61 lines
1.4 KiB
Plaintext
61 lines
1.4 KiB
Plaintext
/*
|
|
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
*
|
|
* See the COPYRIGHT file distributed with this work for additional
|
|
* information regarding copyright ownership.
|
|
*/
|
|
|
|
// NS4
|
|
|
|
options {
|
|
query-source address 10.53.0.4 dscp 1;
|
|
notify-source 10.53.0.4 dscp 2;
|
|
transfer-source 10.53.0.4 dscp 3;
|
|
port @PORT@;
|
|
pid-file "named.pid";
|
|
listen-on { 10.53.0.4; };
|
|
listen-on-v6 { none; };
|
|
recursion yes;
|
|
dnssec-enable yes;
|
|
dnssec-validation yes;
|
|
dnssec-must-be-secure mustbesecure.example yes;
|
|
minimal-responses no;
|
|
|
|
nta-lifetime 12s;
|
|
nta-recheck 9s;
|
|
|
|
validate-except { corp; };
|
|
|
|
# Note: We only reference the bind.keys file here to confirm that it
|
|
# is *not* being used. It contains the real root key, and we're
|
|
# using a local toy root zone for the tests, so it wouldn't work.
|
|
# But since dnssec-validation is set to "yes" not "auto", that
|
|
# won't matter.
|
|
bindkeys-file "../../../../../bind.keys";
|
|
};
|
|
|
|
key rndc_key {
|
|
secret "1234abcd8765";
|
|
algorithm hmac-sha256;
|
|
};
|
|
|
|
controls {
|
|
inet 10.53.0.4 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
|
|
};
|
|
|
|
zone "." {
|
|
type hint;
|
|
file "../../common/root.hint";
|
|
};
|
|
|
|
zone "corp" {
|
|
type static-stub;
|
|
server-addresses { 10.53.0.2; };
|
|
};
|
|
|
|
include "trusted.conf";
|