bind9/bin/tests/system/kasp/ns6/named2.conf.in

/*
 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 *
 * See the COPYRIGHT file distributed with this work for additional
 * information regarding copyright ownership.
 */

// NS6

include "policies/kasp.conf";
include "policies/csk2.conf";

options {
	query-source address 10.53.0.6;
	notify-source 10.53.0.6;
	transfer-source 10.53.0.6;
	port @PORT@;
	pid-file "named.pid";
	listen-on { 10.53.0.6; };
	listen-on-v6 { none; };
	allow-transfer { any; };
	recursion no;
};

key rndc_key {
	secret "1234abcd8765";
	algorithm hmac-sha256;
};

controls {
	inet 10.53.0.6 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};

/* These are zones that migrate to dnssec-policy. */
zone "migrate.kasp" {
	type master;
	file "migrate.kasp.db";
	allow-update { any; };
	dnssec-policy "migrate";
};

zone "migrate-nomatch-algnum.kasp" {
	type master;
	file "migrate-nomatch-algnum.kasp.db";
	allow-update { any; };
	dnssec-policy "migrate-nomatch-algnum";
};

zone "migrate-nomatch-alglen.kasp" {
	type master;
	file "migrate-nomatch-alglen.kasp.db";
	allow-update { any; };
	dnssec-policy "migrate-nomatch-alglen";
};

/*
 * Zones for testing KSK/ZSK algorithm roll.
 */
zone "step1.algorithm-roll.kasp" {
	type master;
	file "step1.algorithm-roll.kasp.db";
	dnssec-policy "ecdsa256";
};

zone "step2.algorithm-roll.kasp" {
	type master;
	file "step2.algorithm-roll.kasp.db";
	dnssec-policy "ecdsa256";
};

zone "step3.algorithm-roll.kasp" {
	type master;
	file "step3.algorithm-roll.kasp.db";
	dnssec-policy "ecdsa256";
};

zone "step4.algorithm-roll.kasp" {
	type master;
	file "step4.algorithm-roll.kasp.db";
	dnssec-policy "ecdsa256";
};

zone "step5.algorithm-roll.kasp" {
	type master;
	file "step5.algorithm-roll.kasp.db";
	dnssec-policy "ecdsa256";
};

zone "step6.algorithm-roll.kasp" {
	type master;
	file "step6.algorithm-roll.kasp.db";
	dnssec-policy "ecdsa256";
};

/*
 * Zones for testing CSK algorithm roll.
 */
zone "step1.csk-algorithm-roll.kasp" {
	type master;
	file "step1.csk-algorithm-roll.kasp.db";
	dnssec-policy "csk-algoroll";
};

zone "step2.csk-algorithm-roll.kasp" {
	type master;
	file "step2.csk-algorithm-roll.kasp.db";
	dnssec-policy "csk-algoroll";
};

zone "step3.csk-algorithm-roll.kasp" {
	type master;
	file "step3.csk-algorithm-roll.kasp.db";
	dnssec-policy "csk-algoroll";
};

zone "step4.csk-algorithm-roll.kasp" {
	type master;
	file "step4.csk-algorithm-roll.kasp.db";
	dnssec-policy "csk-algoroll";
};

zone "step5.csk-algorithm-roll.kasp" {
	type master;
	file "step5.csk-algorithm-roll.kasp.db";
	dnssec-policy "csk-algoroll";
};

zone "step6.csk-algorithm-roll.kasp" {
	type master;
	file "step6.csk-algorithm-roll.kasp.db";
	dnssec-policy "csk-algoroll";
};