1/* 2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 3 * 4 * This Source Code Form is subject to the terms of the Mozilla Public 5 * License, v. 2.0. If a copy of the MPL was not distributed with this 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. 7 * 8 * See the COPYRIGHT file distributed with this work for additional 9 * information regarding copyright ownership. 10 */ 11 12// NS4 13 14key rndc_key { 15 secret "1234abcd8765"; 16 algorithm hmac-sha256; 17}; 18 19controls { 20 inet 10.53.0.4 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; 21}; 22 23key "sha1" { 24 algorithm "hmac-sha1"; 25 secret "FrSt77yPTFx6hTs4i2tKLB9LmE0="; 26}; 27 28key "sha224" { 29 algorithm "hmac-sha224"; 30 secret "hXfwwwiag2QGqblopofai9NuW28q/1rH4CaTnA=="; 31}; 32 33key "sha256" { 34 algorithm "hmac-sha256"; 35 secret "R16NojROxtxH/xbDl//ehDsHm5DjWTQ2YXV+hGC2iBY="; 36}; 37 38key "keyforview1" { 39 algorithm "hmac-sha1"; 40 secret "YPfMoAk6h+3iN8MDRQC004iSNHY="; 41}; 42 43key "keyforview2" { 44 algorithm "hmac-sha1"; 45 secret "4xILSZQnuO1UKubXHkYUsvBRPu8="; 46}; 47 48key "keyforview3" { 49 algorithm "hmac-sha1"; 50 secret "C1Azf+gGPMmxrUg/WQINP6eV9Y0="; 51}; 52 53dnssec-policy "test" { 54 keys { 55 csk key-directory lifetime 0 algorithm 14; 56 }; 57}; 58 59options { 60 query-source address 10.53.0.4; 61 port @PORT@; 62 pid-file "named.pid"; 63 listen-on { 10.53.0.4; }; 64 listen-on-v6 { none; }; 65 recursion no; 66 dnssec-policy "test"; 67}; 68 69view "inherit" { 70 match-clients { key "sha1"; }; 71 72 /* Inherit dnssec-policy 'test' */ 73 zone "inherit.inherit.signed" { 74 type primary; 75 file "inherit.inherit.signed.db"; 76 }; 77 78 /* Override dnssec-policy */ 79 zone "override.inherit.signed" { 80 type primary; 81 dnssec-policy "default"; 82 file "override.inherit.signed.db"; 83 }; 84 85 /* Unset dnssec-policy */ 86 zone "none.inherit.signed" { 87 type primary; 88 dnssec-policy "none"; 89 file "none.inherit.signed.db"; 90 }; 91}; 92 93view "override" { 94 match-clients { key "sha224"; }; 95 dnssec-policy "default"; 96 97 /* Inherit dnssec-policy 'test' */ 98 zone "inherit.override.signed" { 99 type primary; 100 file "inherit.override.signed.db"; 101 }; 102 103 /* Override dnssec-policy */ 104 zone "override.override.signed" { 105 type primary; 106 dnssec-policy "test"; 107 file "override.override.signed.db"; 108 }; 109 110 /* Unset dnssec-policy */ 111 zone "none.override.signed" { 112 type primary; 113 dnssec-policy "none"; 114 file "none.override.signed.db"; 115 }; 116}; 117 118view "none" { 119 match-clients { key "sha256"; }; 120 dnssec-policy "none"; 121 122 /* Inherit dnssec-policy 'none' */ 123 zone "inherit.none.signed" { 124 type primary; 125 file "inherit.none.signed.db"; 126 }; 127 128 /* Override dnssec-policy */ 129 zone "override.none.signed" { 130 type primary; 131 dnssec-policy "test"; 132 file "override.none.signed.db"; 133 }; 134 135 /* Unset dnssec-policy */ 136 zone "none.none.signed" { 137 type primary; 138 dnssec-policy "none"; 139 file "none.none.signed.db"; 140 }; 141}; 142 143view "example1" { 144 match-clients { key "keyforview1"; }; 145 146 zone "example.net" { 147 type primary; 148 file "example1.db"; 149 }; 150}; 151 152view "example2" { 153 match-clients { key "keyforview2"; }; 154 155 zone "example.net" { 156 type primary; 157 file "example2.db"; 158 }; 159}; 160 161view "example3" { 162 match-clients { key "keyforview3"; }; 163 zone "example.net" { 164 in-view example2; 165 }; 166}; 167