bind9/bin/tests/system/kasp/ns4/named.conf.in

/*
 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 *
 * See the COPYRIGHT file distributed with this work for additional
 * information regarding copyright ownership.
 */

// NS4

key rndc_key {
	secret "1234abcd8765";
	algorithm hmac-sha256;
};

controls {
	inet 10.53.0.4 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};

key "sha1" {
	algorithm "hmac-sha1";
	secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
};

key "sha224" {
	algorithm "hmac-sha224";
	secret "hXfwwwiag2QGqblopofai9NuW28q/1rH4CaTnA==";
};

key "sha256" {
	algorithm "hmac-sha256";
	secret "R16NojROxtxH/xbDl//ehDsHm5DjWTQ2YXV+hGC2iBY=";
};

key "keyforview1" {
	algorithm "hmac-sha1";
	secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
};

key "keyforview2" {
	algorithm "hmac-sha1";
	secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
};

dnssec-policy "test" {
	keys {
		csk key-directory lifetime 0 algorithm 14;
	};
};

options {
	query-source address 10.53.0.4;
	port @PORT@;
	pid-file "named.pid";
	listen-on { 10.53.0.4; };
	listen-on-v6 { none; };
	recursion no;
	dnssec-policy "test";
};

view "inherit" {
	match-clients { key "sha1"; };

	/* Inherit dnssec-policy 'test' */
	zone "inherit.inherit.signed" {
		type master;
		file "inherit.inherit.signed.db";
	};

	/* Override dnssec-policy */
	zone "override.inherit.signed" {
		type master;
		dnssec-policy "default";
		file "override.inherit.signed.db";
	};

	/* Unset dnssec-policy */
	zone "none.inherit.signed" {
		type master;
		dnssec-policy "none";
		file "none.inherit.signed.db";
	};
};

view "override" {
	match-clients { key "sha224"; };
	dnssec-policy "default";

	/* Inherit dnssec-policy 'test' */
	zone "inherit.override.signed" {
		type master;
		file "inherit.override.signed.db";
	};

	/* Override dnssec-policy */
	zone "override.override.signed" {
		type master;
		dnssec-policy "test";
		file "override.override.signed.db";
	};

	/* Unset dnssec-policy */
	zone "none.override.signed" {
		type master;
		dnssec-policy "none";
		file "none.override.signed.db";
	};
};

view "none" {
	match-clients { key "sha256"; };
	dnssec-policy "none";

	/* Inherit dnssec-policy 'none' */
	zone "inherit.none.signed" {
		type master;
		file "inherit.none.signed.db";
	};

	/* Override dnssec-policy */
	zone "override.none.signed" {
		type master;
		dnssec-policy "test";
		file "override.none.signed.db";
	};

	/* Unset dnssec-policy */
	zone "none.none.signed" {
		type master;
		dnssec-policy "none";
		file "none.none.signed.db";
	};
};

view "example1" {
	match-clients { key "keyforview1"; };

	zone "example.net" {
		type master;
		file "example1.db";
	};
};

view "example2" {
	match-clients { key "keyforview2"; };

	zone "example.net" {
		type master;
		file "example2.db";
	};
};