xref: /netbsd-src/external/mpl/bind/dist/bin/tests/system/kasp/ns6/named2.conf.in (revision f0fde9902fd4d72ded2807793acc7bfaa1ebf243) 
1/*
2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
3 *
4 * This Source Code Form is subject to the terms of the Mozilla Public
5 * License, v. 2.0. If a copy of the MPL was not distributed with this
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
7 *
8 * See the COPYRIGHT file distributed with this work for additional
9 * information regarding copyright ownership.
10 */
11
12// NS6
13
14include "policies/kasp.conf";
15include "policies/csk2.conf";
16
17options {
18	query-source address 10.53.0.6;
19	notify-source 10.53.0.6;
20	transfer-source 10.53.0.6;
21	port @PORT@;
22	pid-file "named.pid";
23	listen-on { 10.53.0.6; };
24	listen-on-v6 { none; };
25	allow-transfer { any; };
26	recursion no;
27};
28
29key rndc_key {
30	secret "1234abcd8765";
31	algorithm hmac-sha256;
32};
33
34controls {
35	inet 10.53.0.6 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
36};
37
38/* Zones for testing going insecure. */
39zone "step1.going-insecure.kasp" {
40        type master;
41        file "step1.going-insecure.kasp.db";
42        dnssec-policy "insecure";
43};
44
45zone "step2.going-insecure.kasp" {
46        type master;
47        file "step2.going-insecure.kasp.db";
48        dnssec-policy "insecure";
49};
50
51zone "step1.going-insecure-dynamic.kasp" {
52        type master;
53        file "step1.going-insecure-dynamic.kasp.db";
54        dnssec-policy "insecure";
55	allow-update { any; };
56};
57
58zone "step2.going-insecure-dynamic.kasp" {
59        type master;
60        file "step2.going-insecure-dynamic.kasp.db";
61        dnssec-policy "insecure";
62	allow-update { any; };
63};
64
65zone "step1.going-straight-to-none.kasp" {
66        type master;
67        file "step1.going-straight-to-none.kasp.db";
68        dnssec-policy "none";
69};
70
71/*
72 * Zones for testing KSK/ZSK algorithm roll.
73 */
74zone "step1.algorithm-roll.kasp" {
75	type primary;
76	file "step1.algorithm-roll.kasp.db";
77	dnssec-policy "ecdsa256";
78};
79
80zone "step2.algorithm-roll.kasp" {
81	type primary;
82	file "step2.algorithm-roll.kasp.db";
83	dnssec-policy "ecdsa256";
84};
85
86zone "step3.algorithm-roll.kasp" {
87	type primary;
88	file "step3.algorithm-roll.kasp.db";
89	dnssec-policy "ecdsa256";
90};
91
92zone "step4.algorithm-roll.kasp" {
93	type primary;
94	file "step4.algorithm-roll.kasp.db";
95	dnssec-policy "ecdsa256";
96};
97
98zone "step5.algorithm-roll.kasp" {
99	type primary;
100	file "step5.algorithm-roll.kasp.db";
101	dnssec-policy "ecdsa256";
102};
103
104zone "step6.algorithm-roll.kasp" {
105	type primary;
106	file "step6.algorithm-roll.kasp.db";
107	dnssec-policy "ecdsa256";
108};
109
110/*
111 * Zones for testing CSK algorithm roll.
112 */
113zone "step1.csk-algorithm-roll.kasp" {
114	type primary;
115	file "step1.csk-algorithm-roll.kasp.db";
116	dnssec-policy "csk-algoroll";
117};
118
119zone "step2.csk-algorithm-roll.kasp" {
120	type primary;
121	file "step2.csk-algorithm-roll.kasp.db";
122	dnssec-policy "csk-algoroll";
123};
124
125zone "step3.csk-algorithm-roll.kasp" {
126	type primary;
127	file "step3.csk-algorithm-roll.kasp.db";
128	dnssec-policy "csk-algoroll";
129};
130
131zone "step4.csk-algorithm-roll.kasp" {
132	type primary;
133	file "step4.csk-algorithm-roll.kasp.db";
134	dnssec-policy "csk-algoroll";
135};
136
137zone "step5.csk-algorithm-roll.kasp" {
138	type primary;
139	file "step5.csk-algorithm-roll.kasp.db";
140	dnssec-policy "csk-algoroll";
141};
142
143zone "step6.csk-algorithm-roll.kasp" {
144	type primary;
145	file "step6.csk-algorithm-roll.kasp.db";
146	dnssec-policy "csk-algoroll";
147};
148
149dnssec-policy "modified" {
150	keys {
151		csk lifetime unlimited algorithm rsasha256 2048;
152	};
153};
154
155zone example {
156	type primary;
157	dnssec-policy modified;
158	file "example.db";
159};
160