* information regarding copyright ownership.
*/
-// NS6
-
-include "policies/kasp.conf";
-include "policies/csk2.conf";
+// NS3
options {
- query-source address 10.53.0.6;
- notify-source 10.53.0.6;
- transfer-source 10.53.0.6;
+ query-source address 10.53.0.3;
+ notify-source 10.53.0.3;
+ transfer-source 10.53.0.3;
port @PORT@;
pid-file "named.pid";
- listen-on { 10.53.0.6; };
+ listen-on { 10.53.0.3; };
listen-on-v6 { none; };
allow-transfer { any; };
recursion no;
+ dnssec-policy "rsasha256";
dnssec-validation no;
};
key rndc_key {
- secret "1234abcd8765";
- algorithm @DEFAULT_HMAC@;
+ secret "1234abcd8765";
+ algorithm @DEFAULT_HMAC@;
};
controls {
- inet 10.53.0.6 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+ inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
zone "." {
type hint;
file "../../_common/root.hint.blackhole";
};
-
-zone example {
- type primary;
- file "example.db";
- dnssec-policy modified;
-};
* information regarding copyright ownership.
*/
-// NS3
-
-include "policies/kasp.conf";
-include "policies/autosign.conf";
-
-options {
- query-source address 10.53.0.3;
- notify-source 10.53.0.3;
- transfer-source 10.53.0.3;
- port @PORT@;
- pid-file "named.pid";
- listen-on { 10.53.0.3; };
- listen-on-v6 { none; };
- allow-transfer { any; };
- recursion no;
- dnssec-policy "rsasha256";
- dnssec-validation no;
-};
-
-key rndc_key {
- secret "1234abcd8765";
- algorithm @DEFAULT_HMAC@;
-};
-
-controls {
- inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
-};
-
-zone "." {
- type hint;
- file "../../_common/root.hint.blackhole";
-};
-
/* Zones that are getting initially signed */
/* The default case: No keys created, using default policy. */
};
/* A zone with special characters. */
-zone "i-am.\":\;?&[]\@!\$*+,|=\.\(\)special.kasp." {
+zone {% raw %}"i-am.\":\;?&[]\@!\$*+,|=\.\(\)special.kasp."{% endraw %} {
type primary;
file "i-am.special.kasp.db";
check-names ignore;
* information regarding copyright ownership.
*/
-// NS3
-
-include "named-fips.conf";
-
zone "rsasha1.kasp" {
type primary;
file "rsasha1.kasp.db";
* information regarding copyright ownership.
*/
+include "policies/autosign.conf";
include "policies/kasp-fips.conf";
+include "named-common.conf";
+include "named-fips.conf";
-dnssec-policy "rsasha1" {
- signatures-refresh P5D;
- signatures-validity 30d;
- signatures-validity-dnskey 30d;
-
- keys {
- ksk lifetime unlimited algorithm rsasha1;
- zsk lifetime unlimited algorithm rsasha1;
- };
-
- dnskey-ttl 1h;
- publish-safety PT1H;
- retire-safety 2h;
- zone-propagation-delay 3600;
- max-zone-ttl 6h;
- parent-propagation-delay pt1h;
- parent-ds-ttl 7200;
-};
+{% if RSASHA1_SUPPORTED == "1" %}
+include "policies/kasp-rsasha1.conf";
+include "named-rsasha1.conf";
+{% endif %}
* information regarding copyright ownership.
*/
-include "policies/kasp-fips.conf";
-
dnssec-policy "rsasha1" {
dnskey-ttl 1234;
+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * SPDX-License-Identifier: MPL-2.0
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-dnssec-policy "csk-algoroll" {
- signatures-refresh P5D;
- signatures-validity 30d;
- signatures-validity-dnskey 30d;
-
- keys {
- csk lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
- };
-
- dnskey-ttl 1h;
- publish-safety PT1H;
- retire-safety 2h;
- zone-propagation-delay 3600;
- max-zone-ttl 6h;
- parent-propagation-delay pt1h;
- parent-ds-ttl 7200;
-};
* information regarding copyright ownership.
*/
-dnssec-policy "nsec3" {
- nsec3param iterations 0 optout no salt-length 0;
-};
-
dnssec-policy "modified" {
keys {
csk lifetime unlimited algorithm rsasha256 2048;
};
};
-
-dnssec-policy "unlimited-lifetime" {
- keys {
- csk lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
- };
-};
-dnssec-policy "short-lifetime" {
- keys {
- csk lifetime P6M algorithm @DEFAULT_ALGORITHM@;
- };
-};
-
-dnssec-policy "long-lifetime" {
- keys {
- csk lifetime P1Y algorithm @DEFAULT_ALGORITHM@;
- };
-};
mkdir keys
mkdir ns3/keys
-copy_setports ns2/named.conf.in ns2/named.conf
-if [ $RSASHA1_SUPPORTED = 0 ]; then
- copy_setports ns3/named-fips.conf.in ns3/named.conf
-else
- copy_setports ns3/named-fips.conf.in ns3/named-fips.conf
- copy_setports ns3/named.conf.in ns3/named.conf
-fi
-copy_setports ns4/named.conf.in ns4/named.conf
-copy_setports ns5/named.conf.in ns5/named.conf
-copy_setports ns6/named.conf.in ns6/named.conf
-
-copy_setports ns3/policies/autosign.conf.in ns3/policies/autosign.conf
-copy_setports ns3/policies/kasp-fips.conf.in ns3/policies/kasp-fips.conf
-copy_setports ns3/policies/kasp.conf.in ns3/policies/kasp.conf
-if [ $RSASHA1_SUPPORTED = 0 ]; then
- cp ns3/policies/kasp-fips.conf ns3/policies/kasp.conf
-fi
-
-copy_setports ns6/policies/csk1.conf.in ns6/policies/csk1.conf
-copy_setports ns6/policies/csk2.conf.in ns6/policies/csk2.conf
-copy_setports ns6/policies/kasp-fips.conf.in ns6/policies/kasp-fips.conf
-copy_setports ns6/policies/kasp.conf.in ns6/policies/kasp.conf
-if [ $RSASHA1_SUPPORTED = 0 ]; then
- cp ns6/policies/kasp-fips.conf ns6/policies/kasp.conf
-fi
-
# Setup zones
(
cd ns2
"ns*/zsk",
"ns*/zsk",
"ns*/zsk/K*",
- "ns*/named-fips.conf",
+ "ns*/named*.conf",
"ns*/settime.out.*",
"ns*/signer.out.*",
"ns*/zones",
projects / thirdparty / bind9.git / commitdiff
