From 45d6379135504814ab723b57f0eb8be23393a51d Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 27 Apr 2024 09:24:22 +0200 Subject: Adding upstream version 1:9.16.44. Signed-off-by: Daniel Baumann --- bin/tests/system/dnssec/ns2/named.conf.in | 201 ++++++++++++++++++++++++++++++ 1 file changed, 201 insertions(+) create mode 100644 bin/tests/system/dnssec/ns2/named.conf.in (limited to 'bin/tests/system/dnssec/ns2/named.conf.in') diff --git a/bin/tests/system/dnssec/ns2/named.conf.in b/bin/tests/system/dnssec/ns2/named.conf.in new file mode 100644 index 0000000..fbfd070 --- /dev/null +++ b/bin/tests/system/dnssec/ns2/named.conf.in @@ -0,0 +1,201 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +// NS2 + +options { + query-source address 10.53.0.2; + notify-source 10.53.0.2; + transfer-source 10.53.0.2; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.2; }; + listen-on-v6 { none; }; + recursion no; + notify yes; + dnssec-validation yes; + notify-delay 1; + minimal-responses no; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-sha256; +}; + +controls { + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + +zone "." { + type hint; + file "../../common/root.hint"; +}; + +zone "trusted" { + type primary; + file "trusted.db.signed"; +}; + +zone "managed" { + type primary; + file "managed.db.signed"; +}; + +zone "example" { + type primary; + file "example.db.signed"; + allow-update { any; }; +}; + +zone "insecure.secure.example" { + type primary; + file "insecure.secure.example.db"; + allow-update { any; }; +}; + +zone "rfc2335.example" { + type primary; + file "rfc2335.example.db"; +}; + +zone "child.nsec3.example" { + type primary; + file "child.nsec3.example.db"; + allow-update { none; }; +}; + +zone "child.optout.example" { + type primary; + file "child.optout.example.db"; + allow-update { none; }; +}; + +zone "badparam" { + type primary; + file "badparam.db.bad"; +}; + +zone "single-nsec3" { + type primary; + file "single-nsec3.db.signed"; +}; + +zone "algroll" { + type primary; + file "algroll.db.signed"; +}; + +zone "nsec3chain-test" { + type primary; + file "nsec3chain-test.db.signed"; + allow-update {any;}; +}; + +zone "in-addr.arpa" { + type primary; + file "in-addr.arpa.db.signed"; +}; + +zone "cds.secure" { + type primary; + file "cds.secure.db.signed"; +}; + +zone "cds-x.secure" { + type primary; + file "cds-x.secure.db.signed"; +}; + +zone "cds-update.secure" { + type primary; + file "cds-update.secure.db.signed"; + allow-update { any; }; +}; + +zone "cds-kskonly.secure" { + type primary; + dnssec-dnskey-kskonly yes; + file "cds-kskonly.secure.db.signed"; + allow-update { any; }; +}; + +zone "cds-auto.secure" { + type primary; + file "cds-auto.secure.db.signed"; + auto-dnssec maintain; + allow-update { any; }; +}; + +zone "cdnskey.secure" { + type primary; + file "cdnskey.secure.db.signed"; +}; + +zone "cdnskey-x.secure" { + type primary; + file "cdnskey-x.secure.db.signed"; +}; + +zone "cdnskey-update.secure" { + type primary; + file "cdnskey-update.secure.db.signed"; + allow-update { any; }; +}; + +zone "cdnskey-kskonly.secure" { + type primary; + dnssec-dnskey-kskonly yes; + file "cdnskey-kskonly.secure.db.signed"; + allow-update { any; }; +}; + +zone "cdnskey-auto.secure" { + type primary; + file "cdnskey-auto.secure.db.signed"; + auto-dnssec maintain; + allow-update { any; }; +}; + +zone "updatecheck-kskonly.secure" { + type primary; + auto-dnssec maintain; + key-directory "."; + dnssec-dnskey-kskonly yes; + update-check-ksk yes; + sig-validity-interval 10; + dnskey-sig-validity 40; + file "updatecheck-kskonly.secure.db.signed"; + allow-update { any; }; +}; + +zone "corp" { + type primary; + file "corp.db"; +}; + +zone "hours-vs-days" { + type master; + file "hours-vs-days.db.signed"; + auto-dnssec maintain; + /* validity 500 days, resign in 499 days */ + sig-validity-interval 500 499; + allow-update { any; }; +}; + +zone "too-many-iterations" { + type master; + file "too-many-iterations.db.signed"; +}; + +include "trusted.conf"; -- cgit v1.2.3