named.conf.in 3.14 KB
Newer Older
1
/*
2
 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
3
 *
4 5 6
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
7 8 9
 *
 * See the COPYRIGHT file distributed with this work for additional
 * information regarding copyright ownership.
10 11
 */

12
// NS3
13

14 15
include "../../common/rndc.key";

Evan Hunt's avatar
Evan Hunt committed
16 17 18
controls {
	inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
19 20 21 22 23

options {
	query-source address 10.53.0.3;
	notify-source 10.53.0.3;
	transfer-source 10.53.0.3;
Evan Hunt's avatar
Evan Hunt committed
24
	port @PORT@;
25
	pid-file "named.pid";
Matthijs Mekking's avatar
Matthijs Mekking committed
26
	session-keyfile "session.key";
27 28 29 30 31 32
	listen-on { 10.53.0.3; };
	listen-on-v6 { none; };
	recursion no;
	notify yes;
	try-tcp-refresh no;
	notify-delay 0;
33
	allow-new-zones yes;
34 35 36 37 38 39 40 41 42
};

zone "bits" {
	type slave;
	masters { 10.53.0.2; };
	inline-signing yes;
	auto-dnssec maintain;
	allow-update-forwarding { any; };
	file "bits.bk";
43
	sig-signing-signatures 1;	// force incremental processing
44 45 46 47 48 49 50 51 52 53 54 55
};

server 10.53.0.4 { request-ixfr no; };

zone "noixfr" {
	type slave;
	masters { 10.53.0.4; };
	inline-signing yes;
	auto-dnssec maintain;
	allow-update-forwarding { any; };
	file "noixfr.bk";
};
56 57 58 59 60 61

zone "master" {
	type master;
	inline-signing yes;
	auto-dnssec maintain;
	file "master.db";
62 63 64 65
	notify explicit;
	also-notify {
		10.53.0.3;
	};
66 67 68 69 70 71 72 73 74
};

zone "dynamic" {
	type master;
	inline-signing yes;
	auto-dnssec maintain;
	allow-update { any; };
	file "dynamic.db";
};
75 76 77 78 79 80 81 82

zone "updated" {
	type master;
	inline-signing yes;
	auto-dnssec maintain;
	allow-update { none; };
	file "updated.db";
};
83 84 85 86 87 88 89 90

zone "expired" {
	type master;
	inline-signing yes;
	auto-dnssec maintain;
	allow-update { any; };
	file "expired.db";
};
91 92 93 94 95 96 97 98

zone "retransfer" {
	type slave;
	masters { 10.53.0.2; };
	inline-signing yes;
	auto-dnssec maintain;
	file "retransfer.bk";
};
99 100 101 102 103 104 105 106

zone "nsec3" {
	type master;
	inline-signing yes;
	auto-dnssec maintain;
	allow-update { any; };
	file "nsec3.db";
};
107 108 109 110 111 112 113 114

zone "externalkey" {
	type master;
	inline-signing yes;
	auto-dnssec maintain;
	allow-update { any; };
	file "externalkey.db";
};
115 116 117 118 119 120 121 122

zone "retransfer3" {
	type slave;
	masters { 10.53.0.2; };
	inline-signing yes;
	auto-dnssec maintain;
	file "retransfer3.bk";
};
123

124 125 126 127 128 129 130 131 132
zone "inactiveksk" {
	type slave;
	masters { 10.53.0.2; };
	inline-signing yes;
	auto-dnssec maintain;
	dnssec-dnskey-kskonly yes;
	file "inactiveksk.bk";
};

133 134 135 136 137 138 139
zone "inactivezsk" {
	type slave;
	masters { 10.53.0.2; };
	inline-signing yes;
	auto-dnssec maintain;
	file "inactivezsk.bk";
};
140 141 142 143 144 145 146 147 148

zone "nokeys" {
	type slave;
	masters { 10.53.0.2; };
	inline-signing yes;
	auto-dnssec maintain;
	file "nokeys.bk";
};

149 150 151 152 153 154 155
zone "delayedkeys" {
	type master;
	inline-signing yes;
	auto-dnssec maintain;
	file "delayedkeys.db";
};

156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171
zone "removedkeys-primary" {
	type master;
	inline-signing yes;
	auto-dnssec maintain;
	allow-update { any; };
	also-notify { 10.53.0.2; };
	file "removedkeys-primary.db";
};

zone "removedkeys-secondary" {
	type slave;
	masters { 10.53.0.2; };
	inline-signing yes;
	auto-dnssec maintain;
	file "removedkeys-secondary.bk";
};
172 173 174 175 176 177 178

zone "unsupported" {
	type master;
	file "unsupported.db";
	inline-signing yes;
	auto-dnssec maintain;
};