1/* 2 * Copyright (C) 2009-2013 Internet Systems Consortium, Inc. ("ISC") 3 * 4 * Permission to use, copy, modify, and/or distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 9 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 10 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 11 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 12 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 13 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 14 * PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17/* Id: named.conf,v 1.15 2012/02/06 23:46:47 tbox Exp */ 18 19// NS3 20 21controls { /* empty */ }; 22 23options { 24 query-source address 10.53.0.3; 25 notify-source 10.53.0.3; 26 transfer-source 10.53.0.3; 27 port 5300; 28 session-keyfile "session.key"; 29 pid-file "named.pid"; 30 listen-on { 10.53.0.3; }; 31 listen-on-v6 { none; }; 32 recursion no; 33 notify yes; 34 dnssec-enable yes; 35 dnssec-validation yes; 36 dnssec-loadkeys-interval 10; 37 allow-new-zones yes; 38}; 39 40key rndc_key { 41 secret "1234abcd8765"; 42 algorithm hmac-sha256; 43}; 44 45controls { 46 inet 10.53.0.3 port 9953 allow { any; } keys { rndc_key; }; 47}; 48 49zone "." { 50 type hint; 51 file "../../common/root.hint"; 52}; 53 54zone "example" { 55 type slave; 56 masters { 10.53.0.2; }; 57 file "example.bk"; 58}; 59 60zone "bar" { 61 type slave; 62 masters { 10.53.0.2; }; 63 file "bar.bk"; 64}; 65 66zone "secure.example" { 67 type master; 68 file "secure.example.db"; 69 allow-update { any; }; 70 auto-dnssec maintain; 71}; 72 73zone "insecure.example" { 74 type master; 75 file "insecure.example.db"; 76}; 77 78zone "nsec3.example" { 79 type master; 80 file "nsec3.example.db"; 81 allow-update { any; }; 82 auto-dnssec maintain; 83}; 84 85zone "autonsec3.example" { 86 type master; 87 file "autonsec3.example.db"; 88 allow-update { any; }; 89 auto-dnssec maintain; 90}; 91 92zone "optout.nsec3.example" { 93 type master; 94 file "optout.nsec3.example.db"; 95 allow-update { any; }; 96 auto-dnssec maintain; 97}; 98 99zone "nsec3.nsec3.example" { 100 type master; 101 file "nsec3.nsec3.example.db"; 102 allow-update { any; }; 103 auto-dnssec maintain; 104}; 105 106zone "secure.nsec3.example" { 107 type master; 108 file "secure.nsec3.example.db"; 109 allow-update { any; }; 110 auto-dnssec maintain; 111}; 112 113zone "optout.example" { 114 type master; 115 file "optout.example.db"; 116 allow-update { any; }; 117 auto-dnssec maintain; 118}; 119 120zone "secure.optout.example" { 121 type master; 122 file "secure.optout.example.db"; 123 allow-update { any; }; 124 auto-dnssec maintain; 125}; 126 127zone "nsec3.optout.example" { 128 type master; 129 file "nsec3.optout.example.db"; 130 allow-update { any; }; 131 auto-dnssec maintain; 132}; 133 134zone "optout.optout.example" { 135 type master; 136 file "optout.optout.example.db"; 137 allow-update { any; }; 138 auto-dnssec maintain; 139}; 140 141zone "rsasha256.example" { 142 type master; 143 file "rsasha256.example.db"; 144 allow-update { any; }; 145 auto-dnssec maintain; 146}; 147 148zone "rsasha512.example" { 149 type master; 150 file "rsasha512.example.db"; 151 allow-update { any; }; 152 auto-dnssec maintain; 153}; 154 155zone "nsec.example" { 156 type master; 157 file "nsec.example.db"; 158 allow-update { any; }; 159 auto-dnssec maintain; 160}; 161 162zone "nsec3-to-nsec.example" { 163 type master; 164 file "nsec3-to-nsec.example.db"; 165 allow-update { any; }; 166 auto-dnssec maintain; 167}; 168 169zone "secure-to-insecure.example" { 170 type master; 171 file "secure-to-insecure.example.db"; 172 allow-update { any; }; 173 dnssec-secure-to-insecure yes; 174}; 175 176zone "secure-to-insecure2.example" { 177 type master; 178 file "secure-to-insecure2.example.db"; 179 allow-update { any; }; 180 auto-dnssec maintain; 181 dnssec-secure-to-insecure yes; 182}; 183 184zone "oldsigs.example" { 185 type master; 186 file "oldsigs.example.db"; 187 allow-update { any; }; 188 auto-dnssec maintain; 189}; 190 191zone "prepub.example" { 192 type master; 193 file "prepub.example.db"; 194 allow-update { any; }; 195 auto-dnssec maintain; 196}; 197 198zone "ttl1.example" { 199 type master; 200 file "ttl1.example.db"; 201 allow-update { any; }; 202 auto-dnssec maintain; 203}; 204 205zone "ttl2.example" { 206 type master; 207 file "ttl2.example.db"; 208 allow-update { any; }; 209 auto-dnssec maintain; 210}; 211 212zone "ttl3.example" { 213 type master; 214 file "ttl3.example.db"; 215 allow-update { any; }; 216 auto-dnssec maintain; 217}; 218 219zone "ttl4.example" { 220 type master; 221 file "ttl4.example.db"; 222 allow-update { any; }; 223 auto-dnssec maintain; 224}; 225 226zone "delay.example" { 227 type master; 228 file "delay.example.db"; 229 allow-update { any; }; 230 auto-dnssec maintain; 231}; 232 233zone "nozsk.example" { 234 type master; 235 file "nozsk.example.db"; 236 allow-update { any; }; 237 auto-dnssec maintain; 238}; 239 240zone "inaczsk.example" { 241 type master; 242 file "inaczsk.example.db"; 243 allow-update { any; }; 244 auto-dnssec maintain; 245}; 246include "trusted.conf"; 247