1 /* 2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 3 * 4 * SPDX-License-Identifier: MPL-2.0 5 * 6 * This Source Code Form is subject to the terms of the Mozilla Public 7 * License, v. 2.0. If a copy of the MPL was not distributed with this 8 * file, you can obtain one at https://mozilla.org/MPL/2.0/. 9 * 10 * See the COPYRIGHT file distributed with this work for additional 11 * information regarding copyright ownership. 12 */ 13 14 // NS3 15 16 include "../../_common/rndc.key"; 17 18 controls { 19 inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; 20 }; 21 22 options { 23 query-source address 10.53.0.3; 24 notify-source 10.53.0.3; 25 transfer-source 10.53.0.3; 26 port @PORT@; 27 pid-file "named.pid"; 28 listen-on { 10.53.0.3; }; 29 listen-on-v6 { none; }; 30 recursion no; 31 allow-transfer { any; }; 32 notify yes; 33 try-tcp-refresh no; 34 notify-delay 0; 35 allow-new-zones yes; 36 dnssec-validation no; 37 }; 38 39 dnssec-policy "inline" { 40 keys { 41 ksk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 42 zsk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 43 }; 44 }; 45 46 dnssec-policy "nsec3" { 47 keys { 48 ksk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 49 zsk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 50 }; 51 nsec3param iterations 0 optout no salt-length 0; 52 }; 53 54 dnssec-policy "external" { 55 keys { 56 ksk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 57 zsk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; 58 ksk key-directory lifetime unlimited algorithm @ALTERNATIVE_ALGORITHM@; 59 zsk key-directory lifetime unlimited algorithm @ALTERNATIVE_ALGORITHM@; 60 }; 61 }; 62 63 zone "bits" { 64 type secondary; 65 primaries { 10.53.0.2; }; 66 inline-signing yes; 67 dnssec-policy inline; 68 allow-update-forwarding { any; }; 69 file "bits.bk"; 70 sig-signing-signatures 1; // force incremental processing 71 }; 72 73 server 10.53.0.4 { request-ixfr no; }; 74 75 zone "noixfr" { 76 type secondary; 77 primaries { 10.53.0.4; }; 78 inline-signing yes; 79 dnssec-policy inline; 80 allow-update-forwarding { any; }; 81 file "noixfr.bk"; 82 }; 83 84 zone "primary" { 85 type primary; 86 inline-signing yes; 87 dnssec-policy inline; 88 file "primary.db"; 89 notify explicit; 90 also-notify { 91 10.53.0.3; 92 }; 93 }; 94 95 zone "dynamic" { 96 type primary; 97 inline-signing yes; 98 dnssec-policy inline; 99 allow-update { any; }; 100 file "dynamic.db"; 101 }; 102 103 zone "updated" { 104 type primary; 105 inline-signing yes; 106 dnssec-policy inline; 107 allow-update { none; }; 108 file "updated.db"; 109 }; 110 111 zone "expired" { 112 type primary; 113 inline-signing yes; 114 dnssec-policy inline; 115 allow-update { any; }; 116 file "expired.db"; 117 }; 118 119 zone "retransfer" { 120 type secondary; 121 primaries { 10.53.0.2; }; 122 inline-signing yes; 123 dnssec-policy inline; 124 file "retransfer.bk"; 125 }; 126 127 zone "nsec3" { 128 type primary; 129 inline-signing yes; 130 dnssec-policy nsec3; 131 allow-update { any; }; 132 file "nsec3.db"; 133 }; 134 135 zone "externalkey" { 136 type primary; 137 inline-signing yes; 138 dnssec-policy external; 139 allow-update { any; }; 140 file "externalkey.db"; 141 }; 142 143 zone "nokeys" { 144 type secondary; 145 primaries { 10.53.0.2; }; 146 inline-signing yes; 147 dnssec-policy insecure; 148 file "nokeys.bk"; 149 }; 150 151 zone "removedkeys-primary" { 152 type primary; 153 inline-signing yes; 154 dnssec-policy inline; 155 allow-update { any; }; 156 also-notify { 10.53.0.2; }; 157 file "removedkeys-primary.db"; 158 }; 159 160 zone "removedkeys-secondary" { 161 type secondary; 162 primaries { 10.53.0.2; }; 163 inline-signing yes; 164 dnssec-policy inline; 165 file "removedkeys-secondary.bk"; 166 }; 167 168 zone "unsupported" { 169 type primary; 170 file "unsupported.db"; 171 inline-signing yes; 172 dnssec-policy inline; 173 }; 174 175 include "delayedkeys.conf"; 176
Indexes created Wed Mar 04 05:31:52 UTC 2026