/* * Copyright (C) Internet Systems Consortium, Inc. ("ISC") * * SPDX-License-Identifier: MPL-2.0 * * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, you can obtain one at https://mozilla.org/MPL/2.0/. * * See the COPYRIGHT file distributed with this work for additional * information regarding copyright ownership. */ include "../../_common/rndc.key"; controls { inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; tls self-signed { cert-file "../self-signed-cert.pem"; key-file "../self-signed-key.pem"; }; options { pid-file "named.pid"; ## # generic test listen-on port @PORT@ { 10.53.0.1; }; listen-on port @EXTRAPORT1@ proxy plain { 10.53.0.1; }; listen-on port @EXTRAPORT1@ proxy plain { 10.53.0.2; }; listen-on port @TLSPORT@ proxy encrypted tls self-signed { 10.53.0.1; }; listen-on port @EXTRAPORT2@ proxy plain tls self-signed { 10.53.0.1; }; listen-on port @HTTPSPORT@ proxy encrypted tls self-signed http default { 10.53.0.1; }; listen-on port @EXTRAPORT3@ proxy plain tls self-signed http default { 10.53.0.1; }; listen-on port @HTTPPORT@ proxy plain tls none http default { 10.53.0.1; }; listen-on-v6 port @EXTRAPORT1@ proxy plain { fd92:7065:b8e:ffff::1; }; listen-on-v6 port @EXTRAPORT1@ proxy plain { fd92:7065:b8e:ffff::2; }; listen-on-v6 port @TLSPORT@ proxy encrypted tls self-signed { fd92:7065:b8e:ffff::1; }; listen-on-v6 port @EXTRAPORT2@ proxy plain tls self-signed { fd92:7065:b8e:ffff::1; }; listen-on-v6 port @HTTPSPORT@ proxy encrypted tls self-signed http default { fd92:7065:b8e:ffff::1; }; listen-on-v6 port @EXTRAPORT3@ proxy plain tls self-signed http default { fd92:7065:b8e:ffff::1; }; listen-on-v6 port @HTTPPORT@ proxy plain tls none http default { fd92:7065:b8e:ffff::1; }; allow-proxy { 10.53.0.10; fd92:7065:b8e:ffff::10; }; allow-proxy-on { 10.53.0.1; fd92:7065:b8e:ffff::1; }; recursion no; notify explicit; statistics-file "named.stats"; dnssec-validation yes; tcp-initial-timeout 1200; }; trust-anchors { }; zone "example0" { type primary; file "example.db"; allow-query { any; }; }; zone "example1" { type primary; file "example.db"; allow-query { 1.2.3.4; fd0f:99d3:98a7::1234; }; allow-query-on { 4.3.2.1; fd0f:99d3:98a7::4321; }; # note, we are *not* listening on the interface }; zone "example2" { type primary; file "example.db"; # allow the real addresses only so that we can test LOCAL requests allow-query { 10.53.0.10; fd92:7065:b8e:ffff::10; }; allow-query-on { 10.53.0.1; fd92:7065:b8e:ffff::1; }; }; # Let's define some zones that will help us verify that ports # information from PROXY headers is used. Please note that we are NOT # listening on the ports used. zone "example-proxy-do53" { type primary; file "example.db"; allow-transfer port 53 transport tcp { 1.2.3.4; fd0f:99d3:98a7::1234; }; }; zone "example-proxy-encrypted-dot" { type primary; file "example.db"; allow-transfer port 853 transport tls { 1.2.3.4; fd0f:99d3:98a7::1234; }; }; zone "example-proxy-plain-dot" { type primary; file "example.db"; allow-transfer port 853 transport tls { 1.2.3.4; fd0f:99d3:98a7::1234; }; }; # Now let's make something similar, but for LOCAL PROXY requests (when # real ports and addresses are used) zone "example-proxy-local-do53" { type primary; file "example.db"; allow-transfer port @EXTRAPORT1@ transport tcp { 10.53.0.10; fd92:7065:b8e:ffff::10; }; }; zone "example-proxy-local-encrypted-dot" { type primary; file "example.db"; allow-transfer port @TLSPORT@ transport tls { 10.53.0.10; fd92:7065:b8e:ffff::10; }; }; zone "example-proxy-local-plain-dot" { type primary; file "example.db"; allow-transfer port @EXTRAPORT2@ transport tls { 10.53.0.10; fd92:7065:b8e:ffff::10; }; };