3a2a24903c
Check for the expected error message which includes rcode REFUSED then reload the server to specify the keytab for the rest of the GSSAPI tests.
53 lines
1.3 KiB
Plaintext
53 lines
1.3 KiB
Plaintext
/*
|
|
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
*
|
|
* SPDX-License-Identifier: MPL-2.0
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
*
|
|
* See the COPYRIGHT file distributed with this work for additional
|
|
* information regarding copyright ownership.
|
|
*/
|
|
|
|
options {
|
|
query-source address 10.53.0.7;
|
|
notify-source 10.53.0.7;
|
|
transfer-source 10.53.0.7;
|
|
port @PORT@;
|
|
pid-file "named.pid";
|
|
session-keyfile "session.key";
|
|
listen-on { 10.53.0.7; };
|
|
recursion no;
|
|
notify yes;
|
|
minimal-responses no;
|
|
dnssec-validation no;
|
|
};
|
|
|
|
key rndc_key {
|
|
secret "1234abcd8765";
|
|
algorithm @DEFAULT_HMAC@;
|
|
};
|
|
|
|
controls {
|
|
inet 10.53.0.7 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
|
|
};
|
|
|
|
zone "in-addr.arpa" {
|
|
type primary;
|
|
file "in-addr.db";
|
|
update-policy { grant EXAMPLE.COM krb5-subdomain-self-rhs . PTR; };
|
|
};
|
|
|
|
zone "example.com" {
|
|
type primary;
|
|
file "example.com.db";
|
|
update-policy {
|
|
grant EXAMPLE.COM krb5-self . ANY;
|
|
grant EXAMPLE.COM krb5-subdomain _tcp.example.com SRV;
|
|
grant EXAMPLE.COM krb5-subdomain-self-rhs self-srv.example.com SRV;
|
|
grant EXAMPLE.COM krb5-subdomain-self-rhs self-srv-no-type.example.com;
|
|
};
|
|
};
|