zone "example1" {
type primary;
file "example1.db";
+ inline-signing yes;
};
zone "example2" {
type primary;
file "example2.db";
+ allow-update {
+ "any";
+ };
dnssec-policy "test";
};
zone "example3" {
type primary;
file "example3.db";
+ inline-signing yes;
dnssec-policy "default";
};
zone "dnssec-policy-none-shared-zonefile1" {
type primary;
file "localhost/example.com.zone";
dnssec-policy "localhost";
+ inline-signing yes;
};
};
type primary;
file "external/example.com.zone";
dnssec-policy "internet";
+ inline-signing yes;
};
};
type primary;
file "internal/example.com.zone";
dnssec-policy "intranet";
+ inline-signing yes;
};
};
zone "clone" {
type primary;
file "yyy";
+ inline-signing yes;
max-ixfr-ratio unlimited;
};
dnssec-validation auto;
zone "p" {
type primary;
file "pfile";
+ inline-signing yes;
};
zone "s" {
type secondary;
+ file "sfile";
+ inline-signing yes;
primaries {
1.2.3.4;
};
zone "dnssec-test" {
type primary;
file "dnssec-test.db";
+ inline-signing yes;
parental-agents {
1.2.3.4;
1.2.3.5;
zone "dnssec-default" {
type primary;
file "dnssec-default.db";
+ inline-signing yes;
parental-agents {
"parents";
};
zone "dnssec-inherit" {
type primary;
file "dnssec-inherit.db";
+ inline-signing yes;
};
zone "dnssec-none" {
type primary;
zone "dnssec-view1" {
type primary;
file "dnssec-view41.db";
+ inline-signing yes;
dnssec-policy "test";
};
zone "dnssec-view2" {
type primary;
file "dnssec-view42.db";
+ inline-signing yes;
};
zone "dnssec-view3" {
type primary;
zone "dnssec-view1" {
type primary;
file "dnssec-view51.db";
+ inline-signing yes;
dnssec-policy "test";
};
zone "dnssec-view2" {
type primary;
file "dnssec-view52.db";
+ inline-signing yes;
dnssec-policy "test";
key-directory "keys";
};
zone "dnssec-view3" {
type primary;
file "dnssec-view53.db";
+ inline-signing yes;
dnssec-policy "default";
key-directory "keys";
};
zone "hostname.bind" chaos {
type primary;
database "_builtin hostname";
+ inline-signing yes;
};
};
dyndb "name" "library.so" {
sig-validity-interval 3600;
update-check-ksk yes;
};
-
type primary;
file "example.db";
dnssec-policy "default";
+ inline-signing yes;
};
zone "sigrefresh.example.net" {
type primary;
file "sigrefresh.example.db";
+ inline-signing yes;
dnssec-policy "bad-sigrefresh";
};
zone "dnskey.example.net" {
type primary;
file "dnskey.example.db";
+ inline-signing yes;
dnssec-policy "bad-sigrefresh-dnskey";
};
type primary;
file "example.db";
dnssec-policy "warn-length";
+ inline-signing yes;
};
zone "warn1.example.net" {
type primary;
file "warn1.example.db";
+ inline-signing yes;
dnssec-policy "warn1";
};
zone "warn2.example.net" {
type primary;
file "warn2.example.db";
+ inline-signing yes;
dnssec-policy "warn2";
};
zone "warn3.example.net" {
type primary;
file "warn3.example.db";
+ inline-signing yes;
dnssec-policy "warn3";
};
echo_i "checking named-checkconf kasp errors ($n)"
ret=0
$CHECKCONF kasp-and-other-dnssec-options.conf > checkconf.out$n 2>&1 && ret=1
-grep "'inline-signing;' cannot be set to 'no' if dnssec-policy is also set on a non-dynamic DNS zone" < checkconf.out$n > /dev/null || ret=1
+grep "'dnssec-policy;' requires dynamic DNS or inline-signing to be configured for the zone" < checkconf.out$n > /dev/null || ret=1
grep "'auto-dnssec maintain;' cannot be configured if dnssec-policy is also set" < checkconf.out$n > /dev/null || ret=1
grep "dnskey-sig-validity: cannot be configured if dnssec-policy is also set" < checkconf.out$n > /dev/null || ret=1
grep "dnssec-dnskey-kskonly: cannot be configured if dnssec-policy is also set" < checkconf.out$n > /dev/null || ret=1
zone "dspublished.checkds" {
type primary;
file "dspublished.checkds.db";
+ inline-signing yes;
dnssec-policy "default";
parental-agents { 10.53.0.2 port @PORT@; };
};
zone "reference.checkds" {
type primary;
file "reference.checkds.db";
+ inline-signing yes;
dnssec-policy "default";
parental-agents { "ns2"; };
};
zone "missing-dspublished.checkds" {
type primary;
file "missing-dspublished.checkds.db";
+ inline-signing yes;
dnssec-policy "default";
parental-agents {
10.53.0.5 port @PORT@; // missing
zone "bad-dspublished.checkds" {
type primary;
file "bad-dspublished.checkds.db";
+ inline-signing yes;
dnssec-policy "default";
parental-agents {
10.53.0.6 port @PORT@; // bad
zone "multiple-dspublished.checkds" {
type primary;
file "multiple-dspublished.checkds.db";
+ inline-signing yes;
dnssec-policy "default";
parental-agents {
10.53.0.2 port @PORT@;
zone "incomplete-dspublished.checkds" {
type primary;
file "incomplete-dspublished.checkds.db";
+ inline-signing yes;
dnssec-policy "default";
parental-agents {
10.53.0.2 port @PORT@;
zone "bad2-dspublished.checkds" {
type primary;
file "bad2-dspublished.checkds.db";
+ inline-signing yes;
dnssec-policy "default";
parental-agents {
10.53.0.2 port @PORT@;
zone "dswithdrawn.checkds" {
type primary;
file "dswithdrawn.checkds.db";
+ inline-signing yes;
dnssec-policy "insecure";
parental-agents { 10.53.0.5 port @PORT@; };
};
zone "missing-dswithdrawn.checkds" {
type primary;
file "missing-dswithdrawn.checkds.db";
+ inline-signing yes;
dnssec-policy "insecure";
parental-agents {
10.53.0.2 port @PORT@; // still published
zone "bad-dswithdrawn.checkds" {
type primary;
file "bad-dswithdrawn.checkds.db";
+ inline-signing yes;
dnssec-policy "insecure";
parental-agents {
10.53.0.6 port @PORT@; // bad
zone "multiple-dswithdrawn.checkds" {
type primary;
file "multiple-dswithdrawn.checkds.db";
+ inline-signing yes;
dnssec-policy "insecure";
parental-agents {
10.53.0.5 port @PORT@;
zone "incomplete-dswithdrawn.checkds" {
type primary;
file "incomplete-dswithdrawn.checkds.db";
+ inline-signing yes;
dnssec-policy "insecure";
parental-agents {
10.53.0.2 port @PORT@; // still published
zone "bad2-dswithdrawn.checkds" {
type primary;
file "bad2-dswithdrawn.checkds.db";
+ inline-signing yes;
dnssec-policy "insecure";
parental-agents {
10.53.0.5 port @PORT@;
zone "signed.tld" {
type primary;
- dnssec-policy "default";
file "signed.tld.db";
+ dnssec-policy "default";
+ inline-signing yes;
};
/* Primary service for ns3 */
zone "ed25519.kasp" {
type primary;
file "ed25519.kasp.db";
+ inline-signing yes;
dnssec-policy "ed25519";
};
zone "ed448.kasp" {
type primary;
file "ed448.kasp.db";
+ inline-signing yes;
dnssec-policy "ed448";
};
zone "default.kasp" {
type primary;
file "default.kasp.db";
+ inline-signing yes;
dnssec-policy "default";
};
zone "checkds-ksk.kasp" {
type primary;
file "checkds-ksk.kasp.db";
+ inline-signing yes;
dnssec-policy "checkds-ksk";
};
zone "checkds-doubleksk.kasp" {
type primary;
file "checkds-doubleksk.kasp.db";
+ inline-signing yes;
dnssec-policy "checkds-doubleksk";
};
zone "checkds-csk.kasp" {
type primary;
file "checkds-csk.kasp.db";
+ inline-signing yes;
dnssec-policy "checkds-csk";
};
zone "unlimited.kasp" {
type primary;
file "unlimited.kasp.db";
+ inline-signing yes;
dnssec-policy "unlimited";
};
zone "manual-rollover.kasp" {
type primary;
file "manual-rollover.kasp.db";
+ inline-signing yes;
dnssec-policy "manual-rollover";
};
/* A zone that inherits dnssec-policy. */
zone "inherit.kasp" {
type primary;
+ inline-signing yes;
file "inherit.kasp.db";
};
zone "unsigned.kasp" {
type primary;
file "unsigned.kasp.db";
+ inline-signing yes;
dnssec-policy "none";
};
zone "insecure.kasp" {
type primary;
file "insecure.kasp.db";
+ inline-signing yes;
dnssec-policy "insecure";
};
zone "dnssec-keygen.kasp" {
type primary;
file "dnssec-keygen.kasp.db";
+ inline-signing yes;
dnssec-policy "rsasha256";
};
type secondary;
primaries { 10.53.0.2; };
file "secondary.kasp.db";
+ inline-signing yes;
dnssec-policy "rsasha256";
};
zone "some-keys.kasp" {
type primary;
file "some-keys.kasp.db";
+ inline-signing yes;
dnssec-policy "rsasha256";
};
zone "legacy-keys.kasp" {
type primary;
file "legacy-keys.kasp.db";
+ inline-signing yes;
dnssec-policy "migrate-to-dnssec-policy";
};
zone "pregenerated.kasp" {
type primary;
file "pregenerated.kasp.db";
+ inline-signing yes;
dnssec-policy "rsasha256";
};
zone "rumoured.kasp" {
type primary;
file "rumoured.kasp.db";
+ inline-signing yes;
dnssec-policy "rsasha256";
};
zone "rsasha256.kasp" {
type primary;
file "rsasha256.kasp.db";
+ inline-signing yes;
dnssec-policy "rsasha256";
};
zone "rsasha512.kasp" {
type primary;
file "rsasha512.kasp.db";
+ inline-signing yes;
dnssec-policy "rsasha512";
};
zone "ecdsa256.kasp" {
type primary;
file "ecdsa256.kasp.db";
+ inline-signing yes;
dnssec-policy "ecdsa256";
};
zone "ecdsa384.kasp" {
type primary;
file "ecdsa384.kasp.db";
+ inline-signing yes;
dnssec-policy "ecdsa384";
};
zone "max-zone-ttl.kasp" {
type primary;
file "max-zone-ttl.kasp.db";
+ inline-signing yes;
dnssec-policy "ttl";
};
zone "expired-sigs.autosign" {
type primary;
file "expired-sigs.autosign.db";
+ inline-signing yes;
dnssec-policy "autosign";
};
zone "fresh-sigs.autosign" {
type primary;
file "fresh-sigs.autosign.db";
+ inline-signing yes;
dnssec-policy "autosign";
};
zone "unfresh-sigs.autosign" {
type primary;
file "unfresh-sigs.autosign.db";
+ inline-signing yes;
dnssec-policy "autosign";
};
zone "ksk-missing.autosign" {
type primary;
file "ksk-missing.autosign.db";
+ inline-signing yes;
dnssec-policy "autosign";
};
zone "zsk-missing.autosign" {
type primary;
file "zsk-missing.autosign.db";
+ inline-signing yes;
dnssec-policy "autosign";
};
zone "zsk-retired.autosign" {
type primary;
file "zsk-retired.autosign.db";
+ inline-signing yes;
dnssec-policy "autosign";
};
zone "step1.enable-dnssec.autosign" {
type primary;
file "step1.enable-dnssec.autosign.db";
+ inline-signing yes;
dnssec-policy "enable-dnssec";
};
zone "step2.enable-dnssec.autosign" {
type primary;
file "step2.enable-dnssec.autosign.db";
+ inline-signing yes;
dnssec-policy "enable-dnssec";
};
zone "step3.enable-dnssec.autosign" {
type primary;
file "step3.enable-dnssec.autosign.db";
+ inline-signing yes;
dnssec-policy "enable-dnssec";
};
zone "step4.enable-dnssec.autosign" {
type primary;
file "step4.enable-dnssec.autosign.db";
+ inline-signing yes;
dnssec-policy "enable-dnssec";
};
zone "step1.zsk-prepub.autosign" {
type primary;
file "step1.zsk-prepub.autosign.db";
+ inline-signing yes;
dnssec-policy "zsk-prepub";
};
zone "step2.zsk-prepub.autosign" {
type primary;
file "step2.zsk-prepub.autosign.db";
+ inline-signing yes;
dnssec-policy "zsk-prepub";
};
zone "step3.zsk-prepub.autosign" {
type primary;
file "step3.zsk-prepub.autosign.db";
+ inline-signing yes;
dnssec-policy "zsk-prepub";
};
zone "step4.zsk-prepub.autosign" {
type primary;
file "step4.zsk-prepub.autosign.db";
+ inline-signing yes;
dnssec-policy "zsk-prepub";
};
zone "step5.zsk-prepub.autosign" {
type primary;
file "step5.zsk-prepub.autosign.db";
+ inline-signing yes;
dnssec-policy "zsk-prepub";
};
zone "step6.zsk-prepub.autosign" {
type primary;
file "step6.zsk-prepub.autosign.db";
+ inline-signing yes;
dnssec-policy "zsk-prepub";
};
zone "step1.ksk-doubleksk.autosign" {
type primary;
file "step1.ksk-doubleksk.autosign.db";
+ inline-signing yes;
dnssec-policy "ksk-doubleksk";
};
zone "step2.ksk-doubleksk.autosign" {
type primary;
file "step2.ksk-doubleksk.autosign.db";
+ inline-signing yes;
dnssec-policy "ksk-doubleksk";
};
zone "step3.ksk-doubleksk.autosign" {
type primary;
file "step3.ksk-doubleksk.autosign.db";
+ inline-signing yes;
dnssec-policy "ksk-doubleksk";
};
zone "step4.ksk-doubleksk.autosign" {
type primary;
file "step4.ksk-doubleksk.autosign.db";
+ inline-signing yes;
dnssec-policy "ksk-doubleksk";
};
zone "step5.ksk-doubleksk.autosign" {
type primary;
file "step5.ksk-doubleksk.autosign.db";
+ inline-signing yes;
dnssec-policy "ksk-doubleksk";
};
zone "step6.ksk-doubleksk.autosign" {
type primary;
file "step6.ksk-doubleksk.autosign.db";
+ inline-signing yes;
dnssec-policy "ksk-doubleksk";
};
zone "step1.csk-roll.autosign" {
type primary;
file "step1.csk-roll.autosign.db";
+ inline-signing yes;
dnssec-policy "csk-roll";
};
zone "step2.csk-roll.autosign" {
type primary;
file "step2.csk-roll.autosign.db";
+ inline-signing yes;
dnssec-policy "csk-roll";
};
zone "step3.csk-roll.autosign" {
type primary;
file "step3.csk-roll.autosign.db";
+ inline-signing yes;
dnssec-policy "csk-roll";
};
zone "step4.csk-roll.autosign" {
type primary;
file "step4.csk-roll.autosign.db";
+ inline-signing yes;
dnssec-policy "csk-roll";
};
zone "step5.csk-roll.autosign" {
type primary;
file "step5.csk-roll.autosign.db";
+ inline-signing yes;
dnssec-policy "csk-roll";
};
zone "step6.csk-roll.autosign" {
type primary;
file "step6.csk-roll.autosign.db";
+ inline-signing yes;
dnssec-policy "csk-roll";
};
zone "step7.csk-roll.autosign" {
type primary;
file "step7.csk-roll.autosign.db";
+ inline-signing yes;
dnssec-policy "csk-roll";
};
zone "step8.csk-roll.autosign" {
type primary;
file "step8.csk-roll.autosign.db";
+ inline-signing yes;
dnssec-policy "csk-roll";
};
zone "step1.csk-roll2.autosign" {
type primary;
file "step1.csk-roll2.autosign.db";
+ inline-signing yes;
dnssec-policy "csk-roll2";
};
zone "step2.csk-roll2.autosign" {
type primary;
file "step2.csk-roll2.autosign.db";
+ inline-signing yes;
dnssec-policy "csk-roll2";
};
zone "step3.csk-roll2.autosign" {
type primary;
file "step3.csk-roll2.autosign.db";
+ inline-signing yes;
dnssec-policy "csk-roll2";
};
zone "step4.csk-roll2.autosign" {
type primary;
file "step4.csk-roll2.autosign.db";
+ inline-signing yes;
dnssec-policy "csk-roll2";
};
zone "step5.csk-roll2.autosign" {
type primary;
file "step5.csk-roll2.autosign.db";
+ inline-signing yes;
dnssec-policy "csk-roll2";
};
zone "step6.csk-roll2.autosign" {
type primary;
file "step6.csk-roll2.autosign.db";
+ inline-signing yes;
dnssec-policy "csk-roll2";
};
zone "step7.csk-roll2.autosign" {
type primary;
file "step7.csk-roll2.autosign.db";
+ inline-signing yes;
dnssec-policy "csk-roll2";
};
zone "rsasha1.kasp" {
type primary;
file "rsasha1.kasp.db";
+ inline-signing yes;
dnssec-policy "rsasha1";
};
zone "rsasha1-nsec3.kasp" {
type primary;
file "rsasha1-nsec3.kasp.db";
+ inline-signing yes;
dnssec-policy "rsasha1-nsec3";
};
zone "inherit.inherit.signed" {
type primary;
file "inherit.inherit.signed.db";
+ inline-signing yes;
};
/* Override dnssec-policy */
zone "override.inherit.signed" {
type primary;
- dnssec-policy "default";
file "override.inherit.signed.db";
+ inline-signing yes;
+ dnssec-policy "default";
};
/* Unset dnssec-policy */
zone "none.inherit.signed" {
type primary;
- dnssec-policy "none";
file "none.inherit.signed.db";
+ dnssec-policy "none";
};
};
zone "inherit.override.signed" {
type primary;
file "inherit.override.signed.db";
+ inline-signing yes;
};
/* Override dnssec-policy */
zone "override.override.signed" {
type primary;
- dnssec-policy "test";
file "override.override.signed.db";
+ inline-signing yes;
+ dnssec-policy "test";
};
/* Unset dnssec-policy */
zone "none.override.signed" {
type primary;
- dnssec-policy "none";
file "none.override.signed.db";
+ dnssec-policy "none";
};
};
/* Override dnssec-policy */
zone "override.none.signed" {
type primary;
- dnssec-policy "test";
file "override.none.signed.db";
+ inline-signing yes;
+ dnssec-policy "test";
};
/* Unset dnssec-policy */
zone "none.none.signed" {
type primary;
- dnssec-policy "none";
file "none.none.signed.db";
+ dnssec-policy "none";
};
};
zone "example.net" {
type primary;
file "example1.db";
- // Dynamic zone, inline-signing disabled, policy inerhited.
};
};
zone "example.net" {
type primary;
file "example2.db";
- // Static zone, inline-signing, policy inherited.
+ inline-signing yes;
};
};
/* Override dnssec-policy */
zone "override.inherit.unsigned" {
type primary;
- dnssec-policy "default";
file "override.inherit.unsigned.db";
+ inline-signing yes;
+ dnssec-policy "default";
};
/* Unset dnssec-policy */
zone "none.inherit.unsigned" {
type primary;
- dnssec-policy "none";
file "none.inherit.unsigned.db";
+ dnssec-policy "none";
};
};
zone "inherit.override.unsigned" {
type primary;
file "inherit.override.unsigned.db";
+ inline-signing yes;
};
/* Override dnssec-policy */
zone "override.override.unsigned" {
type primary;
- dnssec-policy "test";
file "override.override.unsigned.db";
+ inline-signing yes;
+ dnssec-policy "test";
};
/* Unset dnssec-policy */
zone "none.override.unsigned" {
type primary;
- dnssec-policy "none";
file "none.override.unsigned.db";
+ dnssec-policy "none";
};
};
/* Override dnssec-policy */
zone "override.none.unsigned" {
type primary;
- dnssec-policy "test";
file "override.none.unsigned.db";
+ inline-signing yes;
+ dnssec-policy "test";
};
/* Unset dnssec-policy */
zone "none.none.unsigned" {
type primary;
- dnssec-policy "none";
file "none.none.unsigned.db";
+ dnssec-policy "none";
};
};
zone "step1.going-insecure.kasp" {
type primary;
file "step1.going-insecure.kasp.db";
+ inline-signing yes;
dnssec-policy "unsigning";
};
zone "step1.going-straight-to-none.kasp" {
type primary;
file "step1.going-straight-to-none.kasp.db";
+ inline-signing yes;
dnssec-policy "default";
};
zone "step1.algorithm-roll.kasp" {
type primary;
file "step1.algorithm-roll.kasp.db";
+ inline-signing yes;
dnssec-policy "rsasha256";
};
zone "step1.csk-algorithm-roll.kasp" {
type primary;
file "step1.csk-algorithm-roll.kasp.db";
+ inline-signing yes;
dnssec-policy "csk-algoroll";
};
zone example {
type primary;
- dnssec-policy modified;
file "example.db";
+ inline-signing yes;
+ dnssec-policy modified;
};
zone "step1.going-insecure.kasp" {
type primary;
file "step1.going-insecure.kasp.db";
+ inline-signing yes;
dnssec-policy "insecure";
};
zone "step2.going-insecure.kasp" {
type primary;
file "step2.going-insecure.kasp.db";
+ inline-signing yes;
dnssec-policy "insecure";
};
zone "step1.algorithm-roll.kasp" {
type primary;
file "step1.algorithm-roll.kasp.db";
+ inline-signing yes;
dnssec-policy "ecdsa256";
};
zone "step2.algorithm-roll.kasp" {
type primary;
file "step2.algorithm-roll.kasp.db";
+ inline-signing yes;
dnssec-policy "ecdsa256";
};
zone "step3.algorithm-roll.kasp" {
type primary;
file "step3.algorithm-roll.kasp.db";
+ inline-signing yes;
dnssec-policy "ecdsa256";
};
zone "step4.algorithm-roll.kasp" {
type primary;
file "step4.algorithm-roll.kasp.db";
+ inline-signing yes;
dnssec-policy "ecdsa256";
};
zone "step5.algorithm-roll.kasp" {
type primary;
file "step5.algorithm-roll.kasp.db";
+ inline-signing yes;
dnssec-policy "ecdsa256";
};
zone "step6.algorithm-roll.kasp" {
type primary;
file "step6.algorithm-roll.kasp.db";
+ inline-signing yes;
dnssec-policy "ecdsa256";
};
zone "step1.csk-algorithm-roll.kasp" {
type primary;
file "step1.csk-algorithm-roll.kasp.db";
+ inline-signing yes;
dnssec-policy "csk-algoroll";
};
zone "step2.csk-algorithm-roll.kasp" {
type primary;
file "step2.csk-algorithm-roll.kasp.db";
+ inline-signing yes;
dnssec-policy "csk-algoroll";
};
zone "step3.csk-algorithm-roll.kasp" {
type primary;
file "step3.csk-algorithm-roll.kasp.db";
+ inline-signing yes;
dnssec-policy "csk-algoroll";
};
zone "step4.csk-algorithm-roll.kasp" {
type primary;
file "step4.csk-algorithm-roll.kasp.db";
+ inline-signing yes;
dnssec-policy "csk-algoroll";
};
zone "step5.csk-algorithm-roll.kasp" {
type primary;
file "step5.csk-algorithm-roll.kasp.db";
+ inline-signing yes;
dnssec-policy "csk-algoroll";
};
zone "step6.csk-algorithm-roll.kasp" {
type primary;
file "step6.csk-algorithm-roll.kasp.db";
+ inline-signing yes;
dnssec-policy "csk-algoroll";
};
zone example {
type primary;
- dnssec-policy modified;
file "example.db";
+ inline-signing yes;
+ dnssec-policy modified;
};
zone "view-rsasha256.kasp" {
type primary;
file "view-rsasha256.kasp.ext.db";
+ inline-signing yes;
dnssec-policy "rsasha256";
};
};
zone "view-rsasha256.kasp" {
type primary;
file "view-rsasha256.kasp.int.db";
+ inline-signing yes;
dnssec-policy "rsasha256";
};
};
zone "nsec-to-nsec3.kasp" {
type primary;
file "nsec-to-nsec3.kasp.db";
+ inline-signing yes;
dnssec-policy "nsec";
};
zone "nsec3.kasp" {
type primary;
file "nsec3.kasp.db";
+ inline-signing yes;
dnssec-policy "nsec3";
};
zone "nsec3-other.kasp" {
type primary;
file "nsec3-other.kasp.db";
+ inline-signing yes;
dnssec-policy "nsec3-other";
};
zone "nsec3-change.kasp" {
type primary;
file "nsec3-change.kasp.db";
+ inline-signing yes;
dnssec-policy "nsec3";
};
zone "nsec3-to-optout.kasp" {
type primary;
file "nsec3-to-optout.kasp.db";
+ inline-signing yes;
dnssec-policy "nsec3";
};
zone "nsec3-from-optout.kasp" {
type primary;
file "nsec3-from-optout.kasp.db";
+ inline-signing yes;
dnssec-policy "optout";
};
zone "nsec3-to-nsec.kasp" {
type primary;
file "nsec3-to-nsec.kasp.db";
+ inline-signing yes;
dnssec-policy "nsec3";
};
zone "nsec-to-nsec3.kasp" {
type primary;
file "nsec-to-nsec3.kasp.db";
+ inline-signing yes;
//dnssec-policy "nsec";
dnssec-policy "nsec3";
};
zone "nsec3.kasp" {
type primary;
file "nsec3.kasp.db";
+ inline-signing yes;
dnssec-policy "nsec3";
};
zone "nsec3-other.kasp" {
type primary;
file "nsec3-other.kasp.db";
+ inline-signing yes;
dnssec-policy "nsec3-other";
};
zone "nsec3-change.kasp" {
type primary;
file "nsec3-change.kasp.db";
+ inline-signing yes;
//dnssec-policy "nsec3";
dnssec-policy "nsec3-other";
};
zone "nsec3-to-optout.kasp" {
type primary;
file "nsec3-to-optout.kasp.db";
+ inline-signing yes;
//dnssec-policy "nsec3";
dnssec-policy "optout";
};
zone "nsec3-from-optout.kasp" {
type primary;
file "nsec3-from-optout.kasp.db";
+ inline-signing yes;
//dnssec-policy "optout";
dnssec-policy "nsec3";
};
zone "nsec3-to-nsec.kasp" {
type primary;
file "nsec3-to-nsec.kasp.db";
+ inline-signing yes;
//dnssec-policy "nsec3";
dnssec-policy "nsec";
};
projects / thirdparty / bind9.git / commitdiff
