/* * Copyright (C) Internet Systems Consortium, Inc. ("ISC") * * SPDX-License-Identifier: MPL-2.0 * * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, you can obtain one at https://mozilla.org/MPL/2.0/. * * See the COPYRIGHT file distributed with this work for additional * information regarding copyright ownership. */ // NS2 options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; recursion no; notify yes; dnssec-validation yes; notify-delay 1; minimal-responses no; }; key rndc_key { secret "1234abcd8765"; algorithm @DEFAULT_HMAC@; }; controls { inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; dnssec-policy "dnssec" { keys { ksk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; zsk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; }; }; zone "." { type hint; file "../../_common/root.hint"; }; zone "trusted" { type primary; file "trusted.db.signed"; }; zone "managed" { type primary; file "managed.db.signed"; }; zone "example" { type primary; file "example.db.signed"; allow-update { any; }; }; zone "insecure.secure.example" { type primary; file "insecure.secure.example.db"; allow-update { any; }; }; zone "rfc2335.example" { type primary; file "rfc2335.example.db"; }; zone "child.nsec3.example" { type primary; file "child.nsec3.example.db"; allow-update { none; }; }; zone "child.optout.example" { type primary; file "child.optout.example.db"; allow-update { none; }; }; zone "badparam" { type primary; file "badparam.db.bad"; }; zone "single-nsec3" { type primary; file "single-nsec3.db.signed"; }; zone "algroll" { type primary; file "algroll.db.signed"; }; zone "nsec3chain-test" { type primary; file "nsec3chain-test.db.signed"; allow-update {any;}; }; zone "in-addr.arpa" { type primary; file "in-addr.arpa.db.signed"; }; zone "cds.secure" { type primary; file "cds.secure.db.signed"; }; zone "cds-x.secure" { type primary; file "cds-x.secure.db.signed"; }; zone "cds-update.secure" { type primary; dnssec-dnskey-kskonly no; file "cds-update.secure.db.signed"; allow-update { any; }; }; zone "cds-kskonly.secure" { type primary; dnssec-dnskey-kskonly yes; file "cds-kskonly.secure.db.signed"; allow-update { any; }; }; zone "cds-auto.secure" { type primary; dnssec-dnskey-kskonly no; file "cds-auto.secure.db.signed"; auto-dnssec maintain; allow-update { any; }; }; zone "cdnskey.secure" { type primary; file "cdnskey.secure.db.signed"; }; zone "cdnskey-x.secure" { type primary; file "cdnskey-x.secure.db.signed"; }; zone "cdnskey-update.secure" { type primary; dnssec-dnskey-kskonly no; file "cdnskey-update.secure.db.signed"; allow-update { any; }; }; zone "cdnskey-kskonly.secure" { type primary; dnssec-dnskey-kskonly yes; file "cdnskey-kskonly.secure.db.signed"; allow-update { any; }; }; zone "cdnskey-auto.secure" { type primary; dnssec-dnskey-kskonly no; file "cdnskey-auto.secure.db.signed"; auto-dnssec maintain; allow-update { any; }; }; zone "updatecheck-kskonly.secure" { type primary; auto-dnssec maintain; key-directory "."; dnssec-dnskey-kskonly yes; update-check-ksk yes; sig-validity-interval 10; dnskey-sig-validity 40; file "updatecheck-kskonly.secure.db.signed"; allow-update { any; }; }; zone "corp" { type primary; file "corp.db"; }; zone "hours-vs-days" { type primary; file "hours-vs-days.db.signed"; auto-dnssec maintain; /* validity 500 days, resign in 499 days */ sig-validity-interval 500 499; allow-update { any; }; }; zone "too-many-iterations" { type primary; file "too-many-iterations.db.signed"; }; zone "lazy-ksk" { type primary; file "lazy-ksk.db"; dnssec-policy "dnssec"; allow-update { any; }; }; include "trusted.conf";