1 1.1 christos /* 2 1.1 christos * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 3 1.1 christos * 4 1.1 christos * SPDX-License-Identifier: MPL-2.0 5 1.1 christos * 6 1.1 christos * This Source Code Form is subject to the terms of the Mozilla Public 7 1.1 christos * License, v. 2.0. If a copy of the MPL was not distributed with this 8 1.1 christos * file, you can obtain one at https://mozilla.org/MPL/2.0/. 9 1.1 christos * 10 1.1 christos * See the COPYRIGHT file distributed with this work for additional 11 1.1 christos * information regarding copyright ownership. 12 1.1 christos */ 13 1.1 christos 14 1.1 christos include "../../_common/rndc.key"; 15 1.1 christos 16 1.1 christos controls { 17 1.1 christos inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; 18 1.1 christos }; 19 1.1 christos 20 1.1 christos http local { 21 1.1 christos endpoints { "/dns-query"; "/alter"; }; 22 1.1 christos listener-clients 100; 23 1.1 christos }; 24 1.1 christos 25 1.1 christos tls tls-forward-secrecy { 26 1.1 christos protocols { TLSv1.2; }; 27 1.1 christos ciphers "HIGH:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384"; 28 1.1 christos prefer-server-ciphers yes; 29 1.1 christos key-file "../CA/certs/srv01.crt01.example.com.key"; 30 1.1 christos cert-file "../CA/certs/srv01.crt01.example.com.pem"; 31 1.1 christos dhparam-file "../dhparam3072.pem"; 32 1.1 christos }; 33 1.1 christos 34 1.1 christos tls tls-pfs-aes256 { 35 1.1 christos protocols { TLSv1.2; }; 36 1.1 christos ciphers "AES256:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384"; 37 1.1 christos prefer-server-ciphers yes; 38 1.1 christos key-file "../CA/certs/srv01.crt01.example.com.key"; 39 1.1 christos cert-file "../CA/certs/srv01.crt01.example.com.pem"; 40 1.1 christos dhparam-file "../dhparam3072.pem"; 41 1.1 christos }; 42 1.1 christos 43 1.1 christos tls tls-no-subject-alt-name { 44 1.1 christos protocols { TLSv1.2; }; 45 1.1 christos ciphers "HIGH:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384"; 46 1.1 christos prefer-server-ciphers yes; 47 1.1 christos key-file "../CA/certs/srv01.crt02-no-san.example.com.key"; 48 1.1 christos cert-file "../CA/certs/srv01.crt02-no-san.example.com.pem"; 49 1.1 christos dhparam-file "../dhparam3072.pem"; 50 1.1 christos }; 51 1.1 christos 52 1.1 christos tls tls-expired { 53 1.1 christos protocols { TLSv1.2; }; 54 1.1 christos ciphers "HIGH:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384"; 55 1.1 christos prefer-server-ciphers yes; 56 1.1 christos key-file "../CA/certs/srv01.crt03-expired.example.com.key"; 57 1.1 christos cert-file "../CA/certs/srv01.crt03-expired.example.com.pem"; 58 1.1 christos dhparam-file "../dhparam3072.pem"; 59 1.1 christos }; 60 1.1 christos 61 1.1 christos tls tls-forward-secrecy-mutual-tls { 62 1.1 christos protocols { TLSv1.2; }; 63 1.1 christos ciphers "HIGH:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384"; 64 1.1 christos prefer-server-ciphers yes; 65 1.1 christos key-file "../CA/certs/srv01.crt01.example.com.key"; 66 1.1 christos cert-file "../CA/certs/srv01.crt01.example.com.pem"; 67 1.1 christos dhparam-file "../dhparam3072.pem"; 68 1.1 christos ca-file "../CA/CA.pem"; 69 1.1 christos }; 70 1.1 christos 71 1.1 christos options { 72 1.1 christos port @PORT@; 73 1.1 christos tls-port @TLSPORT@; 74 1.1 christos https-port @HTTPSPORT@; 75 1.1 christos http-port @HTTPPORT@; 76 1.1 christos pid-file "named.pid"; 77 1.1 christos listen-on { 10.53.0.1; }; 78 1.1 christos listen-on tls tls-forward-secrecy { 10.53.0.1; }; // DoT 79 1.1 christos listen-on-v6 tls tls-forward-secrecy { fd92:7065:b8e:ffff::1;}; 80 1.1 christos listen-on tls ephemeral http local { 10.53.0.1; }; // DoH 81 1.1 christos listen-on-v6 tls ephemeral http local { fd92:7065:b8e:ffff::1; }; 82 1.1 christos listen-on tls none http local { 10.53.0.1; }; // unencrypted DoH 83 1.1 christos listen-on-v6 tls none http local { fd92:7065:b8e:ffff::1; }; 84 1.1 christos listen-on-v6 { none; }; 85 1.1 christos listen-on port @EXTRAPORT1@ tls tls-pfs-aes256 { 10.53.0.1; }; // DoT 86 1.1 christos listen-on-v6 port @EXTRAPORT1@ tls tls-pfs-aes256 { fd92:7065:b8e:ffff::1;}; 87 1.1 christos listen-on port @EXTRAPORT2@ tls tls-no-subject-alt-name { 10.53.0.1; }; // DoT 88 1.1 christos listen-on port @EXTRAPORT3@ tls tls-no-subject-alt-name http local { 10.53.0.1; }; // DoH 89 1.1 christos listen-on port @EXTRAPORT4@ tls tls-expired { 10.53.0.1; }; // DoT 90 1.1 christos listen-on port @EXTRAPORT5@ tls tls-forward-secrecy-mutual-tls { 10.53.0.1; }; // DoT 91 1.1 christos listen-on port @EXTRAPORT6@ tls tls-forward-secrecy-mutual-tls http local { 10.53.0.1; }; // DoH 92 1.1 christos listen-on port @EXTRAPORT7@ tls tls-forward-secrecy { 10.53.0.1; }; // DoT 93 1.1 christos recursion no; 94 1.1 christos notify explicit; 95 1.1 christos also-notify { 10.53.0.2 port @PORT@; }; 96 1.1 christos statistics-file "named.stats"; 97 1.1 christos dnssec-validation no; 98 1.1 christos tcp-initial-timeout 1200; 99 1.1 christos transfers-in 100; 100 1.1 christos transfers-out 100; 101 1.1 christos max-records-per-type 0; 102 1.1 christos }; 103 1.1 christos 104 1.1 christos 105 1.1 christos zone "." { 106 1.1 christos type primary; 107 1.1 christos file "root.db"; 108 1.1 christos allow-transfer port @TLSPORT@ transport tls { any; }; 109 1.1 christos }; 110 1.1 christos 111 1.1 christos zone "test.example.com" { 112 1.1 christos type primary; 113 1.1 christos file "example.db"; 114 1.1 christos allow-transfer transport tls { any; }; 115 1.1 christos }; 116 1.1 christos 117 1.1 christos zone "example" { 118 1.1 christos type primary; 119 1.1 christos file "example.db"; 120 1.1 christos allow-transfer port @TLSPORT@ transport tls { any; }; 121 1.1 christos }; 122 1.1 christos 123 1.1 christos zone "example2" { 124 1.1 christos type primary; 125 1.1 christos file "example.db"; 126 1.1 christos allow-transfer port @EXTRAPORT1@ transport tls { any; }; 127 1.1 christos }; 128 1.1 christos 129 1.1 christos zone "example3" { 130 1.1 christos type primary; 131 1.1 christos file "example.db"; 132 1.1 christos allow-transfer port @EXTRAPORT3@ transport tls { any; }; 133 1.1 christos }; 134 1.1 christos 135 1.1 christos zone "example4" { 136 1.1 christos type primary; 137 1.1 christos file "example.db"; 138 1.1 christos allow-transfer transport tls { any; }; 139 1.1 christos }; 140 1.1 christos 141 1.1 christos zone "example5" { 142 1.1 christos type primary; 143 1.1 christos file "example.db"; 144 1.1 christos allow-transfer transport tls { any; }; 145 1.1 christos }; 146 1.1 christos 147 1.1 christos zone "example6" { 148 1.1 christos type primary; 149 1.1 christos file "example.db"; 150 1.1 christos allow-transfer transport tls { any; }; 151 1.1 christos }; 152 1.1 christos 153 1.1 christos zone "example7" { 154 1.1 christos type primary; 155 1.1 christos file "example.db"; 156 1.1 christos allow-transfer transport tls { any; }; 157 1.1 christos }; 158 1.1 christos 159 1.1 christos zone "example8" { 160 1.1 christos type primary; 161 1.1 christos file "example.db"; 162 1.1 christos allow-transfer transport tls { any; }; 163 1.1 christos }; 164 1.1 christos 165 1.1 christos zone "example9" { 166 1.1 christos type primary; 167 1.1 christos file "example.db"; 168 1.1 christos allow-transfer port @EXTRAPORT5@ transport tls { any; }; 169 1.1 christos }; 170 1.1 christos 171 1.1 christos zone "example10" { 172 1.1 christos type primary; 173 1.1 christos file "example.db"; 174 1.1 christos allow-transfer port @EXTRAPORT5@ transport tls { any; }; 175 1.1 christos }; 176 1.1 christos 177 1.1 christos zone "example11" { 178 1.1 christos type primary; 179 1.1 christos file "example.db"; 180 1.1 christos allow-transfer port @EXTRAPORT5@ transport tls { any; }; 181 1.1 christos }; 182 1.1 christos 183 1.1 christos zone "example12" { 184 1.1 christos type primary; 185 1.1 christos file "example.db"; 186 1.1 christos allow-transfer port @EXTRAPORT7@ transport tls { any; }; 187 1.1 christos }; 188 1.1 christos 189 1.1 christos zone "example13" { 190 1.1 christos type primary; 191 1.1 christos file "example.db"; 192 1.1 christos allow-transfer port @EXTRAPORT7@ transport tls { any; }; 193 1.1 christos }; 194 1.1 christos 195 1.1 christos zone "example14" { 196 1.1 christos type primary; 197 1.1 christos file "example.db"; 198 1.1 christos allow-transfer port @EXTRAPORT7@ transport tls { any; }; 199 1.1 christos }; 200 1.1 christos 201 1.1 christos zone "example15" { 202 1.1 christos type primary; 203 1.1 christos file "example.db"; 204 1.1 christos allow-transfer port @EXTRAPORT7@ transport tls { any; }; 205 1.1 christos }; 206
Indexes created Sat Feb 28 05:31:39 UTC 2026