xref: /netbsd-src/external/mpl/bind/dist/bin/tests/system/kasp/ns4/named.conf.in (revision 9fb66d812c00ebfb445c0b47dea128f32aa6fe96) 
1/*
2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
3 *
4 * This Source Code Form is subject to the terms of the Mozilla Public
5 * License, v. 2.0. If a copy of the MPL was not distributed with this
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
7 *
8 * See the COPYRIGHT file distributed with this work for additional
9 * information regarding copyright ownership.
10 */
11
12// NS4
13
14key rndc_key {
15	secret "1234abcd8765";
16	algorithm hmac-sha256;
17};
18
19controls {
20	inet 10.53.0.4 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
21};
22
23key "sha1" {
24	algorithm "hmac-sha1";
25	secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
26};
27
28key "sha224" {
29	algorithm "hmac-sha224";
30	secret "hXfwwwiag2QGqblopofai9NuW28q/1rH4CaTnA==";
31};
32
33key "sha256" {
34	algorithm "hmac-sha256";
35	secret "R16NojROxtxH/xbDl//ehDsHm5DjWTQ2YXV+hGC2iBY=";
36};
37
38key "keyforview1" {
39	algorithm "hmac-sha1";
40	secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
41};
42
43key "keyforview2" {
44	algorithm "hmac-sha1";
45	secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
46};
47
48dnssec-policy "test" {
49	keys {
50		csk key-directory lifetime 0 algorithm 14;
51	};
52};
53
54options {
55	query-source address 10.53.0.4;
56	port @PORT@;
57	pid-file "named.pid";
58	listen-on { 10.53.0.4; };
59	listen-on-v6 { none; };
60	recursion no;
61	dnssec-policy "test";
62};
63
64view "inherit" {
65	match-clients { key "sha1"; };
66
67	/* Inherit dnssec-policy 'test' */
68	zone "inherit.inherit.signed" {
69		type primary;
70		file "inherit.inherit.signed.db";
71	};
72
73	/* Override dnssec-policy */
74	zone "override.inherit.signed" {
75		type primary;
76		dnssec-policy "default";
77		file "override.inherit.signed.db";
78	};
79
80	/* Unset dnssec-policy */
81	zone "none.inherit.signed" {
82		type primary;
83		dnssec-policy "none";
84		file "none.inherit.signed.db";
85	};
86};
87
88view "override" {
89	match-clients { key "sha224"; };
90	dnssec-policy "default";
91
92	/* Inherit dnssec-policy 'test' */
93	zone "inherit.override.signed" {
94		type primary;
95		file "inherit.override.signed.db";
96	};
97
98	/* Override dnssec-policy */
99	zone "override.override.signed" {
100		type primary;
101		dnssec-policy "test";
102		file "override.override.signed.db";
103	};
104
105	/* Unset dnssec-policy */
106	zone "none.override.signed" {
107		type primary;
108		dnssec-policy "none";
109		file "none.override.signed.db";
110	};
111};
112
113view "none" {
114	match-clients { key "sha256"; };
115	dnssec-policy "none";
116
117	/* Inherit dnssec-policy 'none' */
118	zone "inherit.none.signed" {
119		type primary;
120		file "inherit.none.signed.db";
121	};
122
123	/* Override dnssec-policy */
124	zone "override.none.signed" {
125		type primary;
126		dnssec-policy "test";
127		file "override.none.signed.db";
128	};
129
130	/* Unset dnssec-policy */
131	zone "none.none.signed" {
132		type primary;
133		dnssec-policy "none";
134		file "none.none.signed.db";
135	};
136};
137
138view "example1" {
139	match-clients { key "keyforview1"; };
140
141	zone "example.net" {
142		type primary;
143		file "example1.db";
144	};
145};
146
147view "example2" {
148	match-clients { key "keyforview2"; };
149
150	zone "example.net" {
151		type primary;
152		file "example2.db";
153	};
154};
155