Home | History | Annotate | Line # | Download | only in ns4 
      1 /*
      2  * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
      3  *
      4  * SPDX-License-Identifier: MPL-2.0
      5  *
      6  * This Source Code Form is subject to the terms of the Mozilla Public
      7  * License, v. 2.0.  If a copy of the MPL was not distributed with this
      8  * file, you can obtain one at https://mozilla.org/MPL/2.0/.
      9  *
     10  * See the COPYRIGHT file distributed with this work for additional
     11  * information regarding copyright ownership.
     12  */
     13 
     14 # We need a separate instance for the "rndc reconfig" test in order to
     15 # ensure that it does not use ephemeral keys (these are costly to
     16 # generate) and creates a minimal amount of TLS contexts, reducing the
     17 # time needed for startup/reconfiguration. Long
     18 # startup/reconfiguration was known to cause timeout issues in the CI
     19 # system, where many tests run in parallel.
     20 
     21 include "../../_common/rndc.key";
     22 
     23 controls {
     24 	inet 10.53.0.4 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
     25 };
     26 
     27 tls local {
     28 	key-file "../CA/certs/srv04.crt01.example.com.key";
     29 	cert-file "../CA/certs/srv04.crt01.example.com.pem";
     30 	dhparam-file "../dhparam3072.pem";
     31 };
     32 
     33 http local {
     34 	endpoints { "/dns-query"; };
     35 };
     36 
     37 options {
     38 	query-source address 10.53.0.4;
     39 	notify-source 10.53.0.4;
     40 	transfer-source 10.53.0.4;
     41 	port @PORT@;
     42 	tls-port @TLSPORT@;
     43 	https-port @HTTPSPORT@;
     44 	http-port @HTTPPORT@;
     45 	pid-file "named.pid";
     46 	listen-on { 10.53.0.4; };
     47 	listen-on tls local { 10.53.0.4; };             // DoT
     48 	listen-on tls local http local { 10.53.0.4; };  // DoH
     49 	listen-on-v6 { none; };
     50 	recursion no;
     51 	notify no;
     52 	ixfr-from-differences yes;
     53 	check-integrity no;
     54 	dnssec-validation no;
     55 	max-records-per-type 0;
     56 };
     57 
     58 
     59 zone "." {
     60 	type hint;
     61 	file "../../_common/root.hint";
     62 };
     63 
     64 tls tls-v1.2-pfs {
     65 	protocols { TLSv1.2; };
     66 	ciphers "HIGH:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384";
     67 	prefer-server-ciphers no;
     68 };
     69 
     70 zone "example" {
     71 	type secondary;
     72 	primaries { 10.53.0.1 tls tls-v1.2-pfs; };
     73 	file "example.db";
     74 	allow-transfer { any; };
     75 };
     76