ecc7d6b4bc
Due to the lack of "match-clients" clauses in ns4/named2.conf.in, the
same view is incorrectly chosen for all queries received by ns4 in the
"keymgr2kasp" system test. This causes only one version of the
"view-rsasha256.kasp" zone to actually be checked. Add "match-clients"
clauses to ns4/named2.conf.in to ensure the test really checks what it
claims to.
Use identical view names ("ext", "int") in ns4/named.conf.in and
ns4/named2.conf.in so that it is easier to quickly identify the
differences between these two files.
Update tests.sh to account for the above changes. Also fix a copy-paste
error in a comment to prevent confusion.
(cherry picked from commit 0de5a576c5)
86 lines
1.7 KiB
Plaintext
86 lines
1.7 KiB
Plaintext
/*
|
|
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
*
|
|
* See the COPYRIGHT file distributed with this work for additional
|
|
* information regarding copyright ownership.
|
|
*/
|
|
|
|
// NS4
|
|
|
|
options {
|
|
query-source address 10.53.0.4;
|
|
notify-source 10.53.0.4;
|
|
transfer-source 10.53.0.4;
|
|
port @PORT@;
|
|
pid-file "named.pid";
|
|
listen-on { 10.53.0.4; };
|
|
listen-on-v6 { none; };
|
|
allow-transfer { any; };
|
|
recursion no;
|
|
key-directory ".";
|
|
};
|
|
|
|
key rndc_key {
|
|
secret "1234abcd8765";
|
|
algorithm hmac-sha256;
|
|
};
|
|
|
|
controls {
|
|
inet 10.53.0.4 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
|
|
};
|
|
|
|
dnssec-policy "rsasha256" {
|
|
keys {
|
|
zsk key-directory lifetime P3M algorithm 8 1024;
|
|
ksk key-directory lifetime P1Y algorithm 8 2048;
|
|
};
|
|
|
|
dnskey-ttl 300;
|
|
publish-safety 1h;
|
|
retire-safety 1h;
|
|
|
|
signatures-refresh 5d;
|
|
signatures-validity 14d;
|
|
signatures-validity-dnskey 14d;
|
|
|
|
max-zone-ttl 1d;
|
|
zone-propagation-delay 300;
|
|
|
|
parent-ds-ttl 86400;
|
|
parent-propagation-delay 3h;
|
|
};
|
|
|
|
key "external" {
|
|
algorithm "hmac-sha1";
|
|
secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
|
|
};
|
|
|
|
key "internal" {
|
|
algorithm "hmac-sha1";
|
|
secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
|
|
};
|
|
|
|
view "ext" {
|
|
match-clients { key "external"; };
|
|
|
|
zone "view-rsasha256.kasp" {
|
|
type master;
|
|
file "view-rsasha256.kasp.ext.db";
|
|
dnssec-policy "rsasha256";
|
|
};
|
|
};
|
|
|
|
view "int" {
|
|
match-clients { key "internal"; };
|
|
|
|
zone "view-rsasha256.kasp" {
|
|
type master;
|
|
file "view-rsasha256.kasp.int.db";
|
|
dnssec-policy "rsasha256";
|
|
};
|
|
};
|