1/* 2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 3 * 4 * SPDX-License-Identifier: MPL-2.0 5 * 6 * This Source Code Form is subject to the terms of the Mozilla Public 7 * License, v. 2.0. If a copy of the MPL was not distributed with this 8 * file, you can obtain one at https://mozilla.org/MPL/2.0/. 9 * 10 * See the COPYRIGHT file distributed with this work for additional 11 * information regarding copyright ownership. 12 */ 13 14// NS5 15 16key rndc_key { 17 secret "1234abcd8765"; 18 algorithm hmac-sha256; 19}; 20 21controls { 22 inet 10.53.0.5 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; 23}; 24 25key "sha1" { 26 algorithm "hmac-sha1"; 27 secret "FrSt77yPTFx6hTs4i2tKLB9LmE0="; 28}; 29 30key "sha224" { 31 algorithm "hmac-sha224"; 32 secret "hXfwwwiag2QGqblopofai9NuW28q/1rH4CaTnA=="; 33}; 34 35key "sha256" { 36 algorithm "hmac-sha256"; 37 secret "R16NojROxtxH/xbDl//ehDsHm5DjWTQ2YXV+hGC2iBY="; 38}; 39 40dnssec-policy "test" { 41 keys { 42 csk key-directory lifetime 0 algorithm 14; 43 }; 44}; 45 46options { 47 query-source address 10.53.0.5; 48 port @PORT@; 49 pid-file "named.pid"; 50 listen-on { 10.53.0.5; }; 51 listen-on-v6 { none; }; 52 recursion no; 53 dnssec-policy "none"; 54}; 55 56view "inherit" { 57 match-clients { key "sha1"; }; 58 59 /* Inherit dnssec-policy 'none' */ 60 zone "inherit.inherit.unsigned" { 61 type primary; 62 file "inherit.inherit.unsigned.db"; 63 }; 64 65 /* Override dnssec-policy */ 66 zone "override.inherit.unsigned" { 67 type primary; 68 dnssec-policy "default"; 69 file "override.inherit.unsigned.db"; 70 }; 71 72 /* Unset dnssec-policy */ 73 zone "none.inherit.unsigned" { 74 type primary; 75 dnssec-policy "none"; 76 file "none.inherit.unsigned.db"; 77 }; 78}; 79 80view "override" { 81 match-clients { key "sha224"; }; 82 dnssec-policy "default"; 83 84 /* Inherit dnssec-policy 'default' */ 85 zone "inherit.override.unsigned" { 86 type primary; 87 file "inherit.override.unsigned.db"; 88 }; 89 90 /* Override dnssec-policy */ 91 zone "override.override.unsigned" { 92 type primary; 93 dnssec-policy "test"; 94 file "override.override.unsigned.db"; 95 }; 96 97 /* Unset dnssec-policy */ 98 zone "none.override.unsigned" { 99 type primary; 100 dnssec-policy "none"; 101 file "none.override.unsigned.db"; 102 }; 103}; 104 105view "none" { 106 match-clients { key "sha256"; }; 107 dnssec-policy "none"; 108 109 /* Inherit dnssec-policy 'none' */ 110 zone "inherit.none.unsigned" { 111 type primary; 112 file "inherit.none.unsigned.db"; 113 }; 114 115 /* Override dnssec-policy */ 116 zone "override.none.unsigned" { 117 type primary; 118 dnssec-policy "test"; 119 file "override.none.unsigned.db"; 120 }; 121 122 /* Unset dnssec-policy */ 123 zone "none.none.unsigned" { 124 type primary; 125 dnssec-policy "none"; 126 file "none.none.unsigned.db"; 127 }; 128}; 129