* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
-{% set zone_names = zone_names | default([]) %}
options {
query-source address 10.53.0.2;
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
allow-transfer { any; };
- recursion no;
+ recursion yes;
dnssec-validation no;
- notify no;
+ notify yes;
};
key rndc_key {
inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
-{% for name in zone_names %}
-zone "@name@" {
- type primary;
- file "@name@.db";
- dnssec-policy default;
- inline-signing yes;
+dnssec-policy "views" {
+ keys {
+ ksk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
+ zsk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
+ };
+};
+
+zone "." {
+ type hint;
+ file "../../_common/root.hint";
+};
+
+zone "example" {
+ type primary;
+ file "example.db";
+ allow-update { any; };
+};
+
+zone "inline" {
+ type primary;
+ file "external/inline.db";
+ key-directory "external";
+ dnssec-policy views;
+ inline-signing yes;
};
-{% endfor %}
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
+{% set zone_names = zone_names | default([]) %}
options {
query-source address 10.53.0.2;
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
allow-transfer { any; };
- recursion yes;
+ recursion no;
dnssec-validation no;
- notify yes;
+ notify no;
};
key rndc_key {
inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
-dnssec-policy "views" {
- keys {
- ksk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
- zsk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
- };
-};
-
-zone "." {
- type hint;
- file "../../_common/root.hint";
-};
-
-zone "example" {
- type primary;
- file "example.db";
- allow-update { any; };
-};
-
-zone "inline" {
- type primary;
- file "external/inline.db";
- key-directory "external";
- dnssec-policy views;
- inline-signing yes;
+{% for name in zone_names %}
+zone "@name@" {
+ type primary;
+ file "@name@.db";
+ dnssec-policy default;
+ inline-signing yes;
};
+{% endfor %}
. ../conf.sh
cp -f ns2/example1.db ns2/example.db
-
-copy_setports ns1/named.conf.in ns1/named.conf
-copy_setports ns2/named1.conf.in ns2/named.conf
-copy_setports ns3/named1.conf.in ns3/named.conf
-copy_setports ns5/named.conf.in ns5/named.conf
-
#
# We remove k1 and k2 as KEYGEN is deterministic when given the
# same source of "random" data and we want different keys for
echo_i "copying in new configurations for ns2 and ns3"
rm -f ns2/named.conf ns3/named.conf ns2/example.db
cp -f ns2/example2.db ns2/example.db
-copy_setports ns2/named2.conf.in ns2/named.conf
-copy_setports ns3/named2.conf.in ns3/named.conf
+cp ns2/named2.conf ns2/named.conf
+cp ns3/named2.conf ns3/named.conf
echo_i "reloading ns2 and ns3 with rndc"
nextpart ns2/named.run >/dev/null
for i in range(50):
name = f"example{i:03}.com"
zone_names.append(name)
- templates.render("ns2/named.conf", {"zone_names": zone_names})
+ templates.render(
+ "ns2/named.conf", {"zone_names": zone_names}, template="ns2/named3.conf.j2"
+ )
shutil.copyfile("ns2/zone.db.in", f"ns2/{name}.db")
with ns2.watch_log_from_here() as watcher:
ns2.rndc("reconfig")
projects / thirdparty / bind9.git / commitdiff
