xref: /netbsd-src/external/mpl/bind/dist/bin/tests/system/kasp/ns5/named.conf.in (revision 8feb0f0b7eaff0608f8350bbfa3098827b4bb91b) 
1/*
2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
3 *
4 * SPDX-License-Identifier: MPL-2.0
5 *
6 * This Source Code Form is subject to the terms of the Mozilla Public
7 * License, v. 2.0.  If a copy of the MPL was not distributed with this
8 * file, you can obtain one at https://mozilla.org/MPL/2.0/.
9 *
10 * See the COPYRIGHT file distributed with this work for additional
11 * information regarding copyright ownership.
12 */
13
14// NS5
15
16key rndc_key {
17	secret "1234abcd8765";
18	algorithm hmac-sha256;
19};
20
21controls {
22	inet 10.53.0.5 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
23};
24
25key "sha1" {
26	algorithm "hmac-sha1";
27	secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
28};
29
30key "sha224" {
31	algorithm "hmac-sha224";
32	secret "hXfwwwiag2QGqblopofai9NuW28q/1rH4CaTnA==";
33};
34
35key "sha256" {
36	algorithm "hmac-sha256";
37	secret "R16NojROxtxH/xbDl//ehDsHm5DjWTQ2YXV+hGC2iBY=";
38};
39
40dnssec-policy "test" {
41	keys {
42		csk key-directory lifetime 0 algorithm 14;
43	};
44};
45
46options {
47	query-source address 10.53.0.5;
48	port @PORT@;
49	pid-file "named.pid";
50	listen-on { 10.53.0.5; };
51	listen-on-v6 { none; };
52	recursion no;
53	dnssec-policy "none";
54};
55
56view "inherit" {
57	match-clients { key "sha1"; };
58
59	/* Inherit dnssec-policy 'none' */
60	zone "inherit.inherit.unsigned" {
61		type primary;
62		file "inherit.inherit.unsigned.db";
63	};
64
65	/* Override dnssec-policy */
66	zone "override.inherit.unsigned" {
67		type primary;
68		file "override.inherit.unsigned.db";
69		inline-signing yes;
70		dnssec-policy "default";
71	};
72
73	/* Unset dnssec-policy */
74	zone "none.inherit.unsigned" {
75		type primary;
76		file "none.inherit.unsigned.db";
77		dnssec-policy "none";
78	};
79};
80
81view "override" {
82	match-clients { key "sha224"; };
83	dnssec-policy "default";
84
85	/* Inherit dnssec-policy 'default' */
86	zone "inherit.override.unsigned" {
87		type primary;
88		file "inherit.override.unsigned.db";
89		inline-signing yes;
90	};
91
92	/* Override dnssec-policy */
93	zone "override.override.unsigned" {
94		type primary;
95		file "override.override.unsigned.db";
96		inline-signing yes;
97		dnssec-policy "test";
98	};
99
100	/* Unset dnssec-policy */
101	zone "none.override.unsigned" {
102		type primary;
103		file "none.override.unsigned.db";
104		dnssec-policy "none";
105	};
106};
107
108view "none" {
109	match-clients { key "sha256"; };
110	dnssec-policy "none";
111
112	/* Inherit dnssec-policy 'none' */
113	zone "inherit.none.unsigned" {
114		type primary;
115		file "inherit.none.unsigned.db";
116	};
117
118	/* Override dnssec-policy */
119	zone "override.none.unsigned" {
120		type primary;
121		file "override.none.unsigned.db";
122		inline-signing yes;
123		dnssec-policy "test";
124	};
125
126	/* Unset dnssec-policy */
127	zone "none.none.unsigned" {
128		type primary;
129		file "none.none.unsigned.db";
130		dnssec-policy "none";
131	};
132};
133