summaryrefslogtreecommitdiffstats
path: root/bin/tests/system/dnssec/ns2/named.conf.in
diff options
context:
space:
mode:
Diffstat (limited to 'bin/tests/system/dnssec/ns2/named.conf.in')
-rw-r--r--bin/tests/system/dnssec/ns2/named.conf.in201
1 files changed, 201 insertions, 0 deletions
diff --git a/bin/tests/system/dnssec/ns2/named.conf.in b/bin/tests/system/dnssec/ns2/named.conf.in
new file mode 100644
index 0000000..fbfd070
--- /dev/null
+++ b/bin/tests/system/dnssec/ns2/named.conf.in
@@ -0,0 +1,201 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+// NS2
+
+options {
+ query-source address 10.53.0.2;
+ notify-source 10.53.0.2;
+ transfer-source 10.53.0.2;
+ port @PORT@;
+ pid-file "named.pid";
+ listen-on { 10.53.0.2; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+ dnssec-validation yes;
+ notify-delay 1;
+ minimal-responses no;
+};
+
+key rndc_key {
+ secret "1234abcd8765";
+ algorithm hmac-sha256;
+};
+
+controls {
+ inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
+zone "." {
+ type hint;
+ file "../../common/root.hint";
+};
+
+zone "trusted" {
+ type primary;
+ file "trusted.db.signed";
+};
+
+zone "managed" {
+ type primary;
+ file "managed.db.signed";
+};
+
+zone "example" {
+ type primary;
+ file "example.db.signed";
+ allow-update { any; };
+};
+
+zone "insecure.secure.example" {
+ type primary;
+ file "insecure.secure.example.db";
+ allow-update { any; };
+};
+
+zone "rfc2335.example" {
+ type primary;
+ file "rfc2335.example.db";
+};
+
+zone "child.nsec3.example" {
+ type primary;
+ file "child.nsec3.example.db";
+ allow-update { none; };
+};
+
+zone "child.optout.example" {
+ type primary;
+ file "child.optout.example.db";
+ allow-update { none; };
+};
+
+zone "badparam" {
+ type primary;
+ file "badparam.db.bad";
+};
+
+zone "single-nsec3" {
+ type primary;
+ file "single-nsec3.db.signed";
+};
+
+zone "algroll" {
+ type primary;
+ file "algroll.db.signed";
+};
+
+zone "nsec3chain-test" {
+ type primary;
+ file "nsec3chain-test.db.signed";
+ allow-update {any;};
+};
+
+zone "in-addr.arpa" {
+ type primary;
+ file "in-addr.arpa.db.signed";
+};
+
+zone "cds.secure" {
+ type primary;
+ file "cds.secure.db.signed";
+};
+
+zone "cds-x.secure" {
+ type primary;
+ file "cds-x.secure.db.signed";
+};
+
+zone "cds-update.secure" {
+ type primary;
+ file "cds-update.secure.db.signed";
+ allow-update { any; };
+};
+
+zone "cds-kskonly.secure" {
+ type primary;
+ dnssec-dnskey-kskonly yes;
+ file "cds-kskonly.secure.db.signed";
+ allow-update { any; };
+};
+
+zone "cds-auto.secure" {
+ type primary;
+ file "cds-auto.secure.db.signed";
+ auto-dnssec maintain;
+ allow-update { any; };
+};
+
+zone "cdnskey.secure" {
+ type primary;
+ file "cdnskey.secure.db.signed";
+};
+
+zone "cdnskey-x.secure" {
+ type primary;
+ file "cdnskey-x.secure.db.signed";
+};
+
+zone "cdnskey-update.secure" {
+ type primary;
+ file "cdnskey-update.secure.db.signed";
+ allow-update { any; };
+};
+
+zone "cdnskey-kskonly.secure" {
+ type primary;
+ dnssec-dnskey-kskonly yes;
+ file "cdnskey-kskonly.secure.db.signed";
+ allow-update { any; };
+};
+
+zone "cdnskey-auto.secure" {
+ type primary;
+ file "cdnskey-auto.secure.db.signed";
+ auto-dnssec maintain;
+ allow-update { any; };
+};
+
+zone "updatecheck-kskonly.secure" {
+ type primary;
+ auto-dnssec maintain;
+ key-directory ".";
+ dnssec-dnskey-kskonly yes;
+ update-check-ksk yes;
+ sig-validity-interval 10;
+ dnskey-sig-validity 40;
+ file "updatecheck-kskonly.secure.db.signed";
+ allow-update { any; };
+};
+
+zone "corp" {
+ type primary;
+ file "corp.db";
+};
+
+zone "hours-vs-days" {
+ type master;
+ file "hours-vs-days.db.signed";
+ auto-dnssec maintain;
+ /* validity 500 days, resign in 499 days */
+ sig-validity-interval 500 499;
+ allow-update { any; };
+};
+
+zone "too-many-iterations" {
+ type master;
+ file "too-many-iterations.db.signed";
+};
+
+include "trusted.conf";