listen-on-v6 { none; };
recursion no;
notify yes;
- dnssec-enable yes;
dnssec-validation yes;
};
listen-on-v6 { none; };
recursion no;
notify yes;
- dnssec-enable yes;
dnssec-validation yes;
dnssec-loadkeys-interval 30;
};
listen-on-v6 { none; };
recursion no;
notify yes;
- dnssec-enable yes;
dnssec-validation yes;
dnssec-loadkeys-interval 10;
allow-new-zones yes;
listen-on { 10.53.0.4; };
listen-on-v6 { none; };
recursion yes;
- dnssec-enable yes;
dnssec-validation yes;
dnssec-must-be-secure mustbesecure.example yes;
};
listen-on { 10.53.0.5; };
listen-on-v6 { none; };
recursion yes;
- dnssec-enable yes;
dnssec-validation yes;
};
options {
dnssec-enable no;
- dnssec-validation yes;
};
* information regarding copyright ownership.
*/
-options {
- dnssec-enable no;
-};
-
view view1 {
match-clients { any; };
dnssec-validation yes;
* information regarding copyright ownership.
*/
-options {
- dnssec-validation no;
-};
-
view view1 {
match-clients { any; };
- dnssec-enable no;
};
view view2 {
match-clients { none; };
- dnssec-enable yes;
};
view view3 {
n=`expr $n + 1`
echo_i "checking named-checkconf dnssec warnings ($n)"
ret=0
-$CHECKCONF dnssec.1 2>&1 | grep 'validation yes.*enable no' > /dev/null || ret=1
+# dnssec.1: dnssec-enable is obsolete
+$CHECKCONF dnssec.1 2>&1 | grep "'dnssec-enable' is obsolete and should be removed" > /dev/null || ret=1
+# dnssec.2: auto-dnssec warning
$CHECKCONF dnssec.2 2>&1 | grep 'auto-dnssec may only be ' > /dev/null || ret=1
-$CHECKCONF dnssec.2 2>&1 | grep 'validation auto.*enable no' > /dev/null || ret=1
-$CHECKCONF dnssec.2 2>&1 | grep 'validation yes.*enable no' > /dev/null || ret=1
-# this one should have no warnings
+# dnssec.3: should have no warnings
$CHECKCONF dnssec.3 2>&1 | grep '.*' && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
listen-on-v6 { none; };
recursion no;
notify yes;
- dnssec-enable yes;
dnssec-validation yes;
};
listen-on-v6 { none; };
recursion no;
notify yes;
- dnssec-enable yes;
dnssec-validation yes;
};
listen-on-v6 { fd92:7065:b8e:ffff::1; };
recursion no;
notify yes;
- dnssec-enable no;
dnssec-validation no;
};
listen-on { 10.53.0.2; };
listen-on-v6 { fd92:7065:b8e:ffff::2; };
recursion no;
- dnssec-enable no;
dnssec-validation no;
};
listen-on { 10.53.0.3; };
listen-on-v6 { fd92:7065:b8e:ffff::3; };
recursion yes;
- dnssec-enable no;
dnssec-validation no;
server-id "ns3";
};
listen-on-v6 { none; };
recursion no;
notify yes;
- dnssec-enable yes;
};
zone "." { type master; file "root.signed"; };
listen-on-v6 { none; };
recursion no;
notify yes;
- dnssec-enable yes;
};
zone "." { type hint; file "hints"; };
listen-on-v6 { none; };
recursion no;
notify yes;
- dnssec-enable yes;
};
zone "." { type hint; file "hints"; };
listen-on-v6 { none; };
recursion no;
notify yes;
- dnssec-enable no;
};
zone "." { type hint; file "hints"; };
listen-on-v6 { none; };
recursion yes;
notify yes;
- dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside "." trust-anchor "dlv.utld";
};
listen-on-v6 { none; };
recursion no;
notify yes;
- dnssec-enable yes;
};
zone "." { type hint; file "hints"; };
listen-on-v6 { none; };
allow-recursion { 10.53.0.1; };
notify yes;
- dnssec-enable yes;
dnssec-validation yes;
dns64 2001:bbbb::/96 {
listen-on-v6 { none; };
recursion yes;
notify yes;
- dnssec-enable yes;
dnssec-validation yes;
dns64 2001:aaaa::/96 {
listen-on-v6 { none; };
recursion no;
notify yes;
- dnssec-enable yes;
dnssec-validation yes;
/* test that we can turn off trust-anchor-telemetry */
trust-anchor-telemetry no;
listen-on-v6 { none; };
recursion no;
notify yes;
- dnssec-enable yes;
dnssec-validation yes;
notify-delay 1;
minimal-responses no;
listen-on-v6 { none; };
recursion no;
notify yes;
- dnssec-enable yes;
dnssec-validation yes;
session-keyfile "session.key";
minimal-responses no;
listen-on { 10.53.0.4; };
listen-on-v6 { none; };
recursion yes;
- dnssec-enable yes;
dnssec-validation yes;
dnssec-must-be-secure mustbesecure.example yes;
minimal-responses no;
listen-on { 10.53.0.4; };
listen-on-v6 { none; };
recursion yes;
- dnssec-enable yes;
dnssec-validation auto;
bindkeys-file "managed.conf";
minimal-responses no;
listen-on { 10.53.0.4; };
listen-on-v6 { none; };
recursion yes;
- dnssec-enable yes;
dnssec-validation auto;
bindkeys-file "managed.conf";
dnssec-accept-expired yes;
listen-on { 10.53.0.4; };
listen-on-v6 { none; };
bindkeys-file "managed.conf";
- dnssec-enable no;
};
key rndc_key {
listen-on { 10.53.0.5; };
listen-on-v6 { none; };
recursion yes;
- dnssec-enable yes;
dnssec-validation yes;
};
recursion yes;
notify yes;
disable-algorithms . { @ALTERNATIVE_ALGORITHM@; };
- dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside . trust-anchor dlv;
};
listen-on-v6 { none; };
recursion no;
notify yes;
- dnssec-enable yes;
dnssec-validation yes;
minimal-responses yes;
};
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))
-# Note: after this check, ns4 will not be validating any more; do not add any
-# further validation tests employing ns4 below this check.
-echo_i "check that validation defaults to off when dnssec-enable is off ($n)"
-ret=0
-# Sanity check - validation should be enabled.
-rndccmd 10.53.0.4 validation status | grep "enabled" > /dev/null || ret=1
-# Set "dnssec-enable" to "no" and reconfigure.
-copy_setports ns4/named5.conf.in ns4/named.conf
-rndccmd 10.53.0.4 reconfig 2>&1 | sed 's/^/ns4 /' | cat_i
-# Check validation status again.
-rndccmd 10.53.0.4 validation status | grep "disabled" > /dev/null || ret=1
-n=$((n+1))
-test "$ret" -eq 0 || echo_i "failed"
-status=$((status+ret))
-
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1
listen-on-v6 { none; };
recursion no;
notify yes;
- dnssec-enable yes;
dnssec-validation yes;
};
listen-on-v6 { none; };
recursion no;
notify yes;
- dnssec-enable yes;
dnssec-validation yes;
};
listen-on { 10.53.0.3; };
listen-on-v6 { none; };
recursion yes;
- dnssec-enable yes;
dnssec-validation yes;
dnssec-must-be-secure . yes;
/* only SHA-256 is enabled */
listen-on { 10.53.0.4; };
listen-on-v6 { none; };
recursion yes;
- dnssec-enable yes;
dnssec-validation yes;
/* only SHA-256 is enabled */
disable-ds-digests . { SHA-1; SHA-384; 5; 6; 7; 8; 9; };
listen-on-v6 { none; };
recursion no;
notify yes;
- dnssec-enable yes;
dnssec-validation yes;
};
listen-on-v6 { none; };
recursion yes;
notify yes;
- dnssec-enable yes;
dnssec-validation yes;
};
listen-on-v6 { none; };
recursion no;
notify yes;
- dnssec-enable yes;
dnssec-validation yes;
};
listen-on-v6 { none; };
recursion yes;
notify yes;
- dnssec-enable yes;
dnssec-validation yes;
};
listen-on-v6 { fd92:7065:b8e:ffff::1; };
recursion no;
notify yes;
- dnssec-enable no;
dnssec-validation no;
};
listen-on-v6 { none; };
recursion no;
notify yes;
- dnssec-enable yes;
dnssec-validation yes;
};
listen-on-v6 { none; };
recursion no;
notify yes;
- dnssec-enable yes;
dnssec-validation yes;
};
listen-on-v6 { none; };
recursion no;
notify no;
- dnssec-enable yes;
session-keyfile "session.key";
servfail-ttl 0;
};
port @PORT@;
recursion no;
notify no;
- dnssec-enable yes;
servfail-ttl 0;
};
listen-on-v6 { none; };
recursion no;
notify no;
- dnssec-enable yes;
};
key rndc_key {
listen-on-v6 { none; };
recursion no;
notify no;
- dnssec-enable yes;
dnssec-validation yes;
allow-query { allowed; };
};
listen-on-v6 { none; };
recursion no;
notify no;
- dnssec-enable yes;
dnssec-validation yes;
allow-query { allowed; };
};
listen-on-v6 { none; };
recursion no;
notify no;
- dnssec-enable yes;
dnssec-validation yes;
};
listen-on-v6 { none; };
recursion yes;
notify no;
- dnssec-enable yes;
dnssec-validation auto;
bindkeys-file "managed.conf";
servfail-ttl 0;
listen-on-v6 { none; };
recursion yes;
notify no;
- dnssec-enable yes;
dnssec-validation yes;
bindkeys-file "managed.conf";
trust-anchor-telemetry no;
listen-on-v6 { none; };
recursion yes;
notify no;
- dnssec-enable yes;
dnssec-validation auto;
bindkeys-file "managed.conf";
managed-keys-directory "nope";
listen-on-v6 { none; };
recursion yes;
notify no;
- dnssec-enable yes;
dnssec-validation auto;
bindkeys-file "managed.conf";
servfail-ttl 0;
listen-on-v6 { none; };
recursion yes;
notify no;
- dnssec-enable yes;
dnssec-validation yes;
trust-anchor-telemetry no;
};
listen-on-v6 { none; };
recursion yes;
notify no;
- dnssec-enable yes;
dnssec-validation auto;
bindkeys-file "managed.conf";
};
listen-on-v6 { none; };
recursion no;
notify yes;
- dnssec-enable yes;
dnssec-validation yes;
};
listen-on-v6 { none; };
recursion no;
notify yes;
- dnssec-enable yes;
dnssec-validation yes;
};
listen-on-v6 { none; };
recursion no;
notify no;
- dnssec-enable yes;
dnssec-validation yes;
};
listen-on-v6 { none; };
allow-recursion { 10.53.0.1; };
notify yes;
- dnssec-enable yes;
dnssec-validation yes;
};
listen-on-v6 { none; };
recursion yes;
notify yes;
- dnssec-enable yes;
dnssec-validation yes;
};
listen-on-v6 { none; };
allow-recursion { 10.53.0.3; };
notify yes;
- dnssec-enable yes;
dnssec-validation yes;
};
listen-on-v6 { none; };
recursion yes;
notify yes;
- dnssec-enable yes;
dnssec-validation yes;
nxdomain-redirect "redirect";
listen-on-v6 { none; };
recursion no;
notify yes;
- dnssec-enable yes;
dnssec-validation yes;
};
listen-on-v6 { none; };
recursion no;
notify yes;
- dnssec-enable yes;
dnssec-validation yes;
};
listen-on-v6 { none; };
recursion yes;
notify yes;
- dnssec-enable yes;
dnssec-validation yes;
root-key-sentinel yes;
};
listen-on-v6 { none; };
recursion yes;
notify yes;
- dnssec-enable yes;
dnssec-validation yes;
root-key-sentinel no;
};
listen-on-v6 { none; };
recursion no;
notify yes;
- dnssec-enable yes;
dnssec-validation yes;
};
listen-on-v6 { none; };
recursion no;
notify yes;
- dnssec-enable yes;
};
zone "." {
listen-on-v6 { none; };
recursion yes;
notify yes;
- dnssec-enable yes;
dnssec-validation yes;
max-rsa-exponent-size 35;
};
listen-on-v6 { fd92:7065:b8e:ffff::2; };
recursion no;
notify yes;
- dnssec-enable no;
dnssec-validation no;
};
listen-on-v6 { fd92:7065:b8e:ffff::2; };
recursion no;
notify yes;
- dnssec-enable no;
dnssec-validation no;
};
listen-on-v6 { fd92:7065:b8e:ffff::2; };
recursion no;
notify yes;
- dnssec-enable no;
dnssec-validation no;
};
listen-on-v6 { fd92:7065:b8e:ffff::2; };
recursion no;
notify yes;
- dnssec-enable no;
dnssec-validation no;
};
listen-on-v6 { none; };
recursion no;
notify yes;
- dnssec-enable yes;
dnssec-validation yes;
};
listen-on-v6 { none; };
recursion no;
notify yes;
- dnssec-enable yes;
dnssec-validation yes;
};
listen-on { 10.53.0.5; };
listen-on-v6 { none; };
recursion yes;
- dnssec-enable yes;
dnssec-validation yes;
servfail-ttl 30;
};
listen-on-v6 { none; };
recursion no;
notify yes;
- dnssec-enable yes;
dnssec-validation yes;
};
listen-on-v6 { none; };
recursion yes;
notify no;
- dnssec-enable yes;
dnssec-validation yes;
};
listen-on-v6 { none; };
recursion yes;
notify no;
- dnssec-enable yes;
dnssec-validation yes;
};
listen-on-v6 { none; };
recursion yes;
notify no;
- dnssec-enable yes;
dnssec-validation yes;
synth-from-dnssec no;
};
listen-on-v6 { none; };
recursion yes;
notify no;
- dnssec-enable yes;
dnssec-validation yes;
synth-from-dnssec yes;
};
recursion no;
dnssec-validation no;
notify yes;
- dnssec-enable yes;
};
zone "." { type master; file "root.db.signed"; };
listen-on-v6 { none; };
recursion no;
notify yes;
- dnssec-enable yes;
dnssec-validation yes;
};
listen-on-v6 { none; };
recursion no;
notify yes;
- dnssec-enable yes;
dnssec-validation yes;
};
projects / thirdparty / bind9.git / commitdiff
