/* * Copyright (C) Internet Systems Consortium, Inc. ("ISC") * * SPDX-License-Identifier: MPL-2.0 * * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, you can obtain one at https://mozilla.org/MPL/2.0/. * * See the COPYRIGHT file distributed with this work for additional * information regarding copyright ownership. */ /* * This is just a random selection of configuration options. */ /* cut here */ dnssec-policy "test" { dnskey-ttl 3600; keys { ksk key-directory lifetime P1Y algorithm 13 256; zsk key-directory lifetime P30D algorithm 13; csk key-directory lifetime P30D algorithm 8 2048; }; max-zone-ttl 86400; nsec3param ; parent-ds-ttl 7200; parent-propagation-delay PT1H; publish-safety PT3600S; purge-keys P90D; retire-safety PT3600S; signatures-refresh P3D; signatures-validity P2W; signatures-validity-dnskey P14D; zone-propagation-delay PT5M; }; options { avoid-v4-udp-ports { 100; }; avoid-v6-udp-ports { 100; }; blackhole { 10.0.0.0/8; }; coresize 1073741824; datasize 104857600; directory "."; dscp 41; dump-file "named_dumpdb"; files 1000; heartbeat-interval 30; hostname none; interface-interval 30; keep-response-order { 10.0.10.0/24; }; listen-on port 90 { "any"; }; listen-on port 100 dscp 33 { 127.0.0.1/32; }; listen-on-v6 port 53 dscp 57 { "none"; }; match-mapped-addresses yes; memstatistics-file "named.memstats"; pid-file none; port 5300; querylog yes; recursing-file "named.recursing"; recursive-clients 3000; serial-query-rate 100; server-id none; update-quota 200; check-names primary warn; check-names secondary ignore; max-cache-size 20000000000000; nta-lifetime 604800; nta-recheck 604800; validate-except { "corp"; }; dnssec-policy "test"; max-ixfr-ratio 90%; transfer-source 0.0.0.0 dscp 63; zone-statistics none; }; parental-agents "parents" { 10.10.10.11; 10.10.10.12; }; view "first" { match-clients { "none"; }; zone "example1" { type master; file "xxx"; update-policy local; max-ixfr-ratio 20%; notify-source 10.10.10.10 port 53 dscp 55; }; zone "clone" { type master; file "yyy"; inline-signing yes; max-ixfr-ratio unlimited; }; dnssec-validation auto; zone-statistics terse; }; view "second" { match-clients { "any"; }; zone "example1" { type master; file "zzz"; update-policy local; zone-statistics yes; }; zone "example2" { type static-stub; forward only; forwarders { 10.53.0.4; }; zone-statistics no; }; zone "example3" { type static-stub; server-addresses { 1.2.3.4; }; }; zone "clone" { in-view "first"; }; zone "." { type redirect; masters { 1.2.3.4; }; }; dnssec-validation auto; zone-statistics full; }; view "third" { match-clients { "none"; }; zone "clone" { in-view "first"; forward only; forwarders { 10.0.0.100; }; }; zone "dnssec" { type master; file "file"; allow-update { "any"; }; dnssec-policy "default"; }; zone "p" { type primary; file "pfile"; inline-signing yes; }; zone "s" { type secondary; file "sfile"; inline-signing yes; masters { 1.2.3.4; }; notify primary-only; }; }; view "fourth" { zone "dnssec-test" { type master; file "dnssec-test.db"; inline-signing yes; parental-agents { 1.2.3.4; 1.2.3.5; }; dnssec-policy "test"; parental-source 10.10.10.10 port 53 dscp 55; }; zone "dnssec-default" { type master; file "dnssec-default.db"; inline-signing yes; parental-agents { "parents"; }; dnssec-policy "default"; }; zone "dnssec-inherit" { type master; file "dnssec-inherit.db"; inline-signing yes; }; zone "dnssec-none" { type master; file "dnssec-none.db"; dnssec-policy "none"; }; zone "dnssec-view1" { type master; file "dnssec-view41.db"; inline-signing yes; dnssec-policy "test"; }; zone "dnssec-view2" { type master; file "dnssec-view42.db"; inline-signing yes; }; zone "dnssec-view3" { type master; file "dnssec-view43.db"; dnssec-policy "none"; key-directory "keys"; }; zone "dnssec-view4" { type master; file "dnssec-view44.db"; dnssec-policy "none"; }; dnssec-policy "default"; key-directory "."; }; view "fifth" { zone "dnssec-view1" { type master; file "dnssec-view51.db"; inline-signing yes; dnssec-policy "test"; }; zone "dnssec-view2" { type master; file "dnssec-view52.db"; inline-signing yes; dnssec-policy "test"; key-directory "keys"; }; zone "dnssec-view3" { type master; file "dnssec-view53.db"; inline-signing yes; dnssec-policy "default"; key-directory "keys"; }; zone "dnssec-view4" { type master; file "dnssec-view54.db"; dnssec-policy "none"; }; key-directory "."; }; view "chaos" chaos { zone "hostname.bind" chaos { type master; database "_builtin hostname"; inline-signing yes; }; }; dyndb "name" "library.so" { this; \}; is a { "test" { \{ of; the; }; } bracketed; "text \""; system; }; key "mykey" { algorithm "hmac-md5"; secret "qwertyuiopasdfgh"; };