1/* 2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 3 * 4 * SPDX-License-Identifier: MPL-2.0 5 * 6 * This Source Code Form is subject to the terms of the Mozilla Public 7 * License, v. 2.0. If a copy of the MPL was not distributed with this 8 * file, you can obtain one at https://mozilla.org/MPL/2.0/. 9 * 10 * See the COPYRIGHT file distributed with this work for additional 11 * information regarding copyright ownership. 12 */ 13 14// NS3 15 16include "../../_common/rndc.key"; 17 18controls { 19 inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; 20}; 21 22options { 23 query-source address 10.53.0.3; 24 notify-source 10.53.0.3; 25 transfer-source 10.53.0.3; 26 port @PORT@; 27 pid-file "named.pid"; 28 listen-on { 10.53.0.3; }; 29 listen-on-v6 { none; }; 30 recursion no; 31 notify yes; 32 try-tcp-refresh no; 33 notify-delay 0; 34 allow-new-zones yes; 35 dnssec-validation no; 36}; 37 38zone "bits" { 39 type secondary; 40 primaries { 10.53.0.2; }; 41 inline-signing yes; 42 auto-dnssec maintain; 43 allow-update-forwarding { any; }; 44 file "bits.bk"; 45 sig-signing-signatures 1; // force incremental processing 46}; 47 48server 10.53.0.4 { request-ixfr no; }; 49 50zone "noixfr" { 51 type secondary; 52 primaries { 10.53.0.4; }; 53 inline-signing yes; 54 auto-dnssec maintain; 55 allow-update-forwarding { any; }; 56 file "noixfr.bk"; 57}; 58 59zone "primary" { 60 type primary; 61 inline-signing yes; 62 auto-dnssec maintain; 63 file "primary.db"; 64 notify explicit; 65 also-notify { 66 10.53.0.3; 67 }; 68}; 69 70zone "dynamic" { 71 type primary; 72 inline-signing yes; 73 auto-dnssec maintain; 74 allow-update { any; }; 75 file "dynamic.db"; 76}; 77 78zone "updated" { 79 type primary; 80 inline-signing yes; 81 auto-dnssec maintain; 82 allow-update { none; }; 83 file "updated.db"; 84}; 85 86zone "expired" { 87 type primary; 88 inline-signing yes; 89 auto-dnssec maintain; 90 allow-update { any; }; 91 file "expired.db"; 92}; 93 94zone "retransfer" { 95 type secondary; 96 primaries { 10.53.0.2; }; 97 inline-signing yes; 98 auto-dnssec maintain; 99 file "retransfer.bk"; 100}; 101 102zone "nsec3" { 103 type primary; 104 inline-signing yes; 105 auto-dnssec maintain; 106 allow-update { any; }; 107 file "nsec3.db"; 108}; 109 110zone "externalkey" { 111 type primary; 112 inline-signing yes; 113 auto-dnssec maintain; 114 dnssec-dnskey-kskonly no; 115 allow-update { any; }; 116 file "externalkey.db"; 117}; 118 119zone "retransfer3" { 120 type secondary; 121 primaries { 10.53.0.2; }; 122 inline-signing yes; 123 auto-dnssec maintain; 124 file "retransfer3.bk"; 125}; 126 127zone "inactiveksk" { 128 type secondary; 129 primaries { 10.53.0.2; }; 130 inline-signing yes; 131 auto-dnssec maintain; 132 dnssec-dnskey-kskonly yes; 133 file "inactiveksk.bk"; 134}; 135 136zone "inactivezsk" { 137 type secondary; 138 primaries { 10.53.0.2; }; 139 inline-signing yes; 140 auto-dnssec maintain; 141 file "inactivezsk.bk"; 142}; 143 144zone "nokeys" { 145 type secondary; 146 primaries { 10.53.0.2; }; 147 inline-signing yes; 148 auto-dnssec maintain; 149 file "nokeys.bk"; 150}; 151 152zone "delayedkeys" { 153 type primary; 154 inline-signing yes; 155 auto-dnssec maintain; 156 file "delayedkeys.db"; 157}; 158 159zone "removedkeys-primary" { 160 type primary; 161 inline-signing yes; 162 auto-dnssec maintain; 163 allow-update { any; }; 164 also-notify { 10.53.0.2; }; 165 file "removedkeys-primary.db"; 166}; 167 168zone "removedkeys-secondary" { 169 type secondary; 170 primaries { 10.53.0.2; }; 171 inline-signing yes; 172 auto-dnssec maintain; 173 file "removedkeys-secondary.bk"; 174}; 175 176zone "unsupported" { 177 type primary; 178 file "unsupported.db"; 179 inline-signing yes; 180 auto-dnssec maintain; 181}; 182