/*
 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 *
 * SPDX-License-Identifier: MPL-2.0
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0.  If a copy of the MPL was not distributed with this
 * file, you can obtain one at https://mozilla.org/MPL/2.0/.
 *
 * See the COPYRIGHT file distributed with this work for additional
 * information regarding copyright ownership.
 */

// NS2

options {
	query-source address 10.53.0.2;
	notify-source 10.53.0.2;
	transfer-source 10.53.0.2;
	port @PORT@;
	pid-file "named.pid";
	listen-on { 10.53.0.2; };
	listen-on-v6 { none; };
	recursion no;
	notify yes;
	dnssec-validation yes;
	notify-delay 1;
	minimal-responses no;
};

key rndc_key {
        secret "1234abcd8765";
        algorithm hmac-sha256;
};

controls {
        inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};

zone "." {
	type hint;
	file "../../common/root.hint";
};

zone "trusted" {
	type primary;
	file "trusted.db.signed";
};

zone "managed" {
	type primary;
	file "managed.db.signed";
};

zone "example" {
	type primary;
	file "example.db.signed";
	allow-update { any; };
};

zone "insecure.secure.example" {
	type primary;
	file "insecure.secure.example.db";
	allow-update { any; };
};

zone "rfc2335.example" {
	type primary;
	file "rfc2335.example.db";
};

zone "child.nsec3.example" {
	type primary;
	file "child.nsec3.example.db";
	allow-update { none; };
};

zone "child.optout.example" {
	type primary;
	file "child.optout.example.db";
	allow-update { none; };
};

zone "badparam" {
	type primary;
	file "badparam.db.bad";
};

zone "single-nsec3" {
	type primary;
	file "single-nsec3.db.signed";
};

zone "algroll" {
	type primary;
	file "algroll.db.signed";
};

zone "nsec3chain-test" {
	type primary;
	file "nsec3chain-test.db.signed";
	allow-update {any;};
};

zone "in-addr.arpa" {
	type primary;
	file "in-addr.arpa.db.signed";
};

zone "cds.secure" {
	type primary;
	file "cds.secure.db.signed";
};

zone "cds-x.secure" {
	type primary;
	file "cds-x.secure.db.signed";
};

zone "cds-update.secure" {
	type primary;
	file "cds-update.secure.db.signed";
	allow-update { any; };
};

zone "cds-kskonly.secure" {
	type primary;
	dnssec-dnskey-kskonly yes;
	file "cds-kskonly.secure.db.signed";
	allow-update { any; };
};

zone "cds-auto.secure" {
	type primary;
	file "cds-auto.secure.db.signed";
	auto-dnssec maintain;
	allow-update { any; };
};

zone "cdnskey.secure" {
	type primary;
	file "cdnskey.secure.db.signed";
};

zone "cdnskey-x.secure" {
	type primary;
	file "cdnskey-x.secure.db.signed";
};

zone "cdnskey-update.secure" {
	type primary;
	file "cdnskey-update.secure.db.signed";
	allow-update { any; };
};

zone "cdnskey-kskonly.secure" {
	type primary;
	dnssec-dnskey-kskonly yes;
	file "cdnskey-kskonly.secure.db.signed";
	allow-update { any; };
};

zone "cdnskey-auto.secure" {
	type primary;
	file "cdnskey-auto.secure.db.signed";
	auto-dnssec maintain;
	allow-update { any; };
};

zone "updatecheck-kskonly.secure" {
	type primary;
	auto-dnssec maintain;
	key-directory ".";
	dnssec-dnskey-kskonly yes;
	update-check-ksk yes;
	sig-validity-interval 10;
	dnskey-sig-validity 40;
	file "updatecheck-kskonly.secure.db.signed";
	allow-update { any; };
};

zone "corp" {
	type primary;
	file "corp.db";
};

zone "hours-vs-days" {
	type master;
	file "hours-vs-days.db.signed";
	auto-dnssec maintain;
	/* validity 500 days, resign in 499 days */
	sig-validity-interval 500 499;
	allow-update { any; };
};

zone "too-many-iterations" {
	type master;
	file "too-many-iterations.db.signed";
};

include "trusted.conf";