xref: /netbsd-src/external/mpl/bind/dist/bin/tests/system/kasp/ns6/named.conf.in (revision ae87de8892f277bece3527c15b186ebcfa188227) 
1/*
2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
3 *
4 * SPDX-License-Identifier: MPL-2.0
5 *
6 * This Source Code Form is subject to the terms of the Mozilla Public
7 * License, v. 2.0.  If a copy of the MPL was not distributed with this
8 * file, you can obtain one at https://mozilla.org/MPL/2.0/.
9 *
10 * See the COPYRIGHT file distributed with this work for additional
11 * information regarding copyright ownership.
12 */
13
14// NS6
15
16include "policies/kasp.conf";
17include "policies/csk1.conf";
18
19options {
20	query-source address 10.53.0.6;
21	notify-source 10.53.0.6;
22	transfer-source 10.53.0.6;
23	port @PORT@;
24	pid-file "named.pid";
25	listen-on { 10.53.0.6; };
26	listen-on-v6 { none; };
27	allow-transfer { any; };
28	recursion no;
29	key-directory ".";
30};
31
32key rndc_key {
33	secret "1234abcd8765";
34	algorithm hmac-sha256;
35};
36
37controls {
38	inet 10.53.0.6 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
39};
40
41/* This zone switch from dynamic to inline-signing. */
42zone "dynamic2inline.kasp" {
43	type primary;
44	file "dynamic2inline.kasp.db";
45	allow-update { any; };
46	dnssec-policy "default";
47};
48
49/* These zones are going insecure. */
50zone "step1.going-insecure.kasp" {
51	type master;
52	file "step1.going-insecure.kasp.db";
53	inline-signing yes;
54	dnssec-policy "unsigning";
55};
56
57zone "step1.going-insecure-dynamic.kasp" {
58	type master;
59	file "step1.going-insecure-dynamic.kasp.db";
60	dnssec-policy "unsigning";
61	allow-update { any; };
62};
63
64zone "step1.going-straight-to-none.kasp" {
65	type master;
66	file "step1.going-straight-to-none.kasp.db";
67	inline-signing yes;
68	dnssec-policy "default";
69};
70
71/* These are alorithm rollover test zones. */
72zone "step1.algorithm-roll.kasp" {
73	type primary;
74	file "step1.algorithm-roll.kasp.db";
75	inline-signing yes;
76	dnssec-policy "rsasha256";
77};
78
79zone "step1.csk-algorithm-roll.kasp" {
80	type primary;
81	file "step1.csk-algorithm-roll.kasp.db";
82	inline-signing yes;
83	dnssec-policy "csk-algoroll";
84};
85
86dnssec-policy "modified" {
87	keys {
88		csk lifetime unlimited algorithm rsasha256 2048;
89	};
90};
91
92zone example {
93	type primary;
94	file "example.db";
95	inline-signing yes;
96	dnssec-policy modified;
97};
98