1/* 2 * Copyright (C) 2004, 2006-2014 Internet Systems Consortium, Inc. ("ISC") 3 * Copyright (C) 2000-2002 Internet Software Consortium. 4 * 5 * Permission to use, copy, modify, and/or distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 10 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 11 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 12 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 13 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 14 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 15 * PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18/* Id: named.conf,v 1.49 2011/10/28 06:20:05 each Exp */ 19 20// NS3 21 22controls { /* empty */ }; 23 24options { 25 query-source address 10.53.0.3; 26 notify-source 10.53.0.3; 27 transfer-source 10.53.0.3; 28 port 5300; 29 pid-file "named.pid"; 30 listen-on { 10.53.0.3; }; 31 listen-on-v6 { none; }; 32 recursion no; 33 notify yes; 34 dnssec-enable yes; 35 dnssec-validation yes; 36 session-keyfile "session.key"; 37}; 38 39key rndc_key { 40 secret "1234abcd8765"; 41 algorithm hmac-sha256; 42}; 43 44controls { 45 inet 10.53.0.3 port 9953 allow { any; } keys { rndc_key; }; 46}; 47 48zone "." { 49 type hint; 50 file "../../common/root.hint"; 51}; 52 53zone "example" { 54 type slave; 55 masters { 10.53.0.2; }; 56 file "example.bk"; 57}; 58 59zone "secure.example" { 60 type master; 61 file "secure.example.db.signed"; 62 allow-update { any; }; 63}; 64 65zone "bogus.example" { 66 type master; 67 file "bogus.example.db.signed"; 68 allow-update { any; }; 69}; 70 71zone "dynamic.example" { 72 type master; 73 file "dynamic.example.db.signed"; 74 allow-update { any; }; 75}; 76 77zone "insecure.example" { 78 type master; 79 file "insecure.example.db"; 80 allow-update { any; }; 81}; 82 83zone "insecure.nsec3.example" { 84 type master; 85 file "insecure.nsec3.example.db"; 86 allow-update { any; }; 87}; 88 89zone "insecure.optout.example" { 90 type master; 91 file "insecure.optout.example.db"; 92 allow-update { any; }; 93}; 94 95zone "keyless.example" { 96 type master; 97 file "keyless.example.db.signed"; 98}; 99 100zone "nsec3.example" { 101 type master; 102 file "nsec3.example.db.signed"; 103}; 104 105zone "optout.nsec3.example" { 106 type master; 107 file "optout.nsec3.example.db.signed"; 108}; 109 110zone "nsec3.nsec3.example" { 111 type master; 112 file "nsec3.nsec3.example.db.signed"; 113}; 114 115zone "secure.nsec3.example" { 116 type master; 117 file "secure.nsec3.example.db.signed"; 118}; 119 120zone "optout.example" { 121 type master; 122 file "optout.example.db.signed"; 123}; 124 125zone "secure.optout.example" { 126 type master; 127 file "secure.optout.example.db.signed"; 128}; 129 130zone "nsec3.optout.example" { 131 type master; 132 file "nsec3.optout.example.db.signed"; 133}; 134 135zone "optout.optout.example" { 136 type master; 137 file "optout.optout.example.db.signed"; 138}; 139 140zone "nsec3-unknown.example" { 141 type master; 142 nsec3-test-zone yes; 143 file "nsec3-unknown.example.db.signed"; 144}; 145 146zone "optout-unknown.example" { 147 type master; 148 nsec3-test-zone yes; 149 file "optout-unknown.example.db.signed"; 150}; 151 152zone "dnskey-unknown.example" { 153 type master; 154 file "dnskey-unknown.example.db.signed"; 155}; 156 157zone "dnskey-nsec3-unknown.example" { 158 type master; 159 nsec3-test-zone yes; 160 file "dnskey-nsec3-unknown.example.db.signed"; 161}; 162 163zone "multiple.example" { 164 type master; 165 file "multiple.example.db.signed"; 166 allow-update { any; }; 167}; 168 169zone "rfc2335.example" { 170 type slave; 171 masters { 10.53.0.2; }; 172 file "rfc2335.example.bk"; 173}; 174 175zone "rsasha256.example" { 176 type master; 177 file "rsasha256.example.db.signed"; 178}; 179 180zone "rsasha512.example" { 181 type master; 182 file "rsasha512.example.db.signed"; 183}; 184 185zone "kskonly.example" { 186 type master; 187 file "kskonly.example.db.signed"; 188}; 189 190zone "expired.example" { 191 type master; 192 allow-update { none; }; 193 file "expired.example.db.signed"; 194}; 195 196zone "update-nsec3.example" { 197 type master; 198 allow-update { any; }; 199 file "update-nsec3.example.db.signed"; 200}; 201 202zone "auto-nsec.example" { 203 type master; 204 auto-dnssec maintain; 205 allow-update { !0.0.0.0; }; 206 file "auto-nsec.example.db.signed"; 207}; 208 209zone "auto-nsec3.example" { 210 type master; 211 auto-dnssec maintain; 212 allow-update { !0.0.0.0; }; 213 file "auto-nsec3.example.db.signed"; 214}; 215 216zone "insecure.below-cname.example" { 217 type master; 218 file "insecure.below-cname.example.db"; 219}; 220 221zone "secure.below-cname.example" { 222 type master; 223 file "secure.below-cname.example.db.signed"; 224}; 225 226zone "ttlpatch.example" { 227 type master; 228 file "ttlpatch.example.db.patched"; 229}; 230 231zone "split-dnssec.example" { 232 type master; 233 file "split-dnssec.example.db"; 234}; 235 236zone "split-smart.example" { 237 type master; 238 file "split-smart.example.db"; 239}; 240 241zone "nsec3chain-test" { 242 type slave; 243 file "nsec3chain-test.bk"; 244 masters { 10.53.0.2; }; 245}; 246 247zone "expiring.example" { 248 type master; 249 allow-update { any; }; 250 file "expiring.example.db.signed"; 251}; 252 253zone "nosign.example" { 254 type master; 255 allow-update { any; }; 256 dnssec-update-mode no-resign; 257 file "nosign.example.db.signed"; 258}; 259 260zone "upper.example" { 261 type master; 262 file "upper.example.db.signed"; 263}; 264 265zone "LOWER.EXAMPLE" { 266 type master; 267 file "lower.example.db.signed"; 268}; 269 270zone "inline.example" { 271 type master; 272 file "inline.example.db"; 273 inline-signing yes; 274 auto-dnssec maintain; 275}; 276 277zone "publish-inactive.example" { 278 type master; 279 file "publish-inactive.example.db"; 280 auto-dnssec maintain; 281 update-policy local; 282}; 283 284zone "future.example" { 285 type master; 286 file "future.example.db.signed"; 287}; 288 289include "siginterval.conf"; 290 291include "trusted.conf"; 292