Home | History | Annotate | Line # | Download | only in checkconf 
      1 /*
      2  * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
      3  *
      4  * SPDX-License-Identifier: MPL-2.0
      5  *
      6  * This Source Code Form is subject to the terms of the Mozilla Public
      7  * License, v. 2.0.  If a copy of the MPL was not distributed with this
      8  * file, you can obtain one at https://mozilla.org/MPL/2.0/.
      9  *
     10  * See the COPYRIGHT file distributed with this work for additional
     11  * information regarding copyright ownership.
     12  */
     13 
     14 /*
     15  * This is just a random selection of configuration options.
     16  */
     17 
     18 /* cut here */
     19 dnssec-policy "test" {
     20 	cdnskey yes;
     21 	cds-digest-types {
     22 		"sha-256";
     23 	};
     24 	dnskey-ttl 3600;
     25 	keys {
     26 		ksk key-directory lifetime P1Y algorithm 13 tag-range 0 32767;
     27 		zsk lifetime P30D algorithm 13;
     28 		csk key-store "hsm" lifetime P30D algorithm 8 2048;
     29 	};
     30 	manual-mode no;
     31 	max-zone-ttl 86400;
     32 	nsec3param ;
     33 	parent-ds-ttl 7200;
     34 	parent-propagation-delay PT1H;
     35 	publish-safety PT3600S;
     36 	purge-keys P90D;
     37 	retire-safety PT3600S;
     38 	signatures-jitter PT12H;
     39 	signatures-refresh P3D;
     40 	signatures-validity P2W;
     41 	signatures-validity-dnskey P14D;
     42 	zone-propagation-delay PT5M;
     43 };
     44 key-store "hsm" {
     45 	directory ".";
     46 	pkcs11-uri "pkcs11:token=bind9;pin-value=1234";
     47 };
     48 options {
     49 	avoid-v4-udp-ports {
     50 		100;
     51 	};
     52 	avoid-v6-udp-ports {
     53 		100;
     54 	};
     55 	blackhole {
     56 		10.0.0.0/8;
     57 	};
     58 	directory ".";
     59 	dump-file "named_dumpdb";
     60 	heartbeat-interval 30;
     61 	hostname none;
     62 	interface-interval 30;
     63 	listen-on port 90 {
     64 		"any";
     65 	};
     66 	listen-on port 100 {
     67 		127.0.0.1/32;
     68 	};
     69 	listen-on-v6 port 53 {
     70 		"none";
     71 	};
     72 	match-mapped-addresses yes;
     73 	memstatistics-file "named.memstats";
     74 	pid-file none;
     75 	port 5300;
     76 	querylog yes;
     77 	recursing-file "named.recursing";
     78 	recursive-clients 3000;
     79 	serial-query-rate 100;
     80 	server-id none;
     81 	update-quota 200;
     82 	check-names primary warn;
     83 	check-names secondary ignore;
     84 	max-cache-size 20000000000000;
     85 	max-query-count 100;
     86 	max-query-restarts 10;
     87 	nta-lifetime 604800;
     88 	nta-recheck 604800;
     89 	validate-except {
     90 		"corp";
     91 	};
     92 	dnssec-policy "test";
     93 	max-ixfr-ratio 90%;
     94 	transfer-source 0.0.0.0;
     95 	zone-statistics none;
     96 };
     97 remote-servers "parents" port 5353 source 10.10.10.10 port 5354 source-v6 2001:db8::10 port 5355 {
     98 	10.10.10.11;
     99 	2001:db8::11;
    100 };
    101 view "first" {
    102 	match-clients {
    103 		"none";
    104 	};
    105 	zone "example1" {
    106 		type primary;
    107 		file "xxx";
    108 		update-policy local;
    109 		max-ixfr-ratio 20%;
    110 		notify-source 10.10.10.10 port 53;
    111 	};
    112 	zone "clone" {
    113 		type primary;
    114 		file "yyy";
    115 		max-ixfr-ratio unlimited;
    116 	};
    117 	dnssec-validation auto;
    118 	max-query-restarts 15;
    119 	zone-statistics terse;
    120 };
    121 view "second" {
    122 	match-clients {
    123 		"any";
    124 	};
    125 	zone "example1" {
    126 		type primary;
    127 		file "zzz";
    128 		update-policy local;
    129 		zone-statistics yes;
    130 	};
    131 	zone "example2" {
    132 		type static-stub;
    133 		forward only;
    134 		forwarders tls "ephemeral" {
    135 			10.53.0.4 port 8053 tls "ephemeral";
    136 		};
    137 		zone-statistics no;
    138 	};
    139 	zone "example3" {
    140 		type static-stub;
    141 		server-addresses {
    142 			1.2.3.4;
    143 		};
    144 	};
    145 	zone "clone" {
    146 		in-view "first";
    147 	};
    148 	zone "." {
    149 		type redirect;
    150 		primaries {
    151 			1.2.3.4;
    152 		};
    153 	};
    154 	dnssec-validation auto;
    155 	zone-statistics full;
    156 };
    157 view "third" {
    158 	match-clients {
    159 		"none";
    160 	};
    161 	zone "clone" {
    162 		in-view "first";
    163 		forward only;
    164 		forwarders {
    165 			10.0.0.100;
    166 		};
    167 	};
    168 	zone "dnssec" {
    169 		type primary;
    170 		file "file";
    171 		allow-update {
    172 			"any";
    173 		};
    174 		dnssec-policy "default";
    175 	};
    176 	zone "p" {
    177 		type primary;
    178 		file "pfile";
    179 	};
    180 	zone "s" {
    181 		type secondary;
    182 		file "sfile";
    183 		primaries {
    184 			1.2.3.4;
    185 		};
    186 		notify primary-only;
    187 	};
    188 };
    189 view "fourth" {
    190 	zone "dnssec-test" {
    191 		type primary;
    192 		checkds explicit;
    193 		file "dnssec-test.db";
    194 		parental-agents {
    195 			1.2.3.4;
    196 			1.2.3.5;
    197 		};
    198 		dnssec-policy "test";
    199 		parental-source 10.10.10.10 port 53;
    200 	};
    201 	zone "dnssec-default" {
    202 		type primary;
    203 		file "dnssec-default.db";
    204 		parental-agents {
    205 			"parents";
    206 		};
    207 		dnssec-policy "default";
    208 	};
    209 	zone "dnssec-inherit" {
    210 		type primary;
    211 		checkds no;
    212 		file "dnssec-inherit.db";
    213 	};
    214 	zone "dnssec-none" {
    215 		type primary;
    216 		file "dnssec-none.db";
    217 		dnssec-policy "none";
    218 	};
    219 	zone "dnssec-view1" {
    220 		type primary;
    221 		checkds yes;
    222 		file "dnssec-view41.db";
    223 		dnssec-policy "test";
    224 	};
    225 	zone "dnssec-view2" {
    226 		type primary;
    227 		file "dnssec-view42.db";
    228 	};
    229 	zone "dnssec-view3" {
    230 		type primary;
    231 		file "dnssec-view43.db";
    232 		dnssec-policy "none";
    233 		key-directory "keys";
    234 	};
    235 	zone "dnssec-view4" {
    236 		type primary;
    237 		file "dnssec-view44.db";
    238 		dnssec-policy "none";
    239 	};
    240 	dnssec-policy "default";
    241 	key-directory ".";
    242 };
    243 view "fifth" {
    244 	zone "dnssec-view1" {
    245 		type primary;
    246 		file "dnssec-view51.db";
    247 		dnssec-policy "test";
    248 	};
    249 	zone "dnssec-view2" {
    250 		type primary;
    251 		file "dnssec-view52.db";
    252 		dnssec-policy "test";
    253 		key-directory "keys";
    254 	};
    255 	zone "dnssec-view3" {
    256 		type primary;
    257 		file "dnssec-view53.db";
    258 		dnssec-policy "default";
    259 		key-directory "keys";
    260 	};
    261 	zone "dnssec-view4" {
    262 		type primary;
    263 		file "dnssec-view54.db";
    264 		dnssec-policy "none";
    265 	};
    266 	key-directory ".";
    267 };
    268 view "chaos" chaos {
    269 	zone "hostname.bind" chaos {
    270 		type primary;
    271 		database "_builtin hostname";
    272 	};
    273 };
    274 dyndb "name" "library.so" {
    275 	this;
    276 	\};
    277 	is a {
    278 		"test" { \{ of; the; };
    279 	} bracketed;
    280 	"text \"";
    281 	system;
    282 };
    283 key "mykey" {
    284 	algorithm "@DEFAULT_HMAC@";
    285 	secret "qwertyuiopasdfgh";
    286 };
    287