ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
Files
3dff3eac0aec61ba11afd357220630a4d679b75b
bind9/bin/tests/system/nsupdate/ns9/named.conf.in
Evan Hunt 0b09ee8cdc explicitly set dnssec-validation in system tests 
the default value of dnssec-validation is 'auto', which causes
a server to send a key refresh query to the root zone when starting
up. this is undesirable behavior in system tests, so this commit
sets dnssec-validation to either 'yes' or 'no' in all tests where
it had not previously been set.

this change had the mostly-harmless side effect of changing the cached
trust level of unvalidated answer data from 'answer' to 'authanswer',
which caused a few test cases in which dumped cache data was examined in
the serve-stale system test to fail. those test cases have now been
updated to expect 'authanswer'.
2023-06-26 13:41:56 -07:00

66 lines
1.4 KiB
Plaintext
Raw Blame History

/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* SPDX-License-Identifier: MPL-2.0
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
options {
query-source address 10.53.0.9;
notify-source 10.53.0.9;
transfer-source 10.53.0.9;
port @PORT@;
pid-file "named.pid";
session-keyfile "session.key";
listen-on { 10.53.0.9; };
recursion no;
notify yes;
minimal-responses no;
dnssec-validation no;
@TKEY_CONFIGURATION@
};
key rndc_key {
secret "1234abcd8765";
algorithm @DEFAULT_HMAC@;
};
key subkey {
secret "1234abcd8765";
algorithm @DEFAULT_HMAC@;
};
controls {
inet 10.53.0.9 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
zone "in-addr.arpa" {
type primary;
file "in-addr.db";
update-policy { grant EXAMPLE.COM ms-subdomain . PTR; };
};
zone "example.com" {
type primary;
file "example.com.db";
update-policy {
grant EXAMPLE.COM ms-self . ANY;
grant EXAMPLE.COM ms-subdomain _tcp.example.com SRV;
};
};
zone "denyname.example" {
type primary;
file "denyname.example.db";
update-policy {
deny subkey name denyname.example;
grant subkey subdomain denyname.example;
};
};
View Git Blame Copy Permalink