diff options
Diffstat (limited to 'bin/tests/named.conf')
-rw-r--r-- | bin/tests/named.conf | 619 |
1 files changed, 619 insertions, 0 deletions
diff --git a/bin/tests/named.conf b/bin/tests/named.conf new file mode 100644 index 0000000..e251e71 --- /dev/null +++ b/bin/tests/named.conf @@ -0,0 +1,619 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +/* + * This is a worthless, nonrunnable example of a named.conf file that has + * every conceivable syntax element in use. We use it to test the parser. + * It could also be used as a conceptual template for users of new features. + */ + +/* + * C-style comments are OK + */ + +// So are C++-style comments + +# So are shell-style comments + +// watch out for ";" -- it's important! + +options { + additional-from-auth true; + additional-from-cache false; + + version "my version string"; + random-device "/dev/random"; + directory "/tmp"; + + port 666; + + sig-validity-interval 33; + +# Obsolete + named-xfer "/usr/libexec/named-xfer"; // _PATH_XFER + + dump-file "named_dump.db"; // _PATH_DUMPFILE + pid-file "/var/run/named.pid"; // _PATH_PIDFILE + statistics-file "named.stats"; // _PATH_STATS + memstatistics-file "named.memstats"; // _PATH_MEMSTATS + + max-cache-ttl 999; + min-cache-ttl 66; + auth-nxdomain yes; // always set AA on NXDOMAIN. + // don't set this to 'no' unless + // you know what you're doing -- older + // servers won't like it. + +# Obsolete + deallocate-on-exit no; + + dialup yes; + +# Obsolete + fake-iquery no; + + fetch-glue yes; + has-old-clients yes; + host-statistics no; + +# Obsolete + multiple-cnames no; // if yes, then a name my have more + // than one CNAME RR. This use + // is non-standard and is not + // recommended, but it is available + // because previous releases supported + // it and it was used by large sites + // for load balancing. + + notify yes; // send NOTIFY messages. You can set + // notify on a zone-by-zone + // basis in the "zone" statement + // see (below) + recursion yes; + rfc2308-type1 no; + +# Obsolete + use-id-pool yes; + +# Obsolete + treat-cr-as-space yes; + + also-notify { 10.0.2.3; }; + + // The "forward" option is only meaningful if you've defined + // forwarders. "first" gives the normal BIND + // forwarding behavior, i.e. ask the forwarders first, and if that + // doesn't work then do the full lookup. You can also say + // "forward only;" which is what used to be specified with + // "slave" or "options forward-only". "only" will never attempt + // a full lookup; only the forwarders will be used. + forward first; + forwarders { + 1.2.3.4; + 5.6.7.8; + }; + + check-names master fail; + check-names slave warn; + check-names response ignore; + + allow-query { any; }; + allow-transfer { any; }; + allow-recursion { !any; }; + blackhole { 45/24; }; + keep-response-order { 46/24; }; + + listen-on { + 10/24; + 10.0.0.3; + }; + + listen-on port 53 { any; }; + + listen-on { 5.6.7.8; }; + + listen-on port 1234 { + !1.2.3.4; + 1.2.3/24; + }; + + listen-on-v6 { + 1:1:1:1:1:1:1:1; + }; + + listen-on-v6 port 777 { + 2:2:2:2:2:2:2:2; + }; + + query-source-v6 address 8:7:6:5:4:3:2:1 port *; + query-source port * address 10.0.0.54 ; + + lame-ttl 444; + + max-transfer-time-in 300; + max-transfer-time-out 10; + max-transfer-idle-in 100; + max-transfer-idle-out 11; + + max-retry-time 1234; + min-retry-time 1111; + max-refresh-time 888; + min-refresh-time 777; + + max-ncache-ttl 333; + min-ncache-ttl 22; + min-roots 15; + serial-queries 34; + + transfer-format one-answer; + + transfers-in 10; + transfers-per-ns 2; + transfers-out 0; + + transfer-source 10.0.0.5; + transfer-source-v6 4:3:2:1:5:6:7:8; + + request-ixfr yes; + provide-ixfr yes; + +# Now called 'provide-ixfr' +# maintain-ixfr-base no; // If yes, keep transaction log file for IXFR + + max-ixfr-log-size 20m; + coresize 100; + datasize 101; + files 230; + max-cache-size 1m; + stacksize 231; + heartbeat-interval 1001; + interface-interval 1002; + statistics-interval 1003; + + topology { + 10/8; + + !1.2.3/24; + + { 1.2/16; 3/8; }; + + + }; + + sortlist { 10/8; 11/8; }; + + tkey-domain "foo.com"; + tkey-dhkey "xyz" 666 ; + + rrset-order { + class IN type A name "foo" order random; + order cyclic; + }; +}; + +/* + * Control listeners, for "ndc". Every nameserver needs at least one. + */ +controls { + // 'inet' lines without a 'port' defaults to 'port 953' + // 'keys' must be used and the list must have at least one entry + inet * port 52 allow { any; } keys { "key2"; }; + unix "/var/run/ndc" perm 0600 owner 0 group 0; // ignored by named. + inet 10.0.0.1 allow { any; key foo; } keys { "key4";}; + inet 10.0.0.2 allow { none; } keys { "key-1"; "key-2"; }; + inet 10.0.0.2 allow { none; }; +}; + +zone "master.demo.zone" { + type master; // what used to be called "primary" + database "somedb -option1 -option2 arg1 arg2 arg3"; + file "master.demo.zone"; + check-names fail; + allow-update { none; }; + allow-update-forwarding { 10.0.0.5; !any; }; + allow-transfer { any; }; + allow-query { any; }; + sig-validity-interval 990; + notify explicit; + also-notify { 1.0.0.1; }; // don't notify any nameservers other + // than those on the NS list for this + // zone + forward first; + forwarders { 10.0.0.3; 1:2:3:4:5:6:7:8; }; +}; + +zone "slave.demo.zone" { + type slave; // what used to be called "secondary" + file "slave.demo.zone"; + ixfr-base "slave.demo.zone.ixfr"; // File name for IXFR transaction log file + masters { + 1.2.3.4 port 10 key "foo"; // where to zone transfer from + 5.6.7.8; + 6.7.8.9 key "zippo"; + }; + transfer-source 10.0.0.53; // fixes multihoming problems + check-names warn; + allow-update { none; }; + allow-transfer { any; }; + allow-update-forwarding { any; }; + allow-query { any; }; + max-transfer-time-in 120; // if not set, global option is used. + max-transfer-time-out 1; // if not set, global option is used. + max-transfer-idle-in 2; // if not set, global option is used. + max-transfer-idle-out 3; // if not set, global option is used. + also-notify { 1.0.0.2; }; + forward only; + forwarders { 10.45.45.45; 10.0.0.3; 1:2:3:4:5:6:7:8; }; +}; + +key "non-viewkey" { secret "YWFh" ; algorithm "zzz" ; }; + +view "test-view" in { + key "viewkey" { algorithm "xxx" ; secret "eXl5" ; }; + also-notify { 10.2.2.3; }; + managed-keys { + foo.com. static 4 3 2 "abdefghijklmnopqrstuvwxyz"; + }; + sig-validity-interval 45; + max-cache-size 100000; + allow-query { 10.0.0.30;}; + additional-from-cache false; + additional-from-auth no; + match-clients { 10.0.0.1 ; }; + check-names master warn; + check-names slave ignore; + check-names response fail; + auth-nxdomain false; + recursion true; + provide-ixfr false; + request-ixfr true; + fetch-glue true; + notify false; + rfc2308-type1 false; + transfer-source 10.0.0.55; + transfer-source-v6 4:3:8:1:5:6:7:8; + query-source port * address 10.0.0.54 ; + query-source-v6 address 6:6:6:6:6:6:6:6 port *; + max-transfer-time-out 45; + max-transfer-idle-out 55; + min-roots 3; + lame-ttl 477; + max-ncache-ttl 333; + max-cache-ttl 777; + transfer-format many-answers; + max-retry-time 7; + min-retry-time 4; + max-refresh-time 999; + min-refresh-time 111; + + zone "view-zone.com" { + type master; + allow-update-forwarding { 10.0.0.34;}; + file "view-zone-master"; + }; + + server 5.6.7.8 { + keys "viewkey"; + }; + + server 10.9.8.7 { + keys "non-viewkey"; + }; + dialup yes; +}; + + +zone "stub.demo.zone" { + type stub; // stub zones are like slave zones, + // except that only the NS records + // are transferred. + dialup yes; + file "stub.demo.zone"; + masters { + 1.2.3.4 ; // where to zone transfer from + 5.6.7.8 port 999; + }; + check-names warn; + allow-update { none; }; + allow-transfer { any; }; + allow-query { any; }; + + max-retry-time 10; + min-retry-time 11; + max-refresh-time 12; + min-refresh-time 13; + + max-transfer-time-in 120; // if not set, global option is used. + pubkey 257 255 1 "a useless key"; + pubkey 257 255 1 "another useless key"; +}; + +zone "." { + type hint; // used to be specified w/ "cache" + file "cache.db"; +// pubkey 257 255 1 "AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP/rick6gvEer5VcDEkLR5Q=="; +}; + +managed-keys { + "." static 257 255 1 "AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP/rick6gvEer5VcDEkLR5Q=="; +}; + + +acl can_query { !1.2.3/24; any; }; // network 1.2.3.0 mask 255.255.255.0 + // is disallowed; rest are OK +acl can_axfr { 1.2.3.4; can_query; }; // host 1.2.3.4 and any host allowed + // by can_query are OK + +zone "disabled-zone.com" { + type master; + file "bar"; + + max-retry-time 100; + min-retry-time 110; + max-refresh-time 120; + min-refresh-time 130; +}; + +zone "non-default-acl.demo.zone" { + type master; + file "foo"; + allow-query { can_query; }; + allow-transfer { can_axfr; }; + allow-update { + 1.2.3.4; + 5.6.7.8; + }; + pubkey 666 665 664 "key of the beast"; + // Errors trapped by parser: + // identity or name not absolute + // 'wildcard' match type and no wildcard character in name + // + // issues: + // - certain rdatatype values (such as "key") are config file keywords and + // must be quoted or a syntax error will occur. + // + + update-policy { + grant root.domain. subdomain host.domain. A MX CNAME; + grant sub.root.domain. wildcard *.host.domain. A; + grant root.domain. name host.domain. a ns md mf cname soa mb mg + mr "null" wks ptr hinfo minfo mx txt rp afsdb x25 + isdn rt nsap sig "key" px gpos aaaa loc nxt srv naptr kx + cert a6 dname opt unspec uri tkey tsig ; + grant foo.bar.com. self foo.bar.com. a; + }; +}; + +key sample_key { // for TSIG; supported by parser + algorithm hmac-md5; // but not yet implemented in the + secret "eW91ciBzZWNyZXQgaGVyZQ=="; // rest of the server +}; + +key key2 { + algorithm hmac-md5; + secret "ZXJlaCB0ZXJjZXMgcm91eQ=="; +}; + +acl key_acl { key sample_key; }; // a request signed with sample_key + +server 1.2.3.4 { + request-ixfr no; + provide-ixfr no; + bogus no; // if yes, we won't query or listen + // to this server + transfer-format one-answer; // set transfer format for this + // server (see the description of + // 'transfer-format' above) + // if not specified, the global option + // will be used + transfers 0; // not implemented + keys { "sample_key" }; // for TSIG; supported by the parser + // but not yet implemented in the + // rest of the server +# Now called 'request-ixfr' +# support-ixfr yes; // for IXFR supported by server + // if yes, the listed server talks IXFR +}; + +logging { + /* + * All log output goes to one or more "channels"; you can make as + * many of them as you want. + */ + + channel syslog_errors { // this channel will send errors or + syslog user; // or worse to syslog (user facility) + severity error; + }; + + channel stderr_errors { + stderr; + }; + + /* + * Channels have a severity level. Messages at severity levels + * greater than or equal to the channel's level will be logged on + * the channel. In order of decreasing severity, the levels are: + * + * critical a fatal error + * error + * warning + * notice a normal, but significant event + * info an informational message + * debug 1 the least detailed debugging info + * ... + * debug 99 the most detailed debugging info + */ + + /* + * Here are the built-in channels: + * + * channel default_syslog { + * syslog daemon; + * severity info; + * }; + * + * channel default_debug { + * file "named.run"; // note: stderr is used instead + * // of "named.run" if the server + * // is started with the "-f" + * // option. + * severity dynamic; // this means log debugging + * // at whatever debugging level + * // the server is at, and don't + * // log anything if not + * // debugging. + * }; + * + * channel null { // this is the bit bucket; + * file "/dev/null"; // any logging to this channel + * // is discarded. + * }; + * + * channel default_stderr { // writes to stderr + * file "<stderr>"; // this is illustrative only; + * // there's currently no way + * // of saying "stderr" in the + * // configuration language. + * // i.e. don't try this at home. + * severity info; + * }; + * + * default_stderr only works before the server daemonizes (i.e. + * during initial startup) or when it is running in foreground + * mode (-f command line option). + */ + + /* + * There are many categories, so you can send the logs + * you want to see wherever you want, without seeing logs you + * don't want. Right now the categories are + * + * default the catch-all. many things still + * aren't classified into categories, and + * they all end up here. also, if you + * don't specify any channels for a + * category, the default category is used + * instead. + * config high-level configuration file + * processing + * parser low-level configuration file processing + * queries what used to be called "query logging" + * lame-servers messages like "Lame server on ..." + * statistics + * panic if the server has to shut itself + * down due to an internal problem, it + * logs the problem here (as well as + * in the problem's native category) + * update dynamic update + * ncache negative caching + * xfer-in zone transfers we're receiving + * xfer-out zone transfers we're sending + * db all database operations + * eventlib debugging info from the event system + * (see below) + * packet dumps of packets received and sent + * (see below) + * notify the NOTIFY protocol + * cname messages like "XX points to a CNAME" + * security approved/unapproved requests + * os operating system problems + * insist consistency check failures + * maintenance periodic maintenance + * load zone loading + * response-checks messages like + * "Malformed response ..." + * "wrong ans. name ..." + * "unrelated additional info ..." + * "invalid RR type ..." + * "bad referral ..." + */ + + category parser { + syslog_errors; // you can log to as many channels + default_syslog; // as you want + }; + + category lame-servers { null; }; // don't log these at all + + channel moderate_debug { + file "foo"; // foo + severity debug 3; // level 3 debugging to file + print-time yes; // timestamp log entries + print-category yes; // print category name + print-severity yes; // print severity level + /* + * Note that debugging must have been turned on either + * on the command line or with a signal to get debugging + * output (non-debugging output will still be written to + * this channel). + */ + }; + + channel another { + file "bar" versions 99 size 10M; + severity info; + }; + + channel third { + file "bar" size 100000 versions unlimited; + severity debug; // use default debug level + }; + + /* + * If you don't want to see "zone XXXX loaded" messages but do + * want to see any problems, you could do the following. + */ + channel no_info_messages { + syslog; + severity notice; + }; + + category load { no_info_messages; }; + + /* + * You can also define category "default"; it gets used when no + * "category" statement has been given for a category. + */ + category default { + default_syslog; + moderate_debug; + }; + + /* + * If you don't define category default yourself, the default + * default category will be used. It is + * + * category default { default_syslog; default_debug; }; + */ + + /* + * If you don't define category panic yourself, the default + * panic category will be used. It is + * + * category panic { default_syslog; default_stderr; }; + */ + + /* + * Two categories, 'packet' and 'eventlib', are special. Only one + * channel may be assigned to each of them, and it must be a + * file channel. If you don't define them yourself, they default to + * + * category eventlib { default_debug; }; + * + * category packet { default_debug; }; + */ +}; + +#include "filename"; // can't do within a statement + |