upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-28 04:21:07 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/bin/tests/system/checkconf/good.conf
Matthijs Mekking 4e8dc72717 Add checkconf tests for [#2463] 
Add two tests to make sure named-checkconf catches key-directory issues
where a zone in multiple views uses the same directory but has
different dnssec-policies. One test sets the key-directory specifically,
the other inherits the default key-directory (NULL, aka the working
directory).

Also update the good.conf test to allow zones in different views
with the same key-directory if they use the same dnssec-policy.

Also allow zones in different views with different key-directories if
they use different dnssec-policies.

Also allow zones in different views with the same key-directories if
only one view uses a dnssec-policy (the other is set to "none").

Also allow zones in different views with the same key-directories if
no views uses a dnssec-policy (zone in both views has the dnssec-policy
set to "none").

(cherry picked from commit df1aecd5ff)
2021-05-19 00:44:32 +00:00

261 lines
4.5 KiB
Text
Raw Blame History

/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
/*
* This is just a random selection of configuration options.
*/
/* cut here */
dnssec-policy "test" {
dnskey-ttl 3600;
keys {
ksk key-directory lifetime P1Y algorithm 13 256;
zsk key-directory lifetime P30D algorithm 13;
csk key-directory lifetime P30D algorithm 8 2048;
};
max-zone-ttl 86400;
nsec3param ;
parent-ds-ttl 7200;
parent-propagation-delay PT1H;
publish-safety PT3600S;
purge-keys P90D;
retire-safety PT3600S;
signatures-refresh P3D;
signatures-validity P2W;
signatures-validity-dnskey P14D;
zone-propagation-delay PT5M;
};
options {
avoid-v4-udp-ports {
100;
};
avoid-v6-udp-ports {
100;
};
blackhole {
10.0.0.0/8;
};
coresize 1073741824;
datasize 104857600;
directory ".";
dscp 41;
dump-file "named_dumpdb";
files 1000;
heartbeat-interval 30;
hostname none;
interface-interval 30;
keep-response-order {
10.0.10.0/24;
};
listen-on port 90 {
"any";
};
listen-on port 100 dscp 33 {
127.0.0.1/32;
};
listen-on-v6 port 53 dscp 57 {
"none";
};
match-mapped-addresses yes;
memstatistics-file "named.memstats";
pid-file none;
port 5300;
querylog yes;
recursing-file "named.recursing";
recursive-clients 3000;
serial-query-rate 100;
server-id none;
check-names primary warn;
check-names secondary ignore;
max-cache-size 20000000000000;
nta-lifetime 604800;
nta-recheck 604800;
validate-except {
"corp";
};
dnssec-policy "test";
max-ixfr-ratio 90%;
transfer-source 0.0.0.0 dscp 63;
zone-statistics none;
};
view "first" {
match-clients {
"none";
};
zone "example1" {
type master;
file "xxx";
update-policy local;
max-ixfr-ratio 20%;
notify-source 10.10.10.10 port 53 dscp 55;
};
zone "clone" {
type master;
file "yyy";
max-ixfr-ratio unlimited;
};
dnssec-validation auto;
zone-statistics terse;
};
view "second" {
match-clients {
"any";
};
zone "example1" {
type master;
file "zzz";
update-policy local;
zone-statistics yes;
};
zone "example2" {
type static-stub;
forward only;
forwarders {
10.53.0.4;
};
zone-statistics no;
};
zone "example3" {
type static-stub;
server-addresses {
1.2.3.4;
};
};
zone "clone" {
in-view "first";
};
zone "." {
type redirect;
masters {
1.2.3.4;
};
};
dnssec-validation auto;
zone-statistics full;
};
view "third" {
match-clients {
"none";
};
zone "clone" {
in-view "first";
forward only;
forwarders {
10.0.0.100;
};
};
zone "dnssec" {
type master;
file "file";
allow-update {
"any";
};
auto-dnssec maintain;
};
zone "p" {
type primary;
file "pfile";
};
zone "s" {
type secondary;
masters {
1.2.3.4;
};
notify primary-only;
};
};
view "fourth" {
zone "dnssec-test" {
type master;
file "dnssec-test.db";
dnssec-policy "test";
};
zone "dnssec-default" {
type master;
file "dnssec-default.db";
dnssec-policy "default";
};
zone "dnssec-inherit" {
type master;
file "dnssec-inherit.db";
};
zone "dnssec-none" {
type master;
file "dnssec-none.db";
dnssec-policy "none";
};
zone "dnssec-view1" {
type master;
file "dnssec-view41.db";
dnssec-policy "test";
};
zone "dnssec-view2" {
type master;
file "dnssec-view42.db";
};
zone "dnssec-view3" {
type master;
file "dnssec-view43.db";
dnssec-policy "none";
key-directory "keys";
};
zone "dnssec-view4" {
type master;
file "dnssec-view44.db";
dnssec-policy "none";
};
dnssec-policy "default";
key-directory ".";
};
view "fifth" {
zone "dnssec-view1" {
type master;
file "dnssec-view51.db";
dnssec-policy "test";
};
zone "dnssec-view2" {
type master;
file "dnssec-view52.db";
dnssec-policy "test";
key-directory "keys";
};
zone "dnssec-view3" {
type master;
file "dnssec-view53.db";
dnssec-policy "default";
key-directory "keys";
};
zone "dnssec-view4" {
type master;
file "dnssec-view54.db";
dnssec-policy "none";
};
key-directory ".";
};
view "chaos" chaos {
zone "hostname.bind" chaos {
type master;
database "_builtin hostname";
};
};
dyndb "name" "library.so" {
this;
\};
is a {
"test" { \{ of; the; };
} bracketed;
"text \"";
system;
};
key "mykey" {
algorithm "hmac-md5";
secret "qwertyuiopasdfgh";
};
Reference in a new issue View git blame Copy permalink