1 /* 2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 3 * 4 * SPDX-License-Identifier: MPL-2.0 5 * 6 * This Source Code Form is subject to the terms of the Mozilla Public 7 * License, v. 2.0. If a copy of the MPL was not distributed with this 8 * file, you can obtain one at https://mozilla.org/MPL/2.0/. 9 * 10 * See the COPYRIGHT file distributed with this work for additional 11 * information regarding copyright ownership. 12 */ 13 14 include "../../_common/rndc.key"; 15 16 controls { 17 inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; 18 }; 19 20 http local { 21 endpoints { "/dns-query"; "/alter"; }; 22 listener-clients 100; 23 }; 24 25 tls tls-forward-secrecy { 26 protocols { TLSv1.2; }; 27 ciphers "HIGH:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384"; 28 prefer-server-ciphers yes; 29 key-file "../CA/certs/srv01.crt01.example.com.key"; 30 cert-file "../CA/certs/srv01.crt01.example.com.pem"; 31 dhparam-file "../dhparam3072.pem"; 32 }; 33 34 tls tls-pfs-aes256 { 35 protocols { TLSv1.2; }; 36 ciphers "AES256:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384"; 37 prefer-server-ciphers yes; 38 key-file "../CA/certs/srv01.crt01.example.com.key"; 39 cert-file "../CA/certs/srv01.crt01.example.com.pem"; 40 dhparam-file "../dhparam3072.pem"; 41 }; 42 43 tls tls-no-subject-alt-name { 44 protocols { TLSv1.2; }; 45 ciphers "HIGH:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384"; 46 prefer-server-ciphers yes; 47 key-file "../CA/certs/srv01.crt02-no-san.example.com.key"; 48 cert-file "../CA/certs/srv01.crt02-no-san.example.com.pem"; 49 dhparam-file "../dhparam3072.pem"; 50 }; 51 52 tls tls-expired { 53 protocols { TLSv1.2; }; 54 ciphers "HIGH:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384"; 55 prefer-server-ciphers yes; 56 key-file "../CA/certs/srv01.crt03-expired.example.com.key"; 57 cert-file "../CA/certs/srv01.crt03-expired.example.com.pem"; 58 dhparam-file "../dhparam3072.pem"; 59 }; 60 61 tls tls-forward-secrecy-mutual-tls { 62 protocols { TLSv1.2; }; 63 ciphers "HIGH:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384"; 64 prefer-server-ciphers yes; 65 key-file "../CA/certs/srv01.crt01.example.com.key"; 66 cert-file "../CA/certs/srv01.crt01.example.com.pem"; 67 dhparam-file "../dhparam3072.pem"; 68 ca-file "../CA/CA.pem"; 69 }; 70 71 options { 72 port @PORT@; 73 tls-port @TLSPORT@; 74 https-port @HTTPSPORT@; 75 http-port @HTTPPORT@; 76 pid-file "named.pid"; 77 listen-on { 10.53.0.1; }; 78 listen-on tls tls-forward-secrecy { 10.53.0.1; }; // DoT 79 listen-on-v6 tls tls-forward-secrecy { fd92:7065:b8e:ffff::1;}; 80 listen-on tls ephemeral http local { 10.53.0.1; }; // DoH 81 listen-on-v6 tls ephemeral http local { fd92:7065:b8e:ffff::1; }; 82 listen-on tls none http local { 10.53.0.1; }; // unencrypted DoH 83 listen-on-v6 tls none http local { fd92:7065:b8e:ffff::1; }; 84 listen-on-v6 { none; }; 85 listen-on port @EXTRAPORT1@ tls tls-pfs-aes256 { 10.53.0.1; }; // DoT 86 listen-on-v6 port @EXTRAPORT1@ tls tls-pfs-aes256 { fd92:7065:b8e:ffff::1;}; 87 listen-on port @EXTRAPORT2@ tls tls-no-subject-alt-name { 10.53.0.1; }; // DoT 88 listen-on port @EXTRAPORT3@ tls tls-no-subject-alt-name http local { 10.53.0.1; }; // DoH 89 listen-on port @EXTRAPORT4@ tls tls-expired { 10.53.0.1; }; // DoT 90 listen-on port @EXTRAPORT5@ tls tls-forward-secrecy-mutual-tls { 10.53.0.1; }; // DoT 91 listen-on port @EXTRAPORT6@ tls tls-forward-secrecy-mutual-tls http local { 10.53.0.1; }; // DoH 92 listen-on port @EXTRAPORT7@ tls tls-forward-secrecy { 10.53.0.1; }; // DoT 93 recursion no; 94 notify explicit; 95 also-notify { 10.53.0.2 port @PORT@; }; 96 statistics-file "named.stats"; 97 dnssec-validation no; 98 tcp-initial-timeout 1200; 99 transfers-in 100; 100 transfers-out 100; 101 max-records-per-type 0; 102 }; 103 104 105 zone "." { 106 type primary; 107 file "root.db"; 108 allow-transfer port @TLSPORT@ transport tls { any; }; 109 }; 110 111 zone "test.example.com" { 112 type primary; 113 file "example.db"; 114 allow-transfer transport tls { any; }; 115 }; 116 117 zone "example" { 118 type primary; 119 file "example.db"; 120 allow-transfer port @TLSPORT@ transport tls { any; }; 121 }; 122 123 zone "example2" { 124 type primary; 125 file "example.db"; 126 allow-transfer port @EXTRAPORT1@ transport tls { any; }; 127 }; 128 129 zone "example3" { 130 type primary; 131 file "example.db"; 132 allow-transfer port @EXTRAPORT3@ transport tls { any; }; 133 }; 134 135 zone "example4" { 136 type primary; 137 file "example.db"; 138 allow-transfer transport tls { any; }; 139 }; 140 141 zone "example5" { 142 type primary; 143 file "example.db"; 144 allow-transfer transport tls { any; }; 145 }; 146 147 zone "example6" { 148 type primary; 149 file "example.db"; 150 allow-transfer transport tls { any; }; 151 }; 152 153 zone "example7" { 154 type primary; 155 file "example.db"; 156 allow-transfer transport tls { any; }; 157 }; 158 159 zone "example8" { 160 type primary; 161 file "example.db"; 162 allow-transfer transport tls { any; }; 163 }; 164 165 zone "example9" { 166 type primary; 167 file "example.db"; 168 allow-transfer port @EXTRAPORT5@ transport tls { any; }; 169 }; 170 171 zone "example10" { 172 type primary; 173 file "example.db"; 174 allow-transfer port @EXTRAPORT5@ transport tls { any; }; 175 }; 176 177 zone "example11" { 178 type primary; 179 file "example.db"; 180 allow-transfer port @EXTRAPORT5@ transport tls { any; }; 181 }; 182 183 zone "example12" { 184 type primary; 185 file "example.db"; 186 allow-transfer port @EXTRAPORT7@ transport tls { any; }; 187 }; 188 189 zone "example13" { 190 type primary; 191 file "example.db"; 192 allow-transfer port @EXTRAPORT7@ transport tls { any; }; 193 }; 194 195 zone "example14" { 196 type primary; 197 file "example.db"; 198 allow-transfer port @EXTRAPORT7@ transport tls { any; }; 199 }; 200 201 zone "example15" { 202 type primary; 203 file "example.db"; 204 allow-transfer port @EXTRAPORT7@ transport tls { any; }; 205 }; 206
Indexes created Sat Feb 28 05:31:39 UTC 2026