From 3b9b6d0b8e7f798023c9d109c490449d528fde80 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 17:59:48 +0200 Subject: Adding upstream version 1:9.18.19. Signed-off-by: Daniel Baumann --- bin/tests/system/kasp/ns5/named.conf.in | 133 ++++++++++++++++++++++++++++++++ 1 file changed, 133 insertions(+) create mode 100644 bin/tests/system/kasp/ns5/named.conf.in (limited to 'bin/tests/system/kasp/ns5/named.conf.in') diff --git a/bin/tests/system/kasp/ns5/named.conf.in b/bin/tests/system/kasp/ns5/named.conf.in new file mode 100644 index 0000000..44855b9 --- /dev/null +++ b/bin/tests/system/kasp/ns5/named.conf.in @@ -0,0 +1,133 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +// NS5 + +key rndc_key { + secret "1234abcd8765"; + algorithm @DEFAULT_HMAC@; +}; + +controls { + inet 10.53.0.5 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + +key "sha1" { + algorithm "hmac-sha1"; + secret "FrSt77yPTFx6hTs4i2tKLB9LmE0="; +}; + +key "sha224" { + algorithm "hmac-sha224"; + secret "hXfwwwiag2QGqblopofai9NuW28q/1rH4CaTnA=="; +}; + +key "sha256" { + algorithm "hmac-sha256"; + secret "R16NojROxtxH/xbDl//ehDsHm5DjWTQ2YXV+hGC2iBY="; +}; + +dnssec-policy "test" { + keys { + csk key-directory lifetime 0 algorithm 14; + }; +}; + +options { + query-source address 10.53.0.5; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.5; }; + listen-on-v6 { none; }; + recursion no; + dnssec-policy "none"; + dnssec-validation no; +}; + +view "inherit" { + match-clients { key "sha1"; }; + + /* Inherit dnssec-policy 'none' */ + zone "inherit.inherit.unsigned" { + type primary; + file "inherit.inherit.unsigned.db"; + }; + + /* Override dnssec-policy */ + zone "override.inherit.unsigned" { + type primary; + file "override.inherit.unsigned.db"; + inline-signing yes; + dnssec-policy "default"; + }; + + /* Unset dnssec-policy */ + zone "none.inherit.unsigned" { + type primary; + file "none.inherit.unsigned.db"; + dnssec-policy "none"; + }; +}; + +view "override" { + match-clients { key "sha224"; }; + dnssec-policy "default"; + + /* Inherit dnssec-policy 'default' */ + zone "inherit.override.unsigned" { + type primary; + file "inherit.override.unsigned.db"; + inline-signing yes; + }; + + /* Override dnssec-policy */ + zone "override.override.unsigned" { + type primary; + file "override.override.unsigned.db"; + inline-signing yes; + dnssec-policy "test"; + }; + + /* Unset dnssec-policy */ + zone "none.override.unsigned" { + type primary; + file "none.override.unsigned.db"; + dnssec-policy "none"; + }; +}; + +view "none" { + match-clients { key "sha256"; }; + dnssec-policy "none"; + + /* Inherit dnssec-policy 'none' */ + zone "inherit.none.unsigned" { + type primary; + file "inherit.none.unsigned.db"; + }; + + /* Override dnssec-policy */ + zone "override.none.unsigned" { + type primary; + file "override.none.unsigned.db"; + inline-signing yes; + dnssec-policy "test"; + }; + + /* Unset dnssec-policy */ + zone "none.none.unsigned" { + type primary; + file "none.none.unsigned.db"; + dnssec-policy "none"; + }; +}; -- cgit v1.2.3