summaryrefslogtreecommitdiffstats
path: root/bin/tests/named.conf
diff options
context:
space:
mode:
Diffstat (limited to 'bin/tests/named.conf')
-rw-r--r--bin/tests/named.conf619
1 files changed, 619 insertions, 0 deletions
diff --git a/bin/tests/named.conf b/bin/tests/named.conf
new file mode 100644
index 0000000..e251e71
--- /dev/null
+++ b/bin/tests/named.conf
@@ -0,0 +1,619 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+/*
+ * This is a worthless, nonrunnable example of a named.conf file that has
+ * every conceivable syntax element in use. We use it to test the parser.
+ * It could also be used as a conceptual template for users of new features.
+ */
+
+/*
+ * C-style comments are OK
+ */
+
+// So are C++-style comments
+
+# So are shell-style comments
+
+// watch out for ";" -- it's important!
+
+options {
+ additional-from-auth true;
+ additional-from-cache false;
+
+ version "my version string";
+ random-device "/dev/random";
+ directory "/tmp";
+
+ port 666;
+
+ sig-validity-interval 33;
+
+# Obsolete
+ named-xfer "/usr/libexec/named-xfer"; // _PATH_XFER
+
+ dump-file "named_dump.db"; // _PATH_DUMPFILE
+ pid-file "/var/run/named.pid"; // _PATH_PIDFILE
+ statistics-file "named.stats"; // _PATH_STATS
+ memstatistics-file "named.memstats"; // _PATH_MEMSTATS
+
+ max-cache-ttl 999;
+ min-cache-ttl 66;
+ auth-nxdomain yes; // always set AA on NXDOMAIN.
+ // don't set this to 'no' unless
+ // you know what you're doing -- older
+ // servers won't like it.
+
+# Obsolete
+ deallocate-on-exit no;
+
+ dialup yes;
+
+# Obsolete
+ fake-iquery no;
+
+ fetch-glue yes;
+ has-old-clients yes;
+ host-statistics no;
+
+# Obsolete
+ multiple-cnames no; // if yes, then a name my have more
+ // than one CNAME RR. This use
+ // is non-standard and is not
+ // recommended, but it is available
+ // because previous releases supported
+ // it and it was used by large sites
+ // for load balancing.
+
+ notify yes; // send NOTIFY messages. You can set
+ // notify on a zone-by-zone
+ // basis in the "zone" statement
+ // see (below)
+ recursion yes;
+ rfc2308-type1 no;
+
+# Obsolete
+ use-id-pool yes;
+
+# Obsolete
+ treat-cr-as-space yes;
+
+ also-notify { 10.0.2.3; };
+
+ // The "forward" option is only meaningful if you've defined
+ // forwarders. "first" gives the normal BIND
+ // forwarding behavior, i.e. ask the forwarders first, and if that
+ // doesn't work then do the full lookup. You can also say
+ // "forward only;" which is what used to be specified with
+ // "slave" or "options forward-only". "only" will never attempt
+ // a full lookup; only the forwarders will be used.
+ forward first;
+ forwarders {
+ 1.2.3.4;
+ 5.6.7.8;
+ };
+
+ check-names master fail;
+ check-names slave warn;
+ check-names response ignore;
+
+ allow-query { any; };
+ allow-transfer { any; };
+ allow-recursion { !any; };
+ blackhole { 45/24; };
+ keep-response-order { 46/24; };
+
+ listen-on {
+ 10/24;
+ 10.0.0.3;
+ };
+
+ listen-on port 53 { any; };
+
+ listen-on { 5.6.7.8; };
+
+ listen-on port 1234 {
+ !1.2.3.4;
+ 1.2.3/24;
+ };
+
+ listen-on-v6 {
+ 1:1:1:1:1:1:1:1;
+ };
+
+ listen-on-v6 port 777 {
+ 2:2:2:2:2:2:2:2;
+ };
+
+ query-source-v6 address 8:7:6:5:4:3:2:1 port *;
+ query-source port * address 10.0.0.54 ;
+
+ lame-ttl 444;
+
+ max-transfer-time-in 300;
+ max-transfer-time-out 10;
+ max-transfer-idle-in 100;
+ max-transfer-idle-out 11;
+
+ max-retry-time 1234;
+ min-retry-time 1111;
+ max-refresh-time 888;
+ min-refresh-time 777;
+
+ max-ncache-ttl 333;
+ min-ncache-ttl 22;
+ min-roots 15;
+ serial-queries 34;
+
+ transfer-format one-answer;
+
+ transfers-in 10;
+ transfers-per-ns 2;
+ transfers-out 0;
+
+ transfer-source 10.0.0.5;
+ transfer-source-v6 4:3:2:1:5:6:7:8;
+
+ request-ixfr yes;
+ provide-ixfr yes;
+
+# Now called 'provide-ixfr'
+# maintain-ixfr-base no; // If yes, keep transaction log file for IXFR
+
+ max-ixfr-log-size 20m;
+ coresize 100;
+ datasize 101;
+ files 230;
+ max-cache-size 1m;
+ stacksize 231;
+ heartbeat-interval 1001;
+ interface-interval 1002;
+ statistics-interval 1003;
+
+ topology {
+ 10/8;
+
+ !1.2.3/24;
+
+ { 1.2/16; 3/8; };
+
+
+ };
+
+ sortlist { 10/8; 11/8; };
+
+ tkey-domain "foo.com";
+ tkey-dhkey "xyz" 666 ;
+
+ rrset-order {
+ class IN type A name "foo" order random;
+ order cyclic;
+ };
+};
+
+/*
+ * Control listeners, for "ndc". Every nameserver needs at least one.
+ */
+controls {
+ // 'inet' lines without a 'port' defaults to 'port 953'
+ // 'keys' must be used and the list must have at least one entry
+ inet * port 52 allow { any; } keys { "key2"; };
+ unix "/var/run/ndc" perm 0600 owner 0 group 0; // ignored by named.
+ inet 10.0.0.1 allow { any; key foo; } keys { "key4";};
+ inet 10.0.0.2 allow { none; } keys { "key-1"; "key-2"; };
+ inet 10.0.0.2 allow { none; };
+};
+
+zone "master.demo.zone" {
+ type master; // what used to be called "primary"
+ database "somedb -option1 -option2 arg1 arg2 arg3";
+ file "master.demo.zone";
+ check-names fail;
+ allow-update { none; };
+ allow-update-forwarding { 10.0.0.5; !any; };
+ allow-transfer { any; };
+ allow-query { any; };
+ sig-validity-interval 990;
+ notify explicit;
+ also-notify { 1.0.0.1; }; // don't notify any nameservers other
+ // than those on the NS list for this
+ // zone
+ forward first;
+ forwarders { 10.0.0.3; 1:2:3:4:5:6:7:8; };
+};
+
+zone "slave.demo.zone" {
+ type slave; // what used to be called "secondary"
+ file "slave.demo.zone";
+ ixfr-base "slave.demo.zone.ixfr"; // File name for IXFR transaction log file
+ masters {
+ 1.2.3.4 port 10 key "foo"; // where to zone transfer from
+ 5.6.7.8;
+ 6.7.8.9 key "zippo";
+ };
+ transfer-source 10.0.0.53; // fixes multihoming problems
+ check-names warn;
+ allow-update { none; };
+ allow-transfer { any; };
+ allow-update-forwarding { any; };
+ allow-query { any; };
+ max-transfer-time-in 120; // if not set, global option is used.
+ max-transfer-time-out 1; // if not set, global option is used.
+ max-transfer-idle-in 2; // if not set, global option is used.
+ max-transfer-idle-out 3; // if not set, global option is used.
+ also-notify { 1.0.0.2; };
+ forward only;
+ forwarders { 10.45.45.45; 10.0.0.3; 1:2:3:4:5:6:7:8; };
+};
+
+key "non-viewkey" { secret "YWFh" ; algorithm "zzz" ; };
+
+view "test-view" in {
+ key "viewkey" { algorithm "xxx" ; secret "eXl5" ; };
+ also-notify { 10.2.2.3; };
+ managed-keys {
+ foo.com. static 4 3 2 "abdefghijklmnopqrstuvwxyz";
+ };
+ sig-validity-interval 45;
+ max-cache-size 100000;
+ allow-query { 10.0.0.30;};
+ additional-from-cache false;
+ additional-from-auth no;
+ match-clients { 10.0.0.1 ; };
+ check-names master warn;
+ check-names slave ignore;
+ check-names response fail;
+ auth-nxdomain false;
+ recursion true;
+ provide-ixfr false;
+ request-ixfr true;
+ fetch-glue true;
+ notify false;
+ rfc2308-type1 false;
+ transfer-source 10.0.0.55;
+ transfer-source-v6 4:3:8:1:5:6:7:8;
+ query-source port * address 10.0.0.54 ;
+ query-source-v6 address 6:6:6:6:6:6:6:6 port *;
+ max-transfer-time-out 45;
+ max-transfer-idle-out 55;
+ min-roots 3;
+ lame-ttl 477;
+ max-ncache-ttl 333;
+ max-cache-ttl 777;
+ transfer-format many-answers;
+ max-retry-time 7;
+ min-retry-time 4;
+ max-refresh-time 999;
+ min-refresh-time 111;
+
+ zone "view-zone.com" {
+ type master;
+ allow-update-forwarding { 10.0.0.34;};
+ file "view-zone-master";
+ };
+
+ server 5.6.7.8 {
+ keys "viewkey";
+ };
+
+ server 10.9.8.7 {
+ keys "non-viewkey";
+ };
+ dialup yes;
+};
+
+
+zone "stub.demo.zone" {
+ type stub; // stub zones are like slave zones,
+ // except that only the NS records
+ // are transferred.
+ dialup yes;
+ file "stub.demo.zone";
+ masters {
+ 1.2.3.4 ; // where to zone transfer from
+ 5.6.7.8 port 999;
+ };
+ check-names warn;
+ allow-update { none; };
+ allow-transfer { any; };
+ allow-query { any; };
+
+ max-retry-time 10;
+ min-retry-time 11;
+ max-refresh-time 12;
+ min-refresh-time 13;
+
+ max-transfer-time-in 120; // if not set, global option is used.
+ pubkey 257 255 1 "a useless key";
+ pubkey 257 255 1 "another useless key";
+};
+
+zone "." {
+ type hint; // used to be specified w/ "cache"
+ file "cache.db";
+// pubkey 257 255 1 "AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP/rick6gvEer5VcDEkLR5Q==";
+};
+
+managed-keys {
+ "." static 257 255 1 "AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP/rick6gvEer5VcDEkLR5Q==";
+};
+
+
+acl can_query { !1.2.3/24; any; }; // network 1.2.3.0 mask 255.255.255.0
+ // is disallowed; rest are OK
+acl can_axfr { 1.2.3.4; can_query; }; // host 1.2.3.4 and any host allowed
+ // by can_query are OK
+
+zone "disabled-zone.com" {
+ type master;
+ file "bar";
+
+ max-retry-time 100;
+ min-retry-time 110;
+ max-refresh-time 120;
+ min-refresh-time 130;
+};
+
+zone "non-default-acl.demo.zone" {
+ type master;
+ file "foo";
+ allow-query { can_query; };
+ allow-transfer { can_axfr; };
+ allow-update {
+ 1.2.3.4;
+ 5.6.7.8;
+ };
+ pubkey 666 665 664 "key of the beast";
+ // Errors trapped by parser:
+ // identity or name not absolute
+ // 'wildcard' match type and no wildcard character in name
+ //
+ // issues:
+ // - certain rdatatype values (such as "key") are config file keywords and
+ // must be quoted or a syntax error will occur.
+ //
+
+ update-policy {
+ grant root.domain. subdomain host.domain. A MX CNAME;
+ grant sub.root.domain. wildcard *.host.domain. A;
+ grant root.domain. name host.domain. a ns md mf cname soa mb mg
+ mr "null" wks ptr hinfo minfo mx txt rp afsdb x25
+ isdn rt nsap sig "key" px gpos aaaa loc nxt srv naptr kx
+ cert a6 dname opt unspec uri tkey tsig ;
+ grant foo.bar.com. self foo.bar.com. a;
+ };
+};
+
+key sample_key { // for TSIG; supported by parser
+ algorithm hmac-md5; // but not yet implemented in the
+ secret "eW91ciBzZWNyZXQgaGVyZQ=="; // rest of the server
+};
+
+key key2 {
+ algorithm hmac-md5;
+ secret "ZXJlaCB0ZXJjZXMgcm91eQ==";
+};
+
+acl key_acl { key sample_key; }; // a request signed with sample_key
+
+server 1.2.3.4 {
+ request-ixfr no;
+ provide-ixfr no;
+ bogus no; // if yes, we won't query or listen
+ // to this server
+ transfer-format one-answer; // set transfer format for this
+ // server (see the description of
+ // 'transfer-format' above)
+ // if not specified, the global option
+ // will be used
+ transfers 0; // not implemented
+ keys { "sample_key" }; // for TSIG; supported by the parser
+ // but not yet implemented in the
+ // rest of the server
+# Now called 'request-ixfr'
+# support-ixfr yes; // for IXFR supported by server
+ // if yes, the listed server talks IXFR
+};
+
+logging {
+ /*
+ * All log output goes to one or more "channels"; you can make as
+ * many of them as you want.
+ */
+
+ channel syslog_errors { // this channel will send errors or
+ syslog user; // or worse to syslog (user facility)
+ severity error;
+ };
+
+ channel stderr_errors {
+ stderr;
+ };
+
+ /*
+ * Channels have a severity level. Messages at severity levels
+ * greater than or equal to the channel's level will be logged on
+ * the channel. In order of decreasing severity, the levels are:
+ *
+ * critical a fatal error
+ * error
+ * warning
+ * notice a normal, but significant event
+ * info an informational message
+ * debug 1 the least detailed debugging info
+ * ...
+ * debug 99 the most detailed debugging info
+ */
+
+ /*
+ * Here are the built-in channels:
+ *
+ * channel default_syslog {
+ * syslog daemon;
+ * severity info;
+ * };
+ *
+ * channel default_debug {
+ * file "named.run"; // note: stderr is used instead
+ * // of "named.run" if the server
+ * // is started with the "-f"
+ * // option.
+ * severity dynamic; // this means log debugging
+ * // at whatever debugging level
+ * // the server is at, and don't
+ * // log anything if not
+ * // debugging.
+ * };
+ *
+ * channel null { // this is the bit bucket;
+ * file "/dev/null"; // any logging to this channel
+ * // is discarded.
+ * };
+ *
+ * channel default_stderr { // writes to stderr
+ * file "<stderr>"; // this is illustrative only;
+ * // there's currently no way
+ * // of saying "stderr" in the
+ * // configuration language.
+ * // i.e. don't try this at home.
+ * severity info;
+ * };
+ *
+ * default_stderr only works before the server daemonizes (i.e.
+ * during initial startup) or when it is running in foreground
+ * mode (-f command line option).
+ */
+
+ /*
+ * There are many categories, so you can send the logs
+ * you want to see wherever you want, without seeing logs you
+ * don't want. Right now the categories are
+ *
+ * default the catch-all. many things still
+ * aren't classified into categories, and
+ * they all end up here. also, if you
+ * don't specify any channels for a
+ * category, the default category is used
+ * instead.
+ * config high-level configuration file
+ * processing
+ * parser low-level configuration file processing
+ * queries what used to be called "query logging"
+ * lame-servers messages like "Lame server on ..."
+ * statistics
+ * panic if the server has to shut itself
+ * down due to an internal problem, it
+ * logs the problem here (as well as
+ * in the problem's native category)
+ * update dynamic update
+ * ncache negative caching
+ * xfer-in zone transfers we're receiving
+ * xfer-out zone transfers we're sending
+ * db all database operations
+ * eventlib debugging info from the event system
+ * (see below)
+ * packet dumps of packets received and sent
+ * (see below)
+ * notify the NOTIFY protocol
+ * cname messages like "XX points to a CNAME"
+ * security approved/unapproved requests
+ * os operating system problems
+ * insist consistency check failures
+ * maintenance periodic maintenance
+ * load zone loading
+ * response-checks messages like
+ * "Malformed response ..."
+ * "wrong ans. name ..."
+ * "unrelated additional info ..."
+ * "invalid RR type ..."
+ * "bad referral ..."
+ */
+
+ category parser {
+ syslog_errors; // you can log to as many channels
+ default_syslog; // as you want
+ };
+
+ category lame-servers { null; }; // don't log these at all
+
+ channel moderate_debug {
+ file "foo"; // foo
+ severity debug 3; // level 3 debugging to file
+ print-time yes; // timestamp log entries
+ print-category yes; // print category name
+ print-severity yes; // print severity level
+ /*
+ * Note that debugging must have been turned on either
+ * on the command line or with a signal to get debugging
+ * output (non-debugging output will still be written to
+ * this channel).
+ */
+ };
+
+ channel another {
+ file "bar" versions 99 size 10M;
+ severity info;
+ };
+
+ channel third {
+ file "bar" size 100000 versions unlimited;
+ severity debug; // use default debug level
+ };
+
+ /*
+ * If you don't want to see "zone XXXX loaded" messages but do
+ * want to see any problems, you could do the following.
+ */
+ channel no_info_messages {
+ syslog;
+ severity notice;
+ };
+
+ category load { no_info_messages; };
+
+ /*
+ * You can also define category "default"; it gets used when no
+ * "category" statement has been given for a category.
+ */
+ category default {
+ default_syslog;
+ moderate_debug;
+ };
+
+ /*
+ * If you don't define category default yourself, the default
+ * default category will be used. It is
+ *
+ * category default { default_syslog; default_debug; };
+ */
+
+ /*
+ * If you don't define category panic yourself, the default
+ * panic category will be used. It is
+ *
+ * category panic { default_syslog; default_stderr; };
+ */
+
+ /*
+ * Two categories, 'packet' and 'eventlib', are special. Only one
+ * channel may be assigned to each of them, and it must be a
+ * file channel. If you don't define them yourself, they default to
+ *
+ * category eventlib { default_debug; };
+ *
+ * category packet { default_debug; };
+ */
+};
+
+#include "filename"; // can't do within a statement
+