CloudHost/zonemaster.es
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8d4eaa1489fb7026efebc842d0a1cec488fd31f7
zonemaster.es/zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/named.conf
Malin 8d4eaa1489 feat: add full Zonemaster stack with Docker and Spanish UI 
- Clone all 5 Zonemaster component repos (LDNS, Engine, CLI, Backend, GUI)
- Dockerfile.backend: 8-stage multi-stage build LDNS→Engine→CLI→Backend
- Dockerfile.gui: Astro static build served via nginx
- docker-compose.yml: backend (internal) + frontend (port 5353)
- nginx.conf: root redirects to /es/, /api/ proxied to backend
- zonemaster-gui/config.ts: defaultLanguage set to 'es' (Spanish)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-21 08:19:24 +02:00

491 lines
15 KiB
Plaintext
Raw Blame History

options {
dnssec-validation auto;
automatic-interface-scan no;
#
# Explicitly listen on specific addresses, both IPv4 and IPv6 to
# prevent Bind to bind to too many addresses
listen-on { 127.15.10.37; 127.15.10.38; };
listen-on-v6 { fda1:b2:c3:0:127:15:10:37; fda1:b2:c3:0:127:15:10:38; };
#
recursion no;
notify no;
empty-zones-enable no;
pid-file "named.pid";
masterfile-format text;
session-keyfile none;
};
# In the usual case add the zone to view "main" only. If the scenario requires
# two variants of the zone, add the variant of the zone to view "var1" (create
# view "var2" etc if required).
# Put all zone files into the "zones" sub-directory.
view "main" {
# Name of zone file in this view should be "<ZONE-NAME>.zone"
match-destinations { 127.15.10.37; fda1:b2:c3:0:127:15:10:37; };
key-directory "key-dir";
zone "localhost" {
type master;
file "zones/localhost.zone";
};
zone "good-nsec-1.dnssec10.xa" {
type master;
file "zones/good-nsec-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "good-nsec-2.dnssec10.xa" {
type master;
file "zones/good-nsec-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "good-nsec-3.dnssec10.xa" {
type master;
file "zones/good-nsec-3.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "good-nsec3-1.dnssec10.xa" {
type master;
file "zones/good-nsec3-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "good-nsec3-2.dnssec10.xa" {
type master;
file "zones/good-nsec3-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "good-nsec3-3.dnssec10.xa" {
type master;
file "zones/good-nsec3-3.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "algo-not-supp-by-zm-1.dnssec10.xa" {
type master;
file "zones/algo-not-supp-by-zm-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "algo-not-supp-by-zm-2.dnssec10.xa" {
type master;
file "zones/algo-not-supp-by-zm-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "bad-servers-but-good-nsec-1.dnssec10.xa" {
type master;
file "zones/bad-servers-but-good-nsec-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "err-mult-nsec-1.dnssec10.xa" {
type master;
file "zones/err-mult-nsec-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "err-mult-nsec-2.dnssec10.xa" {
type master;
file "zones/err-mult-nsec-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "err-mult-nsec3-1.dnssec10.xa" {
type master;
file "zones/err-mult-nsec3-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "err-mult-nsec3param-1.dnssec10.xa" {
type master;
file "zones/err-mult-nsec3param-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "exp-nsec-nsec3-miss-1.dnssec10.xa" {
# The scenario has neither NSEC nor NSEC3, but we have to select
# something to get the DNSKEY and RRSIG.
type master;
file "zones/exp-nsec-nsec3-miss-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "inconsistent-nsec-1.dnssec10.xa" {
type master;
file "zones/inconsistent-nsec-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "inconsistent-nsec3-1.dnssec10.xa" {
type master;
file "zones/inconsistent-nsec3-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "inconsist-nsec-nsec3-1.dnssec10.xa" {
type master;
file "zones/inconsist-nsec-nsec3-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "inconsist-nsec-nsec3-2.dnssec10.xa" {
type master;
file "zones/inconsist-nsec-nsec3-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "mixed-nsec-nsec3-1.dnssec10.xa" {
type master;
file "zones/mixed-nsec-nsec3-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "mixed-nsec-nsec3-2.dnssec10.xa" {
type master;
file "zones/mixed-nsec-nsec3-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec3param-gives-err-answer-1.dnssec10.xa" {
type master;
file "zones/nsec3param-gives-err-answer-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3param-gives-err-answer-2.dnssec10.xa" {
type master;
file "zones/nsec3param-gives-err-answer-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3param-mismatches-apex-1.dnssec10.xa" {
type master;
file "zones/nsec3param-mismatches-apex-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3param-q-response-err-1.dnssec10.xa" {
type master;
file "zones/nsec3param-q-response-err-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3param-q-response-err-2.dnssec10.xa" {
type master;
file "zones/nsec3param-q-response-err-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3param-q-response-err-3.dnssec10.xa" {
type master;
file "zones/nsec3param-q-response-err-3.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3-err-type-list-1.dnssec10.xa" {
type master;
file "zones/nsec3-err-type-list-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3-err-type-list-2.dnssec10.xa" {
type master;
file "zones/nsec3-err-type-list-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3-mismatches-apex-1.dnssec10.xa" {
type master;
file "zones/nsec3-mismatches-apex-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3-missing-signature-1.dnssec10.xa" {
type master;
file "zones/nsec3-missing-signature-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3-nodata-missing-soa-1.dnssec10.xa" {
type master;
file "zones/nsec3-nodata-missing-soa-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3-nodata-wrong-soa-1.dnssec10.xa" {
type master;
file "zones/nsec3-nodata-wrong-soa-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3-no-verified-signature-1.dnssec10.xa" {
type master;
file "zones/nsec3-no-verified-signature-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3-no-verified-signature-2.dnssec10.xa" {
type master;
file "zones/nsec3-no-verified-signature-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3-no-verified-signature-3.dnssec10.xa" {
type master;
file "zones/nsec3-no-verified-signature-3.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3-no-verified-signature-4.dnssec10.xa" {
type master;
file "zones/nsec3-no-verified-signature-4.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec-err-type-list-1.dnssec10.xa" {
type master;
file "zones/nsec-err-type-list-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-err-type-list-2.dnssec10.xa" {
type master;
file "zones/nsec-err-type-list-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-gives-err-answer-1.dnssec10.xa" {
type master;
file "zones/nsec-gives-err-answer-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-gives-err-answer-2.dnssec10.xa" {
type master;
file "zones/nsec-gives-err-answer-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-mismatches-apex-1.dnssec10.xa" {
type master;
file "zones/nsec-mismatches-apex-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-mismatches-apex-2.dnssec10.xa" {
type master;
file "zones/nsec-mismatches-apex-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-missing-signature-1.dnssec10.xa" {
type master;
file "zones/nsec-missing-signature-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-nodata-missing-soa-1.dnssec10.xa" {
type master;
file "zones/nsec-nodata-missing-soa-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-nodata-wrong-soa-1.dnssec10.xa" {
type master;
file "zones/nsec-nodata-wrong-soa-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-no-verified-signature-1.dnssec10.xa" {
type master;
file "zones/nsec-no-verified-signature-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-no-verified-signature-2.dnssec10.xa" {
type master;
file "zones/nsec-no-verified-signature-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-no-verified-signature-3.dnssec10.xa" {
type master;
file "zones/nsec-no-verified-signature-3.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-no-verified-signature-4.dnssec10.xa" {
type master;
file "zones/nsec-no-verified-signature-4.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-query-response-err-1.dnssec10.xa" {
type master;
file "zones/nsec-query-response-err-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-query-response-err-2.dnssec10.xa" {
type master;
file "zones/nsec-query-response-err-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-query-response-err-3.dnssec10.xa" {
type master;
file "zones/nsec-query-response-err-3.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "server-no-dnssec-1.dnssec10.xa" {
type master;
file "zones/server-no-dnssec-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "server-no-dnssec-2.dnssec10.xa" {
type master;
file "zones/server-no-dnssec-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
}; # End view "main"
view "var1" {
# This view is for a variant of the zone already defined in view
# "main". Do not put zones here unless they already exist in view
# "main".
# Name of zone file in this view should be "<ZONE-NAME>.zone", i.e.
# the same name as in the main view, but stored in directory
# "zones-var1".
match-destinations { 127.15.10.38; fda1:b2:c3:0:127:15:10:38; };
key-directory "key-dir-var1";
zone "localhost" {
type master;
file "zones-var1/localhost.zone";
};
zone "inconsist-nsec-nsec3-1.dnssec10.xa" {
type master;
file "zones-var1/inconsist-nsec-nsec3-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "inconsist-nsec-nsec3-2.dnssec10.xa" {
type master;
file "zones-var1/inconsist-nsec-nsec3-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "mixed-nsec-nsec3-1.dnssec10.xa" {
type master;
file "zones-var1/mixed-nsec-nsec3-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "mixed-nsec-nsec3-2.dnssec10.xa" {
type master;
file "zones-var1/mixed-nsec-nsec3-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
}; # End view "var1"
## DNSSEC policy
# Period duration definition: https://en.wikipedia.org/wiki/ISO_8601#Durations
dnssec-policy dnssec10-nsec3 {
dnskey-ttl PT24H;
keys {
ksk lifetime unlimited algorithm 13; # ECDSAP256SHA256
zsk lifetime unlimited algorithm 13; # ECDSAP256SHA256
};
max-zone-ttl P7W;
nsec3param iterations 0 optout no salt-length 0;
signatures-validity P8Y;
signatures-validity-dnskey P8Y;
};
dnssec-policy dnssec10-nsec {
dnskey-ttl PT24H;
keys {
ksk lifetime unlimited algorithm 13; # ECDSAP256SHA256
zsk lifetime unlimited algorithm 13; # ECDSAP256SHA256
};
max-zone-ttl PT24H;
signatures-validity P8Y;
signatures-validity-dnskey P8Y;
};
Reference in New Issue View Git Blame Copy Permalink