk"; 140}; 141 142zone "nokeys" { 143 type secondary; 144 primaries { 10.53.0.2; }; 145 inline-signing yes; 146 auto-dnssec maintain; 147 file "nokeys.bk"; 148}; 149 150zone "delayedkeys" { 151 type primary; 152 inline-signing yes; 153 auto-dnssec maintain; 154 file "delayedkeys.db"; 155}; 156 157zone "removedkeys-primary" { 158 type primary; 159 inline-signing yes; 160 auto-dnssec maintain; 161 allow-update { any; }; 162 also-notify { 10.53.0.2; }; 163 file "removedkeys-primary.db"; 164}; 165 166zone "removedkeys-secondary" { 167 type secondary; 168 primaries { 10.53.0.2; }; 169 inline-signing yes; 170 auto-dnssec maintain; 171 file "removedkeys-secondary.bk"; 172}; 173 174zone "unsupported" { 175 type primary; 176 file "unsupported.db"; 177 inline-signing yes; 178 auto-dnssec maintain; 179}; 180