1/* 2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 3 * 4 * This Source Code Form is subject to the terms of the Mozilla Public 5 * License, v. 2.0. If a copy of the MPL was not distributed with this 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. 7 * 8 * See the COPYRIGHT file distributed with this work for additional 9 * information regarding copyright ownership. 10 */ 11 12// NS5 13 14key rndc_key { 15 secret "1234abcd8765"; 16 algorithm hmac-sha256; 17}; 18 19controls { 20 inet 10.53.0.5 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; 21}; 22 23key "sha1" { 24 algorithm "hmac-sha1"; 25 secret "FrSt77yPTFx6hTs4i2tKLB9LmE0="; 26}; 27 28key "sha224" { 29 algorithm "hmac-sha224"; 30 secret "hXfwwwiag2QGqblopofai9NuW28q/1rH4CaTnA=="; 31}; 32 33key "sha256" { 34 algorithm "hmac-sha256"; 35 secret "R16NojROxtxH/xbDl//ehDsHm5DjWTQ2YXV+hGC2iBY="; 36}; 37 38dnssec-policy "test" { 39 keys { 40 csk key-directory lifetime 0 algorithm 14; 41 }; 42}; 43 44options { 45 query-source address 10.53.0.5; 46 port @PORT@; 47 pid-file "named.pid"; 48 listen-on { 10.53.0.5; }; 49 listen-on-v6 { none; }; 50 recursion no; 51 dnssec-policy "none"; 52}; 53 54view "inherit" { 55 match-clients { key "sha1"; }; 56 57 /* Inherit dnssec-policy 'none' */ 58 zone "inherit.inherit.unsigned" { 59 type master; 60 file "inherit.inherit.unsigned.db"; 61 }; 62 63 /* Override dnssec-policy */ 64 zone "override.inherit.unsigned" { 65 type master; 66 dnssec-policy "default"; 67 file "override.inherit.unsigned.db"; 68 }; 69 70 /* Unset dnssec-policy */ 71 zone "none.inherit.unsigned" { 72 type master; 73 dnssec-policy "none"; 74 file "none.inherit.unsigned.db"; 75 }; 76}; 77 78view "override" { 79 match-clients { key "sha224"; }; 80 dnssec-policy "default"; 81 82 /* Inherit dnssec-policy 'default' */ 83 zone "inherit.override.unsigned" { 84 type master; 85 file "inherit.override.unsigned.db"; 86 }; 87 88 /* Override dnssec-policy */ 89 zone "override.override.unsigned" { 90 type master; 91 dnssec-policy "test"; 92 file "override.override.unsigned.db"; 93 }; 94 95 /* Unset dnssec-policy */ 96 zone "none.override.unsigned" { 97 type master; 98 dnssec-policy "none"; 99 file "none.override.unsigned.db"; 100 }; 101}; 102 103view "none" { 104 match-clients { key "sha256"; }; 105 dnssec-policy "none"; 106 107 /* Inherit dnssec-policy 'none' */ 108 zone "inherit.none.unsigned" { 109 type master; 110 file "inherit.none.unsigned.db"; 111 }; 112 113 /* Override dnssec-policy */ 114 zone "override.none.unsigned" { 115 type master; 116 dnssec-policy "test"; 117 file "override.none.unsigned.db"; 118 }; 119 120 /* Unset dnssec-policy */ 121 zone "none.none.unsigned" { 122 type master; 123 dnssec-policy "none"; 124 file "none.none.unsigned.db"; 125 }; 126}; 127