ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
Files
a4e4e9af05da61a4e4db6217f41fc436d5ae8b43
bind9/bin/tests/system/kasp/ns3/named.conf.in
Matthijs Mekking 2733edb2a6 Allow for key lifetime unlimited 
The keyword 'unlimited' can be used instead of PT0S which means the
same but is more comprehensible for users.

Also fix some redundant "none" parameters in the kasp test.
2020-02-07 09:30:26 -08:00

337 lines
6.8 KiB
Plaintext
Raw Blame History

/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
// NS3
include "policies/kasp.conf";
include "policies/autosign.conf";
options {
query-source address 10.53.0.3;
notify-source 10.53.0.3;
transfer-source 10.53.0.3;
port @PORT@;
pid-file "named.pid";
listen-on { 10.53.0.3; };
listen-on-v6 { none; };
allow-transfer { any; };
recursion no;
dnssec-policy "rsasha1";
};
key rndc_key {
secret "1234abcd8765";
algorithm hmac-sha256;
};
controls {
inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
/* Zones that are getting initially signed */
/* The default case: No keys created, using default policy. */
zone "default.kasp" {
type master;
file "default.kasp.db";
dnssec-policy "default";
};
/* Key lifetime unlimited. */
zone "unlimited.kasp" {
type master;
file "unlimited.kasp.db";
dnssec-policy "unlimited";
};
/* A master zone with dnssec-policy, no keys created. */
zone "rsasha1.kasp" {
type master;
file "rsasha1.kasp.db";
dnssec-policy "rsasha1";
};
/* A zone that inherits dnssec-policy. */
zone "inherit.kasp" {
type master;
file "inherit.kasp.db";
};
/* A zone that overrides dnssec-policy. */
zone "unsigned.kasp" {
type master;
file "unsigned.kasp.db";
dnssec-policy "none";
};
/* A master zone with dnssec-policy but keys already created. */
zone "dnssec-keygen.kasp" {
type master;
file "dnssec-keygen.kasp.db";
dnssec-policy "rsasha1";
};
/* A secondary zone with dnssec-policy. */
zone "secondary.kasp" {
type secondary;
masters { 10.53.0.2; };
file "secondary.kasp.db";
dnssec-policy "rsasha1";
};
/*
* A configured dnssec-policy but some keys already created.
*/
zone "some-keys.kasp" {
type master;
file "some-keys.kasp.db";
dnssec-policy "rsasha1";
};
/*
* A configured dnssec-policy but some keys already in use.
*/
zone "legacy-keys.kasp" {
type master;
file "legacy-keys.kasp.db";
dnssec-policy "rsasha1";
};
/*
* A configured dnssec-policy with (too) many keys pregenerated.
*/
zone "pregenerated.kasp" {
type master;
file "pregenerated.kasp.db";
dnssec-policy "rsasha1";
};
/*
* A configured dnssec-policy with one rumoured key.
* Bugfix case for GL #1593.
*/
zone "rumoured.kasp" {
type master;
file "rumoured.kasp.db";
dnssec-policy "rsasha1";
};
/*
* Different algorithms.
*/
zone "rsasha1-nsec3.kasp" {
type master;
file "rsasha1-nsec3.kasp.db";
dnssec-policy "rsasha1-nsec3";
};
zone "rsasha256.kasp" {
type master;
file "rsasha256.kasp.db";
dnssec-policy "rsasha256";
};
zone "rsasha512.kasp" {
type master;
file "rsasha512.kasp.db";
dnssec-policy "rsasha512";
};
zone "ecdsa256.kasp" {
type master;
file "ecdsa256.kasp.db";
dnssec-policy "ecdsa256";
};
zone "ecdsa384.kasp" {
type master;
file "ecdsa384.kasp.db";
dnssec-policy "ecdsa384";
};
/*
* Zones in different signing states.
*/
/*
* Zone that has expired signatures.
*/
zone "expired-sigs.autosign" {
type master;
file "expired-sigs.autosign.db";
dnssec-policy "autosign";
};
/*
* Zone that has valid, fresh signatures.
*/
zone "fresh-sigs.autosign" {
type master;
file "fresh-sigs.autosign.db";
dnssec-policy "autosign";
};
/*
* Zone that has unfresh signatures.
*/
zone "unfresh-sigs.autosign" {
type master;
file "unfresh-sigs.autosign.db";
dnssec-policy "autosign";
};
/*
* Zone that has missing private ZSK.
*/
zone "zsk-missing.autosign" {
type master;
file "zsk-missing.autosign.db";
dnssec-policy "autosign";
};
/*
* Zone that has inactive ZSK.
*/
zone "zsk-retired.autosign" {
type master;
file "zsk-retired.autosign.db";
dnssec-policy "autosign";
};
/*
* Zones for testing ZSK Pre-Publication steps.
*/
zone "step1.zsk-prepub.autosign" {
type master;
file "step1.zsk-prepub.autosign.db";
dnssec-policy "zsk-prepub";
};
zone "step2.zsk-prepub.autosign" {
type master;
file "step2.zsk-prepub.autosign.db";
dnssec-policy "zsk-prepub";
};
zone "step3.zsk-prepub.autosign" {
type master;
file "step3.zsk-prepub.autosign.db";
dnssec-policy "zsk-prepub";
};
zone "step4.zsk-prepub.autosign" {
type master;
file "step4.zsk-prepub.autosign.db";
dnssec-policy "zsk-prepub";
};
zone "step5.zsk-prepub.autosign" {
type master;
file "step5.zsk-prepub.autosign.db";
dnssec-policy "zsk-prepub";
};
/*
* Zones for testing KSK Double-KSK steps.
*/
zone "step1.ksk-doubleksk.autosign" {
type master;
file "step1.ksk-doubleksk.autosign.db";
dnssec-policy "ksk-doubleksk";
};
zone "step2.ksk-doubleksk.autosign" {
type master;
file "step2.ksk-doubleksk.autosign.db";
dnssec-policy "ksk-doubleksk";
};
zone "step3.ksk-doubleksk.autosign" {
type master;
file "step3.ksk-doubleksk.autosign.db";
dnssec-policy "ksk-doubleksk";
};
zone "step4.ksk-doubleksk.autosign" {
type master;
file "step4.ksk-doubleksk.autosign.db";
dnssec-policy "ksk-doubleksk";
};
zone "step5.ksk-doubleksk.autosign" {
type master;
file "step5.ksk-doubleksk.autosign.db";
dnssec-policy "ksk-doubleksk";
};
zone "step6.ksk-doubleksk.autosign" {
type master;
file "step6.ksk-doubleksk.autosign.db";
dnssec-policy "ksk-doubleksk";
};
/*
* Zones for testing CSK rollover steps.
*/
zone "step1.csk-roll.autosign" {
type master;
file "step1.csk-roll.autosign.db";
dnssec-policy "csk-roll";
};
zone "step2.csk-roll.autosign" {
type master;
file "step2.csk-roll.autosign.db";
dnssec-policy "csk-roll";
};
zone "step3.csk-roll.autosign" {
type master;
file "step3.csk-roll.autosign.db";
dnssec-policy "csk-roll";
};
zone "step4.csk-roll.autosign" {
type master;
file "step4.csk-roll.autosign.db";
dnssec-policy "csk-roll";
};
zone "step5.csk-roll.autosign" {
type master;
file "step5.csk-roll.autosign.db";
dnssec-policy "csk-roll";
};
zone "step6.csk-roll.autosign" {
type master;
file "step6.csk-roll.autosign.db";
dnssec-policy "csk-roll";
};
zone "step7.csk-roll.autosign" {
type master;
file "step7.csk-roll.autosign.db";
dnssec-policy "csk-roll";
};
zone "step1.csk-roll2.autosign" {
type master;
file "step1.csk-roll2.autosign.db";
dnssec-policy "csk-roll2";
};
zone "step2.csk-roll2.autosign" {
type master;
file "step2.csk-roll2.autosign.db";
dnssec-policy "csk-roll2";
};
zone "step3.csk-roll2.autosign" {
type master;
file "step3.csk-roll2.autosign.db";
dnssec-policy "csk-roll2";
};
zone "step4.csk-roll2.autosign" {
type master;
file "step4.csk-roll2.autosign.db";
dnssec-policy "csk-roll2";
};
zone "step5.csk-roll2.autosign" {
type master;
file "step5.csk-roll2.autosign.db";
dnssec-policy "csk-roll2";
};
zone "step6.csk-roll2.autosign" {
type master;
file "step6.csk-roll2.autosign.db";
dnssec-policy "csk-roll2";
};
View Git Blame Copy Permalink