xref: /netbsd-src/external/mpl/bind/dist/bin/tests/system/kasp/ns4/named.conf.in (revision 2f62cc9c12bc202c40224f32c879f81443fee079)
1/*
2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
3 *
4 * SPDX-License-Identifier: MPL-2.0
5 *
6 * This Source Code Form is subject to the terms of the Mozilla Public
7 * License, v. 2.0.  If a copy of the MPL was not distributed with this
8 * file, you can obtain one at https://mozilla.org/MPL/2.0/.
9 *
10 * See the COPYRIGHT file distributed with this work for additional
11 * information regarding copyright ownership.
12 */
13
14// NS4
15
16key rndc_key {
17	secret "1234abcd8765";
18	algorithm @DEFAULT_HMAC@;
19};
20
21controls {
22	inet 10.53.0.4 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
23};
24
25key "sha1" {
26	algorithm "hmac-sha1";
27	secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
28};
29
30key "sha224" {
31	algorithm "hmac-sha224";
32	secret "hXfwwwiag2QGqblopofai9NuW28q/1rH4CaTnA==";
33};
34
35key "sha256" {
36	algorithm "hmac-sha256";
37	secret "R16NojROxtxH/xbDl//ehDsHm5DjWTQ2YXV+hGC2iBY=";
38};
39
40key "keyforview1" {
41	algorithm @DEFAULT_HMAC@;
42	secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
43};
44
45key "keyforview2" {
46	algorithm @DEFAULT_HMAC@;
47	secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
48};
49
50key "keyforview3" {
51	algorithm @DEFAULT_HMAC@;
52	secret "C1Azf+gGPMmxrUg/WQINP6eV9Y0=";
53};
54
55dnssec-policy "test" {
56	keys {
57		csk key-directory lifetime 0 algorithm 14;
58	};
59};
60
61options {
62	query-source address 10.53.0.4;
63	port @PORT@;
64	pid-file "named.pid";
65	listen-on { 10.53.0.4; };
66	listen-on-v6 { none; };
67	recursion no;
68	dnssec-policy "test";
69	dnssec-validation no;
70};
71
72view "inherit" {
73	match-clients { key "sha1"; };
74
75	/* Inherit dnssec-policy 'test' */
76	zone "inherit.inherit.signed" {
77		type primary;
78		file "inherit.inherit.signed.db";
79		inline-signing yes;
80	};
81
82	/* Override dnssec-policy */
83	zone "override.inherit.signed" {
84		type primary;
85		file "override.inherit.signed.db";
86		inline-signing yes;
87		dnssec-policy "default";
88	};
89
90	/* Unset dnssec-policy */
91	zone "none.inherit.signed" {
92		type primary;
93		file "none.inherit.signed.db";
94		dnssec-policy "none";
95	};
96};
97
98view "override" {
99	match-clients { key "sha224"; };
100	dnssec-policy "default";
101
102	/* Inherit dnssec-policy 'test' */
103	zone "inherit.override.signed" {
104		type primary;
105		file "inherit.override.signed.db";
106		inline-signing yes;
107	};
108
109	/* Override dnssec-policy */
110	zone "override.override.signed" {
111		type primary;
112		file "override.override.signed.db";
113		inline-signing yes;
114		dnssec-policy "test";
115	};
116
117	/* Unset dnssec-policy */
118	zone "none.override.signed" {
119		type primary;
120		file "none.override.signed.db";
121		dnssec-policy "none";
122	};
123};
124
125view "none" {
126	match-clients { key "sha256"; };
127	dnssec-policy "none";
128
129	/* Inherit dnssec-policy 'none' */
130	zone "inherit.none.signed" {
131		type primary;
132		file "inherit.none.signed.db";
133	};
134
135	/* Override dnssec-policy */
136	zone "override.none.signed" {
137		type primary;
138		file "override.none.signed.db";
139		inline-signing yes;
140		dnssec-policy "test";
141	};
142
143	/* Unset dnssec-policy */
144	zone "none.none.signed" {
145		type primary;
146		file "none.none.signed.db";
147		dnssec-policy "none";
148	};
149};
150
151view "example1" {
152	match-clients { key "keyforview1"; };
153
154	allow-update { any; };
155
156	zone "example.net" {
157		type primary;
158		file "example1.db";
159	};
160};
161
162view "example2" {
163	match-clients { key "keyforview2"; };
164
165	zone "example.net" {
166		type primary;
167		file "example2.db";
168		inline-signing yes;
169	};
170};
171
172view "example3" {
173	match-clients { key "keyforview3"; };
174	zone "example.net" {
175		in-view example2;
176	};
177};
178