named1.conf 1.23 KB
Newer Older
David Lawrence's avatar
David Lawrence committed
1
/*
2
 * Copyright (C) 2011, 2013, 2014, 2016  Internet Systems Consortium, Inc. ("ISC")
3
 *
4 5 6
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
David Lawrence's avatar
David Lawrence committed
7 8
 */

9 10
// NS4

11 12
controls { /* empty */ };

13
options {
Evan Hunt's avatar
Evan Hunt committed
14 15 16
	query-source address 10.53.0.4 dscp 1;
	notify-source 10.53.0.4 dscp 2;
	transfer-source 10.53.0.4 dscp 3;
Andreas Gustafsson's avatar
Andreas Gustafsson committed
17
	port 5300;
18 19
	pid-file "named.pid";
	listen-on { 10.53.0.4; };
20
	listen-on-v6 { none; };
21
	recursion yes;
22
	dnssec-enable yes;
23
	dnssec-validation yes;
24
	dnssec-must-be-secure mustbesecure.example yes;
25
	minimal-responses no;
26

Evan Hunt's avatar
Evan Hunt committed
27 28 29
	nta-lifetime 10s;
	nta-recheck 7s;

Mark Andrews's avatar
Mark Andrews committed
30 31 32 33 34 35
	# Note: We only reference the bind.keys file here to confirm that it
	# is *not* being used.  It contains the real root key, and we're
	# using a local toy root zone for the tests, so it wouldn't work.
	# But since dnssec-validation is set to "yes" not "auto", that
	# won't matter.
	bindkeys-file "../../../../../bind.keys";
36 37
};

38
key rndc_key {
Mark Andrews's avatar
Mark Andrews committed
39 40
	secret "1234abcd8765";
	algorithm hmac-sha256;
41 42 43
};

controls {
Mark Andrews's avatar
Mark Andrews committed
44
	inet 10.53.0.4 port 9953 allow { any; } keys { rndc_key; };
45 46
};

47 48
zone "." {
	type hint;
49
	file "../../common/root.hint";
50 51 52
};

include "trusted.conf";