1/* 2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 3 * 4 * SPDX-License-Identifier: MPL-2.0 5 * 6 * This Source Code Form is subject to the terms of the Mozilla Public 7 * License, v. 2.0. If a copy of the MPL was not distributed with this 8 * file, you can obtain one at https://mozilla.org/MPL/2.0/. 9 * 10 * See the COPYRIGHT file distributed with this work for additional 11 * information regarding copyright ownership. 12 */ 13 14// NS3 15 16options { 17 query-source address 10.53.0.3; 18 notify-source 10.53.0.3; 19 transfer-source 10.53.0.3; 20 port @PORT@; 21 pid-file "named.pid"; 22 listen-on { 10.53.0.3; }; 23 listen-on-v6 { none; }; 24 allow-transfer { any; }; 25 recursion no; 26 key-directory "."; 27}; 28 29key rndc_key { 30 secret "1234abcd8765"; 31 algorithm hmac-sha256; 32}; 33 34controls { 35 inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; 36}; 37 38/* These are zones that migrate to dnssec-policy. */ 39zone "migrate.kasp" { 40 type primary; 41 file "migrate.kasp.db"; 42 auto-dnssec maintain; 43 allow-update { any; }; 44 dnssec-dnskey-kskonly yes; 45 update-check-ksk yes; 46}; 47 48zone "csk.kasp" { 49 type primary; 50 file "csk.kasp.db"; 51 auto-dnssec maintain; 52 allow-update { any; }; 53 dnssec-dnskey-kskonly no; 54}; 55 56zone "csk-nosep.kasp" { 57 type primary; 58 file "csk-nosep.kasp.db"; 59 auto-dnssec maintain; 60 allow-update { any; }; 61 dnssec-dnskey-kskonly no; 62}; 63 64zone "rumoured.kasp" { 65 type primary; 66 file "rumoured.kasp.db"; 67 auto-dnssec maintain; 68 allow-update { any; }; 69 dnssec-dnskey-kskonly yes; 70 update-check-ksk yes; 71}; 72 73zone "omnipresent.kasp" { 74 type primary; 75 file "omnipresent.kasp.db"; 76 auto-dnssec maintain; 77 allow-update { any; }; 78 dnssec-dnskey-kskonly yes; 79 update-check-ksk yes; 80}; 81 82zone "migrate-nomatch-algnum.kasp" { 83 type primary; 84 file "migrate-nomatch-algnum.kasp.db"; 85 auto-dnssec maintain; 86 allow-update { any; }; 87 dnssec-dnskey-kskonly yes; 88 update-check-ksk yes; 89}; 90 91zone "migrate-nomatch-alglen.kasp" { 92 type primary; 93 file "migrate-nomatch-alglen.kasp.db"; 94 auto-dnssec maintain; 95 allow-update { any; }; 96 dnssec-dnskey-kskonly yes; 97 update-check-ksk yes; 98}; 99