1/*
2 * Copyright (C) 2011-2013  Internet Systems Consortium, Inc. ("ISC")
3 *
4 * Permission to use, copy, modify, and/or distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
10 * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
11 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
12 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
13 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
14 * PERFORMANCE OF THIS SOFTWARE.
15 */
16
17/* Id */
18
19
20
21/*
22 * Main rpz test DNS server.
23 */
24
25options {
26	query-source address 10.53.0.3;
27	notify-source 10.53.0.3;
28	transfer-source 10.53.0.3;
29	port 5300;
30	pid-file "named.pid";
31	statistics-file	"named.stats";
32	session-keyfile "session.key";
33	listen-on { 10.53.0.3; };
34	listen-on-v6 { none; };
35	notify no;
36
37	response-policy {
38	    zone "bl"					max-policy-ttl 100;
39	    zone "bl-2";
40	    zone "bl-given"	policy given		recursive-only yes;
41	    zone "bl-passthru"	policy passthru;
42	    zone "bl-no-op"	policy no-op;		# obsolete for passthru
43	    zone "bl-disabled"	policy disabled;
44	    zone "bl-nodata"	policy nodata		recursive-only no;
45	    zone "bl-nxdomain"	policy nxdomain;
46	    zone "bl-cname"	policy cname txt-only.tld2.;
47	    zone "bl-wildcname"	policy cname *.tld4.;
48	    zone "bl-garden"	policy cname a12.tld2.;
49	    zone "bl-drop"	policy drop;
50	    zone "bl-tcp-only"	policy tcp-only;
51	    zone "bl.tld2";
52	}
53	min-ns-dots 0
54	qname-wait-recurse yes
55	;
56};
57
58key rndc_key {
59	secret "1234abcd8765";
60	algorithm hmac-sha256;
61};
62controls {
63	inet 10.53.0.3 port 9953 allow { any; } keys { rndc_key; };
64};
65
66
67zone "." { type hint; file "hints"; };
68
69zone "bl."		{type master; file "bl.db";
70				allow-update {any;};};
71zone "bl-2."		{type master; file "bl-2.db";
72				allow-update {any;};};
73zone "bl-given."	{type master; file "bl-given.db";
74				allow-update {any;};};
75zone "bl-passthru."	{type master; file "bl-passthru.db";
76				allow-update {any;};};
77zone "bl-no-op."	{type master; file "bl-no-op.db";
78				allow-update {any;};};
79zone "bl-disabled."	{type master; file "bl-disabled.db";
80				allow-update {any;};};
81zone "bl-nodata."	{type master; file "bl-nodata.db";
82				allow-update {any;};};
83zone "bl-nxdomain."	{type master; file "bl-nxdomain.db";
84				allow-update {any;};};
85zone "bl-cname."	{type master; file "bl-cname.db";
86				allow-update {any;};};
87zone "bl-wildcname."	{type master; file "bl-wildcname.db";
88				allow-update {any;};};
89zone "bl-garden."	{type master; file "bl-garden.db";
90				allow-update {any;};};
91zone "bl-drop."		{type master; file "bl-drop.db";
92				allow-update {any;};};
93zone "bl-tcp-only."	{type master; file "bl-tcp-only.db";
94				allow-update {any;};};
95
96zone "bl.tld2."		{type slave; file "bl.tld2.db"; masters {10.53.0.2;};
97				request-ixfr no; masterfile-format text;};
98
99zone "crash1.tld2"	{type master; file "crash1";};
100zone "crash2.tld3."	{type master; file "crash2";};
101