├── .gitignore ├── DEBUG.md ├── INSTALL.md ├── LICENSE ├── README.md ├── TODO ├── ftdetect ├── bind-named.vim └── bindzone.vim ├── ftplugin └── bind-named.vim ├── syntax ├── bind-named.vim ├── bindzone.vim ├── dns.vim └── named.vim └── test ├── BvARM9.16-authoritative-server-named.conf ├── db.example.net ├── example-9.16-named.conf ├── example-named.conf ├── github-issue-5-named.conf └── rndc-minimal-BvARM9.16.conf /.gitignore: -------------------------------------------------------------------------------- 1 | .idea/ 2 | -------------------------------------------------------------------------------- /DEBUG.md: -------------------------------------------------------------------------------- 1 | Debugging Vim Syntax File 2 | ========================= 3 | 4 | Of all the things that I have tried to do in order to debug a brand-new syntax file for Vim editor, the following steps are my best and 5 | easiest to use and I hope they serve you well. 6 | 7 | A simple edit command of `vim named.conf` will perform the following steps: 8 | 9 | * load the content of the `named.conf` file, 10 | * makes note of its filename AND filetype, then 11 | * reads in all `ftdetect/*`files for any of its matching filename/filetype 12 | * using `ftdetect/` that matched and flagged by filename/filetype 13 | * loads corresponding `syntax/.vim` of highlighters 14 | * reads syntaxes then displays highlighting 15 | 16 | All that with just that one `vim ` command. 17 | 18 | Preparing Your Home Settings 19 | ---------------------------- 20 | 21 | I use Dr. Chip [`hilinks.vim`](https://github.com/kergoth/vim-hilinks) to support my debugging effort during this Vim syntax development. 22 | 23 | Starting Out Debugging 24 | ---------------------- 25 | 26 | Two terminal sessions are required for a successful debugging of any 27 | new or changed Vim syntax. 28 | 29 | 1. Editing/saving the changed Vim syntax (`~/.vim/syntax/named.conf`) file 30 | 2. Re-viewing the target test-text (`named.conf`) file of its newly updated highlighting syntax. 31 | 32 | In creating the first terminal session, I did: 33 | ```bash 34 | mkdir ~/.vim 35 | mkdir ~/.vim/syntax 36 | cp /usr/lib/vim/vim81/syntax/named.vim ~/.vim/syntax/ 37 | vim ~/.vim/syntax/named.vim 38 | ``` 39 | 40 | For a second terminal session, I cloned the target test-text file. I used 41 | `/tmp/named.conf` as a temporary workspace in this demo. 42 | 43 | ```bash 44 | cp /etc/bind/named.conf /tmp/named.conf 45 | vim /tmp/named.conf 46 | ``` 47 | 48 | Back at the first terminal, I made a one-line change 49 | in `~/.vim/syntax/named.conf`, then saved it using Vim (`:w`) write command. 50 | 51 | At the second terminal, I edited my test-text `named.conf` file to see if I 52 | had enhanced (or broke) something. 53 | 54 | Sure enough, I broke it ... rather badly. 55 | 56 | Going back to the beginning, and do it over but trying with a new syntax setting. 57 | 58 | Documentation, Ugh. 59 | ------------------- 60 | 61 | In the very beginning, I was blindly making multiple syntax changes to 62 | my very own copy of an existing stock Vim syntax file. 63 | It wasn't all that intuitive (not at all) and its results were "unpleasant." 64 | 65 | Back to reading all relevant (and not-so-relevant) Vim documents, they 66 | are (but not limited to): 67 | 68 | * [Patterns](http://vimdoc.sourceforge.net/htmldoc/pattern.html) 69 | * [Syntax](http://vimdoc.sourceforge.net/htmldoc/syntax.html) 70 | 71 | Those two were really all we need but still woefully inadequate for 72 | a rapid startup toward the robust debugging session of its syntax file. 73 | 74 | The more changes I made to my copy of the stock Vim syntax file, the more I 75 | realized that I've got something brand new forming. 76 | 77 | None of the existing stock syntax exist anymore. It's morphed enough to be on its own but with an MIT License. 78 | 79 | I had extracted, revised and published over 143 pseudo-BNF (Backus-Naur 80 | Form) syntax diagrams. Many were analyzed directly from the ISC Bind9 81 | source code due to the poor Bind documentation. Since I've incorporated 82 | so many times more syntaxes than the stock Vim `named` syntax file had, 83 | I have renamed file as `bind-named.vim` in order not to 84 | conflict with the stock Vim syntax (`syntax/named.vim`) file. 85 | 86 | Reloading New Changes 87 | --------------------- 88 | As one makes a change to its Vim syntax file (now called 89 | `syntax/bind-named.vim`) in 1st terminal session, you need to refresh 90 | the viewing (2nd) terminal session just to view your new syntaxes. 91 | 92 | One method of view refresh is to perform exiting the current Vim edit 93 | session on the target file being highlighted (`named.conf`), and then 94 | restarting the same Vim editor session. 95 | 96 | These steps have become rather tedious as: 97 | 98 | ```vim 99 | " (adding new syntax changes) in Vim edit session 100 | ``` 101 | 102 | and just save your syntax change (no need to ever quit the 1st session): 103 | 104 | ```vim 105 | :w 106 | ``` 107 | 108 | In the "viewing" (2nd) terminal session, exiting the vim editor: 109 | ```vim 110 | :q 111 | ``` 112 | then re-entering same edit session: 113 | ```bash 114 | vim named.conf 115 | ``` 116 | 117 | That is your next-tightest basic development cycle of the 118 | creating/changing/saving/viewing results of the updated Vim syntax file. 119 | 120 | Note that there is no debugging or troubleshooting steps there. It's a 121 | blind-man approach of hit-or-miss syntax changes. 122 | 123 | Programming Function Keys 124 | ------------------------- 125 | Do this blind-man development cycle about 10,000 times (OK, so I'm 126 | exaggerating here but the point stands), 127 | and you'll desperately want for a single keystroke do all the work 128 | of 8 (tedious) keystrokes plus whatever the length of your test text file) 129 | after doing each and every single tweaking of your syntax file. 130 | 131 | So let's go program some Vim function keys as our new shortcuts: 132 | 133 | * Detail highlight used on current cursor 134 | * Reload the syntax file after updating. 135 | 136 | Detail Highlight Function Key 137 | ----------------------------- 138 | 139 | I assigned the F10 function key to do the following: 140 | 141 | * Show which highlighter statement is being used at the current cursor 142 | 143 | Stick this into your `vimrc` file (you do do remember where it is at?): 144 | 145 | ```vim 146 | " Show syntax highlighting macro at the cursor 147 | map :echo "hi<" . synIDattr(synID(line("."),col("."),1),"name") . '> trans<' 148 | \ . synIDattr(synID(line("."),col("."),0),"name") . "> lo<" 149 | \ . synIDattr(synIDtrans(synID(line("."),col("."),1)),"name") . ">" 150 | ``` 151 | 152 | Now in your "viewing" (2nd) terminal session, the F10 key will now 153 | be able to show you which highlight syntax macro got used at exactly 154 | where your cursor is currently at within your `named.conf` file. 155 | 156 | For our first F10 keypress, let's move the cursor to an empty line 157 | with no highlighting done (see screen below): 158 | 159 | [[https://raw.githubusercontent.com/egberts/gist/master/vim-syntax-bind-name-first-debug.png|Empty line, no highlighting done]] 160 | 161 | then press F10, and the status bar (at the bottom of 2nd terminal 162 | screen) comes alive with information showing as: 163 | 164 | ```console 165 | hi<> trans<> lo<> 166 | ``` 167 | 168 | The seemingly rather cryptic line means none of the entire 169 | system's syntax files found a syntax match to where your cursor is at. 170 | 171 | Let's move the cursor around a bit more, until the cursor is over a 172 | yellow-highlighted word `acl`, a well-known Bind9 keyword: 173 | 174 | [[https://github.com/egberts/gist/blob/master/vim-syntax-bind-name-first-debug-F10.png|alt=Initial Screen]] 175 | 176 | then press F10 again: 177 | 178 | You get this: 179 | 180 | [[https://github.com/egberts/gist/blob/master/vim-syntax-bind-name-first-debug-F10-after.png|alt=After Screen]] 181 | 182 | ```console 183 | hi trans lo 184 | ``` 185 | 186 | This means `namedStmtKeyword` syntax was matched to the word `acl`, 187 | transitioned from `namedStmtKeyword` macro, and got highlighted with 188 | a color of `Statement`. 189 | 190 | Show Me The Colors! 191 | ------------------- 192 | 193 | I wanted to know what color `Statement` was, as well as what available 194 | colors I can in my new syntax file; to get the colors actually used 195 | for the test-text file, execute in your "viewing" (2nd) Vim 196 | terminal for this example: 197 | 198 | ```vim 199 | :syntax 200 | ``` 201 | 202 | Now you are seeing all the possible colors used for each syntax macro 203 | (or lack thereof if you have forgotten). 204 | 205 | And its `:syntax` output is 206 | fed via Unix pipe through the `less` utility. 207 | Use spacebar/PgUp/PgDn/Up/Down to scroll through the entire 208 | pre-processed syntax file during this `:syntax` viewing. Press `q` to quit. 209 | 210 | Vim `:syntax` command is that first debugging tool showing you all the 211 | highlight syntaxes and its coloring. Very useful for 212 | one of final validations. 213 | 214 | Reload Function Key 215 | ------------------- 216 | 217 | For the second function (F12) key, I found from StackOverflow that Vim 218 | reload (`:source $MYVIMRC`) command. It's a nice command that 219 | does the equivalence (but, as I've discovered, NOT EXACTLY THE SAME) 220 | thing of reloading your newly changed Vim syntax file during my typical 221 | development cycle as described in the first section of this page. 222 | 223 | NOTE: There may be some other disruptive Vim commands like 224 | `:set ft=sh` in your `~/.vimrc` that 225 | WILL actually break the ability to cleanly reload your 226 | `syntax-file-under-test.vim` file: so, comment those out. I had to 227 | do the basic divide-and-conquer of putting this Vim command: 228 | 229 | ```vim 230 | finish 231 | ``` 232 | 233 | throughout my `.vimrc` file until that breakage stop breaking then commented 234 | out the offending line(s) (such as `set ft=sh` or `syntax off`, as I've found 235 | out). 236 | 237 | The reload command basically rereads the `vimrc` files (there's more than 238 | one) which in turn reloads all applicable `syntax/*` files as 239 | determined by its 240 | filetype (`.vim/ftdetect/bind-named.vim`). 241 | 242 | Note: You can see a total list of `vimrc` files that VIM checked upon 243 | during startup and read before displaying the content of your test-text 244 | file being edited. I'll show you how make a list of all files that Vim editor 245 | opens: 246 | 247 | ```bash 248 | # Capture all outputs, both STDOUT and STDERR. 249 | script /tmp/vim.strace 250 | 251 | # Perform Vim edit session 252 | vim named.conf 253 | ``` 254 | 255 | Because of thrashing between `strace` utility and Vim editor's constant 256 | screen repositioning, your screen is now garbled. No fear. 257 | 258 | Just blindly type in `:q` to quit the edit session and exit Vim editor. 259 | You can then scan for files that Vim opened by doing: 260 | 261 | ```bash 262 | grep open /tmp/vim.strace | grep -v "No such file" | grep vim 263 | ``` 264 | 265 | My actual output list is given below:: 266 | 267 | ```console 268 | openat(AT_FDCWD, "/usr/share/vim/vimrc", O_RDONLY) = 4 269 | openat(AT_FDCWD, "/usr/share/vim/vim81/debian.vim", O_RDONLY) = 5 270 | openat(AT_FDCWD, "/home/john/.vimrc", O_RDONLY) = 4 271 | openat(AT_FDCWD, "/home/john/.vimrc.local", O_RDONLY|O_NONBLOCK) = 5 272 | openat(AT_FDCWD, "/home/john/.vimrc.local", O_RDONLY) = 5 273 | openat(AT_FDCWD, "/usr/share/vim/vim81/syntax/syntax.vim", O_RDONLY) = 6 274 | openat(AT_FDCWD, "/usr/share/vim/vim81/syntax/synload.vim", O_RDONLY) = 7 275 | openat(AT_FDCWD, "/home/john/.vim/syntax/syncolor.vim", O_RDONLY) = 8 276 | openat(AT_FDCWD, "/usr/share/vim/vim81/syntax/syncolor.vim", O_RDONLY) = 8 277 | openat(AT_FDCWD, "/usr/share/vim/vim81/rgb.txt", O_RDONLY) = 9 278 | openat(AT_FDCWD, "/usr/share/vim/vim81/filetype.vim", O_RDONLY) = 7 279 | openat(AT_FDCWD, "/home/john/.vim/ftdetect/", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 8 280 | openat(AT_FDCWD, "/home/john/.vim/ftdetect/bind-named.vim", O_RDONLY) = 8 281 | openat(AT_FDCWD, "/home/john/.vim/ftdetect/bindzone.vim", O_RDONLY) = 8 282 | openat(AT_FDCWD, "/home/john/.vim/ftdetect/bro.vim", O_RDONLY) = 8 283 | openat(AT_FDCWD, "/home/john/.vim/ftdetect/nftables.vim", O_RDONLY) = 8 284 | openat(AT_FDCWD, "/home/john/.vim/ftdetect/tatsu.vim", O_RDONLY) = 8 285 | openat(AT_FDCWD, "/home/john/.vim/colors/elflord.vim", O_RDONLY) = 6 286 | openat(AT_FDCWD, "/home/john/.vim/syntax/syncolor.vim", O_RDONLY) = 7 287 | openat(AT_FDCWD, "/usr/share/vim/vim81/syntax/syncolor.vim", O_RDONLY) = 7 288 | openat(AT_FDCWD, "/home/john/.vim/syntax/syncolor.vim", O_RDONLY) = 7 289 | openat(AT_FDCWD, "/usr/share/vim/vim81/syntax/syncolor.vim", O_RDONLY) = 7 290 | openat(AT_FDCWD, "/home/john/.vim/syntax/syncolor.vim", O_RDONLY) = 7 291 | openat(AT_FDCWD, "/usr/share/vim/vim81/syntax/syncolor.vim", O_RDONLY) = 7 292 | openat(AT_FDCWD, "/usr/share/vim/vim81/filetype.vim", O_RDONLY) = 5 293 | openat(AT_FDCWD, "/usr/share/vim/vim81/filetype.vim", O_RDONLY) = 5 294 | openat(AT_FDCWD, "/usr/share/vim/vim81/ftplugin.vim", O_RDONLY) = 5 295 | openat(AT_FDCWD, "/usr/share/vim/vim81/syntax/syntax.vim", O_RDONLY) = 5 296 | openat(AT_FDCWD, "/usr/share/vim/vim81/syntax/nosyntax.vim", O_RDONLY) = 6 297 | openat(AT_FDCWD, "/usr/share/vim/vim81/syntax/synload.vim", O_RDONLY) = 6 298 | openat(AT_FDCWD, "/home/john/.vim/colors/elflord.vim", O_RDONLY) = 7 299 | openat(AT_FDCWD, "/home/john/.vim/syntax/syncolor.vim", O_RDONLY) = 8 300 | openat(AT_FDCWD, "/usr/share/vim/vim81/syntax/syncolor.vim", O_RDONLY) = 8 301 | openat(AT_FDCWD, "/home/john/.vim/syntax/syncolor.vim", O_RDONLY) = 8 302 | openat(AT_FDCWD, "/usr/share/vim/vim81/syntax/syncolor.vim", O_RDONLY) = 8 303 | openat(AT_FDCWD, "/home/john/.vim/colors/elflord.vim", O_RDONLY) = 5 304 | openat(AT_FDCWD, "/home/john/.vim/syntax/syncolor.vim", O_RDONLY) = 6 305 | openat(AT_FDCWD, "/usr/share/vim/vim81/syntax/syncolor.vim", O_RDONLY) = 6 306 | openat(AT_FDCWD, "/home/john/.vim/syntax/syncolor.vim", O_RDONLY) = 6 307 | openat(AT_FDCWD, "/usr/share/vim/vim81/syntax/syncolor.vim", O_RDONLY) = 6 308 | openat(AT_FDCWD, "/usr/share/vim/vim81/pack/", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 309 | openat(AT_FDCWD, "/home/john/.vim/plugin/", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 310 | openat(AT_FDCWD, "/home/john/.vim/plugin/", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 311 | openat(AT_FDCWD, "/home/john/.vim/plugin/hilinks.vim", O_RDONLY) = 4 312 | openat(AT_FDCWD, "/var/lib/vim/addons/plugin/", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 313 | openat(AT_FDCWD, "/var/lib/vim/addons/plugin/", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 314 | openat(AT_FDCWD, "/var/lib/vim/addons/plugin/syntastic/", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 315 | openat(AT_FDCWD, "/var/lib/vim/addons/plugin/syntastic/", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 316 | openat(AT_FDCWD, "/var/lib/vim/addons/plugin/syntastic/autoloclist.vim", O_RDONLY) = 4 317 | openat(AT_FDCWD, "/var/lib/vim/addons/plugin/syntastic/balloons.vim", O_RDONLY) = 4 318 | openat(AT_FDCWD, "/var/lib/vim/addons/plugin/syntastic/checker.vim", O_RDONLY) = 4 319 | openat(AT_FDCWD, "/var/lib/vim/addons/plugin/syntastic/cursor.vim", O_RDONLY) = 4 320 | openat(AT_FDCWD, "/var/lib/vim/addons/plugin/syntastic/highlighting.vim", O_RDONLY) = 4 321 | openat(AT_FDCWD, "/var/lib/vim/addons/plugin/syntastic/loclist.vim", O_RDONLY) = 4 322 | openat(AT_FDCWD, "/var/lib/vim/addons/plugin/syntastic/modemap.vim", O_RDONLY) = 4 323 | openat(AT_FDCWD, "/var/lib/vim/addons/plugin/syntastic/notifiers.vim", O_RDONLY) = 4 324 | openat(AT_FDCWD, "/var/lib/vim/addons/plugin/syntastic/registry.vim", O_RDONLY) = 4 325 | openat(AT_FDCWD, "/var/lib/vim/addons/plugin/syntastic/signs.vim", O_RDONLY) = 4 326 | openat(AT_FDCWD, "/var/lib/vim/addons/plugin/syntastic.vim", O_RDONLY) = 4 327 | openat(AT_FDCWD, "/var/lib/vim/addons/autoload/syntastic/util.vim", O_RDONLY) = 5 328 | openat(AT_FDCWD, "/var/lib/vim/addons/plugin/syntastic/", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 329 | openat(AT_FDCWD, "/var/lib/vim/addons/plugin/syntastic/autoloclist.vim", O_RDONLY) = 5 330 | openat(AT_FDCWD, "/var/lib/vim/addons/plugin/syntastic/balloons.vim", O_RDONLY) = 5 331 | openat(AT_FDCWD, "/var/lib/vim/addons/plugin/syntastic/checker.vim", O_RDONLY) = 5 332 | openat(AT_FDCWD, "/var/lib/vim/addons/plugin/syntastic/cursor.vim", O_RDONLY) = 5 333 | openat(AT_FDCWD, "/var/lib/vim/addons/plugin/syntastic/highlighting.vim", O_RDONLY) = 5 334 | openat(AT_FDCWD, "/var/lib/vim/addons/plugin/syntastic/loclist.vim", O_RDONLY) = 5 335 | openat(AT_FDCWD, "/var/lib/vim/addons/plugin/syntastic/modemap.vim", O_RDONLY) = 5 336 | openat(AT_FDCWD, "/var/lib/vim/addons/plugin/syntastic/notifiers.vim", O_RDONLY) = 5 337 | openat(AT_FDCWD, "/var/lib/vim/addons/plugin/syntastic/registry.vim", O_RDONLY) = 5 338 | openat(AT_FDCWD, "/var/lib/vim/addons/plugin/syntastic/signs.vim", O_RDONLY) = 5 339 | openat(AT_FDCWD, "/usr/share/vim/vim81/plugin/", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 340 | openat(AT_FDCWD, "/usr/share/vim/vim81/plugin/", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 341 | openat(AT_FDCWD, "/usr/share/vim/vim81/plugin/getscriptPlugin.vim", O_RDONLY) = 4 342 | openat(AT_FDCWD, "/usr/share/vim/vim81/plugin/gzip.vim", O_RDONLY) = 4 343 | openat(AT_FDCWD, "/usr/share/vim/vim81/plugin/logiPat.vim", O_RDONLY) = 4 344 | openat(AT_FDCWD, "/usr/share/vim/vim81/plugin/manpager.vim", O_RDONLY) = 4 345 | openat(AT_FDCWD, "/usr/share/vim/vim81/plugin/matchparen.vim", O_RDONLY) = 4 346 | openat(AT_FDCWD, "/usr/share/vim/vim81/plugin/netrwPlugin.vim", O_RDONLY) = 4 347 | openat(AT_FDCWD, "/usr/share/vim/vim81/plugin/rrhelper.vim", O_RDONLY) = 4 348 | openat(AT_FDCWD, "/usr/share/vim/vim81/plugin/spellfile.vim", O_RDONLY) = 4 349 | openat(AT_FDCWD, "/usr/share/vim/vim81/plugin/tarPlugin.vim", O_RDONLY) = 4 350 | openat(AT_FDCWD, "/usr/share/vim/vim81/plugin/tohtml.vim", O_RDONLY) = 4 351 | openat(AT_FDCWD, "/usr/share/vim/vim81/plugin/vimballPlugin.vim", O_RDONLY) = 4 352 | openat(AT_FDCWD, "/usr/share/vim/vim81/plugin/zipPlugin.vim", O_RDONLY) = 4 353 | openat(AT_FDCWD, "/usr/share/vim/vim81/pack/", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 354 | openat(AT_FDCWD, "/home/john/.viminfo", O_RDONLY) = 5 355 | openat(AT_FDCWD, "/home/john/.viminfo", O_RDONLY) = 6 356 | openat(AT_FDCWD, "/home/john/.vim/ftplugin/", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 6 357 | openat(AT_FDCWD, "/usr/share/vim/vim81/ftplugin/", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 6 358 | openat(AT_FDCWD, "/usr/share/vim/vim81/syntax/named.vim", O_RDONLY) = 6 359 | openat(AT_FDCWD, "/var/lib/vim/addons/autoload/syntastic/log.vim", O_RDONLY) = 6 360 | openat(AT_FDCWD, "/home/john/.viminfo", O_RDONLY) = 4 361 | openat(AT_FDCWD, "/home/john/.viminfo.tmp", O_WRONLY|O_CREAT|O_EXCL|O_NOFOLLOW, 0600) = 6 362 | ``` 363 | 364 | You can see that Vim editor checks for many syntax files before it 365 | decided on `syntax/named.vim`. That decision was made 366 | when `ftdetect/named.vim` detected a filename called 367 | `named.conf` using a filename/filetype detection. 368 | 369 | Back to the Reloading Key, put the following near at the end 370 | of your `~/.vimrc` of the file. 371 | 372 | ```vim 373 | " Toggle reload of syntax files 374 | " Didn't have desired effect on reloading syntax files; noremap :source $MYVIMRC 375 | " 376 | noremap :source $MYVIMRC 377 | inoremap

:source $MYVIMRC 378 | ``` 379 | 380 | Now you have a reload function key available at your very next 381 | Vim edit session. 382 | 383 | Any changes you make to your `~/.vim/syntax/` will immediately 384 | show the changes made by your recent changes to highlight syntax(es) 385 | at the press of F12 key. 386 | 387 | I saved myself from doing 18 keystrokes and going back and forth 388 | between two different terminal sessions by using this new F12 keystroke. 389 | 390 | * Now its 1st terminal, Vim `:w` command. 391 | * And 2nd terminal, F12 key to reload new syntax file. 392 | * Back and forth. 393 | 394 | Ok, four keystrokes and a window switch (either by mouse or 395 | Alt-Tab key-combo on most Unix window managers). 396 | 397 | Still haven't started debugging yet. Blind Man Development Cycle, still. 398 | 399 | Continuous Status 400 | ----------------- 401 | 402 | As I was about on my 5th of 134 pseudo-BNF syntax, more but serious 403 | debugging analysis is now required. The hitting of F10 key repeatedly 404 | on each cursor position was starting to drive me mad just to get 405 | a clearer picture. 406 | 407 | Searching the Internet for a better solution, I found this 408 | HiLinkTrace (`hilinks`) Vim bundle from Charles 409 | Campbell (aka Dr. Chip). It's an older version 410 | 4 but it works on my latest Vim v8.1! 411 | 412 | Update: There is an version v4m at [Dr. Chip](http://www.drchip.org/astronaut/vim/vbafiles/hilinks.vba.gz) that is detailed on his [website](http://www.drchip.org/astronaut/vim/index.html#HILINKS). 413 | 414 | But I got mine `git clone` from [Kergoth's Github](https://github.com/kergoth/vim-hilinks). 415 | 416 | Files are in "VimBall" format and often denoted using `.vba` filetype. 417 | 418 | If you retrieved your file from Dr. Chip, execute: 419 | 420 | ```bash 421 | mkdir ~/.vim/bundle 422 | cd ~/.vim/bundle/ 423 | wget http://www.drchip.org/astronaut/vim/vbafiles/hilinks.vba.gz 424 | gunzip hilinks.vba.gz 425 | vim hilinks.vba 426 | ``` 427 | 428 | If you got it from Github, then execute: 429 | 430 | ```bash 431 | mkdir ~/.vim/bundle 432 | git clone https://github.com/kergoth/vim-hilinks 433 | cd vim-hilinks 434 | vim hilinks.vba 435 | ``` 436 | 437 | And from either methods above, execute the Vimball installation 438 | from Vim edit session: 439 | 440 | ```vim 441 | " execute the current VimBall file 442 | :source % 443 | ``` 444 | 445 | It now installed! And ready for your next new Vim edit session. 446 | 447 | Activating Live HiLinks Status 448 | ------------------------------ 449 | 450 | After that strange Vimball installation (remember, my lab is offline so 451 | remote updating within Vim plugins is not an option for me), I'm now 452 | starting up a new "viewing" (2nd) terminal session. 453 | 454 | I see my highlight syntax macros and its highlighters in my local 455 | Vim (`~/.vim/syntax/bind-named.vim`) syntax setting file inside 456 | my "editing" 1st terminal session. 457 | 458 | In the "viewing" 2nd terminal session, I activated the Live HiLinks status 459 | by executing: 460 | 461 | ```vim 462 | :HLTm 463 | ``` 464 | 465 | The status bar then comes alive with: 466 | 467 | ```console 468 | SynStack: namedStmtKeyword HltTrace: namedStmtKeyword->namedHLStatement->Statement fg<11> bg<> 469 | ``` 470 | 471 | My cursor was over the yellow `acl` keyword when I saw the status bar. The 472 | breakdown of the status bar is: 473 | 474 | * `SynStack` - Syntax stack content 475 | * `HltTrace` - Highlight tracing 476 | * `fg` - Foreground color used 477 | * `bg` - Background color used 478 | 479 | For `SynStack`, the syntax stack content is `namedStmtKeyword`. This means 480 | that the nesting part of syntax calling other syntax (calling other syntax) is 481 | one level deep. First syntax encountered. Nothing fancy. Nice and simple. 482 | 483 | For `HltTrace`, this is a function of which highlighting color got used. 484 | Each level (`->`) is an alias of another level. First one is the 485 | top-level highlight color name associated with the SynStack 486 | (coincidentally also named `namedStmtKeyword`). Each alias takes us 487 | closer to the actual color used. `namedHLStatement` is a generic 488 | `syntax/bind-named.vim`-specific alias. And `Statement` is a default Vim 489 | color. 490 | 491 | For `fg` foreground color, it uses ANSI color 11. 492 | 493 | And after some digging on the Internet, I show Vim color code scheme below: 494 | 495 | ``` 496 | Vim colors: 497 | 0 black 498 | 1 dark red 499 | 2 dark green 500 | 3 brown 501 | 4 dark blue 502 | 5 dark magenta 503 | 6 dark cyan 504 | 7 light grey 505 | 8 dark grey 506 | 9 red 507 | 10 green 508 | 11 yellow 509 | 12 blue 510 | 13 magenta 511 | 14 cyan 512 | 15 white 513 | ``` 514 | 515 | Bigger And Deeper 516 | ----------------- 517 | 518 | As I developed more nested syntaxes and used longer syntax function name, 519 | the one-line status bar got overrun and made a screen mess of things. 520 | 521 | I fixed that by expanding the status bar into a 2-line status bar. 522 | 523 | To activate a 2-line status at the bottom of your Vim terminal session 524 | and start showing your longer highlight debug information as you move 525 | your cursor around: 526 | 527 | ```bash 528 | :set laststatus=2 529 | ``` 530 | 531 | That is all for now. 532 | -------------------------------------------------------------------------------- /INSTALL.md: -------------------------------------------------------------------------------- 1 | Installing Vim Syntax File 2 | ========================== 3 | 4 | Of all the things that I have tried to do in order to debug a brand 5 | new syntax file for Vim editor, the following steps are my best and 6 | easiest to use and I hope they are to you as well. 7 | 8 | Preparing Your Home Settings 9 | ---------------------------- 10 | 11 | If you do not have a `.vim` subdirectory in your `$HOME` directory, 12 | create that subdirectory: 13 | 14 | ```bash 15 | mkdir $HOME/.vim 16 | ```` 17 | If you do not have a `syntax` or `ftdetect` subdirectory under that `.vim` directory, create them as needed: 18 | 19 | ```bash 20 | mkdir $HOME/.vim/syntax 21 | mkdir $HOME/.vim/ftdetect 22 | ``` 23 | 24 | Copying Vim Syntax Files 25 | ------------------------ 26 | Copy the Vim syntax files from my github repository into your Vim local 27 | settings: 28 | 29 | ```bash 30 | cd $HOME/myworkspace 31 | git clone https://github.com/egberts/vim-syntax-bind-named 32 | cp -R vim-syntax-bind-named/syntax/* ~/.vim/syntax/ 33 | cp -R vim-syntax-bind-named/ftdetect/* ~/.vim/ftdetect/ 34 | ``` 35 | 36 | See the Highlightings 37 | --------------------- 38 | To see highlighting in action, use the enclosed test file for highlighting of ISC Bind named configuration file: 39 | 40 | ```bash 41 | vim vim-syntax-bind-named/test/example-named.conf 42 | ``` 43 | 44 | 45 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 Egbert 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | vim-syntax-bind-named 2 | ===================== 3 | 4 | Highlights your Bind9 `named.conf` (and zones and its include files) in 5 | vim editor session. 6 | 7 | Uses 4-bit (16-color) Vim color scheme. Supports light/dark theme too. 8 | 9 | To quickly see nearly all permutation of Bind9 named.conf configuration settings 10 | , run: 11 | 12 | vim test/example-9.16-named.conf 13 | 14 | This is where most of my animated GIF came from. 15 | 16 | This project aims to replace the stock Vim syntax highlighting for ISC Bind 17 | (`named.vim`), by updating it to recognize the new RRs that came out in 18 | the last few decade and also to highlight more clauses/statements/keywords that ISC Bind9 has incorporated as of late. 19 | 20 | ![Example](https://raw.githubusercontent.com/egberts/gist/master/vim-syntax-bind-named-front-page.png "Example") 21 | 22 | As comment lines throughout this `bind-named.vim` syntax file, I incorporate 23 | nearly all the revised psuedo-BNF syntax for every `named.conf` statement 24 | keywords encountered. These psuedo-BNF syntax may (often) not match the 25 | official ISC Bind documentation because its C source code 26 | takes final precedence here. 27 | 28 | FEATURES 29 | -------- 30 | 31 | October 16, 2021 32 | * v9.16 supported 33 | * many filespec arguments are now forced double-quote syntax. 34 | 35 | Original release 36 | * new `named.conf` keywords supported 37 | * All 3 comment styles supported: C++, C, bash. 38 | * IPv6 syntax checking 39 | * link-local IPv6 addresses with zone numeric and name index 40 | * IPv4-mapped IPv6 addresses and IPv4-translated addresses 41 | * IPv4-Embedded IPv6 Address 42 | * a comprehensive test named.conf file for later tweaking of this syntax file. 43 | * Bold-Highlighting TODO, FIXME, and XXX in comment lines. 44 | * Supports many include statements for large enterprise (or whitelabs). 45 | * New filetype detections 46 | * `rndc.conf` Filetype detection 47 | * supports `rndc.key` 48 | * Still supports named.conf 49 | * Filetype detection, both expanded (and constrained) 50 | * Constrained to `named-*.conf` from `named*.conf` 51 | * Constrained to `named_*.conf` from `named*.conf` 52 | * Constrained to `named.*.conf` from `named*.conf` 53 | * Expanded to `*-named.conf` 54 | * Expanded to `*_named.conf` 55 | * Expanded to `*.named.conf` 56 | * Expanded to `rndc_*.conf` 57 | * Expanded to `rndc-*.conf` 58 | * Expanded to `rndc.*.conf` 59 | * Expanded to `*_rndc.conf` 60 | * Expanded to `*-rndc.conf` 61 | * Expanded to `*.rndc.conf` 62 | * support for Array-type ACL names. 63 | 64 | Filetype Constraints/Expansion 65 | ------------------------------ 66 | The `rndc.conf` is now supported (along with its filename variants, as long as 67 | as the filename portion begins with `rndcX` or ends with `Xrndc` and the letter 68 | X signifies a period, an underscore, or a dash/minus symbol. 69 | 70 | There's a namedXXXXX.conf out there being used by a database so I figured 71 | we constrained it a bit with a dash, an underscore, or a period symbol. 72 | 73 | In my huge internal whitelab bastion server, I run two separate named daemon 74 | and its configuration files, they all get included into their respective 75 | `named-XXXX.conf`: 76 | 77 | /etc/bind/named-public.conf 78 | /etc/bind/public/acl-named.conf 79 | /etc/bind/public/channels-named.conf 80 | /etc/bind/public/controls-named.conf 81 | /etc/bind/public/dnssec-keys-named.conf 82 | /etc/bind/public/masters-named.conf 83 | /etc/bind/public/options-named.conf 84 | /etc/bind/public/servers-named.conf 85 | /etc/bind/public/statistics-named.conf 86 | /etc/bind/public/view.red 87 | /etc/bind/rndc-public.conf 88 | 89 | /etc/bind/named-internal.conf 90 | /etc/bind/internal/options-named.conf 91 | /etc/bind/internal/acl-named.conf 92 | /etc/bind/internal/channels-named.conf 93 | /etc/bind/internal/controls-named.conf 94 | /etc/bind/internal/masters-named.conf 95 | /etc/bind/internal/view.red 96 | /etc/bind/internal/view.dmz 97 | /etc/bind/internal/view.yellow 98 | /etc/bind/internal/view.green 99 | /etc/bind/rndc-internal.conf 100 | 101 | Array-Type ACL Names 102 | -------------------- 103 | Imagine my surprise in the current Bind version that ACL names can 104 | support some form of Python/C/C++ language array naming convention. 105 | 106 | Yeah, ACL names like: 107 | ```named 108 | acl my_firewall[red][zoom] { acl_conference_rooms; }; 109 | acl my_firewall[red][facetime] { acl_conference_rooms; }; 110 | acl my_firewall[red][signal] { acl_conference_rooms; }; 111 | ``` 112 | Pretty cool, uh? 113 | 114 | 115 | IPv6 Patterns Supported 116 | ----------------------- 117 | The following patterns for IPv6 addresses are supported: 118 | 119 | * 1:2:3:4:5:6:7:8 120 | * 1:: 1:2:3:4:5:6:7:: 121 | * 1::8 1:2:3:4:5:6::8 1:2:3:4:5:6::8 122 | * 1::7:8 1:2:3:4:5::7:8 1:2:3:4:5::8 123 | * 1::6:7:8 1:2:3:4::6:7:8 1:2:3:4::8 124 | * 1::5:6:7:8 1:2:3::5:6:7:8 1:2:3::8 125 | * 1::4:5:6:7:8 1:2::4:5:6:7:8 1:2::8 126 | * 1::3:4:5:6:7:8 1::3:4:5:6:7:8 1::8 127 | * ::2:3:4:5:6:7:8 ::2:3:4:5:6:7:8 ::8 :: 128 | * fe80::7:8%eth0 fe80::7:8%1 129 | * ::255.255.255.255 ::ffff:255.255.255.255 ::ffff:0:255.255.255.255 130 | * 2001:db8:3:4::192.0.2.33 64:ff9b::192.0.2.33 131 | 132 | PLANS 133 | ----- 134 | 135 | I plan to: 136 | 137 | * replace the stock Vim `bindzone.vim`, but that is something that I 138 | would welcome anyone to submit ... easily. 139 | Instead, I'm focused on doing this hard problem of creating these 140 | syntaxes for `bind-named.vim` (Bind named configuration file). 141 | 142 | * make this work steadily across ALL versions of Bind, but in 143 | starting with the current v9.16 and then OUTWARD toward v4 and 144 | v10: I managed to do this mostly. 145 | 146 | * NOT to make a Vim bundle zip file (for remote upgrading/downloading): 147 | I work offline and my whitelab is offline, so someone else is more than 148 | welcome to do the bunzip'ing. 149 | 150 | * make the FINAL CALL here for this syntax development using its C source 151 | code. Mistakes will be made: I'm human too. ISC Bind9 documentation 152 | project is not something to rely on when devising this VIM syntax for 153 | its named configuration file. 154 | I do have ALL released (and some minor) versions of Bind4, Bind8, 155 | Bind9, and Bind10 documentation as well as its source code. 156 | 157 | I maintain those lifetime of keywords for `named.conf` and its many 158 | characteristics into my Pythonized ISC Bind keyword dictionary maintained over 159 | at [egberts' repo at Github](https://github.com/egberts/bind9_parser/blob/master/examples/rough-draft/namedconfglobal.py). 160 | Some Python database characteristics for each keywords are: 161 | 162 | * statement occurance count 163 | * occurs multiple times 164 | * default value 165 | * validity of value methods 166 | * found-within which other statement 167 | * multi-line-ordering ID 168 | * user-defined indices 169 | * top-level statement flag 170 | * output ordering ID 171 | * introduced in which version 172 | * obsoleted by which version 173 | * keyword topic 174 | * server-type 175 | * required statement flag 176 | * subordering matter flag 177 | * Python dictionary indice by name 178 | 179 | 180 | Bug Reporting 181 | ------------- 182 | If you have any issues with this syntax file, see if you can: 183 | 184 | * pay attention to the closing semicolon and ensure that it is highlighted as soft or light green. 185 | If the semicolon is dark-cyan, then that is the point of syntax failure. 186 | 187 | * keep narrowing down the offending line until it stopped offending, hopefully 188 | it is just to just one (or few) lines. No need to expose your entire `named.conf` 189 | Don't forget to change all IP addresses (unless that breaks too) for 190 | your privacy sake. 191 | 192 | * post/file the offending line over at my [Github issue](https://github.com/egberts/vim-syntax-bind-named/issues). 193 | 194 | * detail the wrong highlight and state what you think is to be its 195 | correct highlight, if applicable. 196 | 197 | 198 | Debugging Vim Syntax 199 | -------------------- 200 | If you are bold enough to try your hand on debugging Vim syntax file, 201 | see my [DEBUG.md](https://github.com/egberts/vim-syntax-bind-named/blob/master/DEBUG.md) on how to debug a Vim syntax file. 202 | 203 | Install 204 | ------- 205 | See [INSTALL.md](https://github.com/egberts/vim-syntax-bind-named/blob/master/INSTALL.md) on how to install this Vim syntax to your local Vim settings. 206 | 207 | To Vim Developers 208 | ----------------- 209 | Note to Vim developers: During the prototyping of my IPv6 address 210 | syntax matching, I noticed that vim 8.1 can only support a maximum 211 | of 9 groupings of parenthesis, even if I used the "\%( ... \)" 212 | notation (instead of "$ ...$"). 213 | 214 | As a result of this Vim limitation, I've had to 215 | duplicate IPv6 match patterns through this syntax file to get around 216 | this vim 8.1 limitation. But it works and faster so. 217 | 218 | 219 | -------------------------------------------------------------------------------- /TODO: -------------------------------------------------------------------------------- 1 | 2 | 3 | dlz statement (in zone) got its entire block statement moved up to 4 | the new 'dlz' clause-level. dlz statement just now reference only a dlz_label. 5 | - Needs new 'dlz' clause/secton 6 | 7 | 'dual-stack-servers' in options clause needs more fleshing out. 8 | -------------------------------------------------------------------------------- /ftdetect/bind-named.vim: -------------------------------------------------------------------------------- 1 | " Vim ftdetect file for ISC BIND90 and named-related configuration files 2 | " Language: ISC BIND named configuration file 3 | " Filename: bind-named.conf 4 | " Path: ~/.vim/ftdetect 5 | " Maintainer: egberts 6 | " Last change: 2024-05-24 7 | " Filetypes: named.conf, rndc.conf 8 | " Filetypes: named[-_]*.conf, rndc[-_]*.conf 9 | " Filetypes: *[-_]named.conf 10 | " Filetypes: rndc.key 11 | " Source: http://github.com/egberts/bind-named-vim-syntax 12 | " License: MIT license 13 | " Remarks: 14 | " See syntax/bind-named.vim for additional info. 15 | " 16 | " users can disable loading the default plugin completely 17 | " by making a filetype plugin with only this line: 18 | " 19 | " let ignore_bind_named = 1 20 | 21 | " Only do this when not done yet for this buffer 22 | if exists("b:ignore_bind_named") 23 | finish 24 | endif 25 | let b:ignore_bind_named = 1 26 | 27 | au! BufNewFile,BufRead named.conf,rndc.conf,rndc.key,*-named.conf,*_named.conf,*.named.conf,named-*.conf,named_*.conf,named.*.conf,rndc-*.conf,rndc_*.conf,rndc.*.conf,rndc.key,rndc-*.key,rndc_*.key,rndc.key,pz.*,mz.*,sz.*,view.*,named.conf* set filetype=bind-named 28 | -------------------------------------------------------------------------------- /ftdetect/bindzone.vim: -------------------------------------------------------------------------------- 1 | au BufNewFile,BufRead named.root setf bindzone 2 | au BufNewFile,BufRead */named/*,*/bind/*,*.db,db.* call s:BindzoneCheck('') 3 | 4 | func! s:BindzoneCheck(default) 5 | if getline(1).getline(2).getline(3).getline(4) =~ '^; <<>> DiG [0-9.]\+ <<>>\|BIND.*named\|$ORIGIN\|$TTL\|IN\s\+SOA' 6 | setf bindzone 7 | elseif a:default != '' 8 | exe 'setf ' . a:default 9 | endif 10 | endfunc 11 | -------------------------------------------------------------------------------- /ftplugin/bind-named.vim: -------------------------------------------------------------------------------- 1 | " Vim ftplugin file for ISC BIND and named-related configuration file 2 | " Language: ISC BIND named configuration file 3 | " Filename: bind-named.conf 4 | " Path: ~/.vim/ftpplugin 5 | " Maintainer: egberts 6 | " Last change: 2024-05-24 7 | " Filetypes: named.conf, rndc.conf 8 | " Filetypes: named[-_]*.conf, rndc[-_]*.conf 9 | " Filetypes: *[-_]named.conf 10 | " Source: http://github.com/egberts/bind-named-vim-syntax 11 | " License: MIT license 12 | " Remarks: 13 | " users can disable loading the default plugin completely by making a 14 | " filetype plugin with only this line: 15 | " let ignore_bind_name = 1 16 | " 17 | " 18 | " Only do this when not done yet for this buffer 19 | if exists("b:ignore_bind_named") 20 | finish 21 | endif 22 | let b:ignore_bind_named = 1 23 | 24 | let namedindent_override_with_local_expandtab = exists("g:namedident_override_with_local_expandtab") 25 | let namedindent_disable_expandtab = get(g:,"namedident_disable_expandtab", 0) 26 | 27 | 28 | setlocal tabstop=4 29 | setlocal softtabstop=4 30 | setlocal shiftwidth=4 31 | 32 | " If you prefer not to change your settings of hard/soft tab characters 33 | " instead of replacement with spaces but leave as it is, that is 34 | " this default behavior here. 35 | 36 | 37 | " If you prefer hard tab characters instead of replacement with spaces 38 | " only within this Vim bind-named ftplugin, 39 | " put the following into your ~/.vim/after/bind-named.vim to disable 40 | " this `setlocal expandtab` 41 | " 42 | " namedident_override_with_local_expandtab = 1 43 | " namedident_disable_expandtab = 1 44 | " 45 | " In the case of having noexpandtab in your local vimrc, and want 46 | " Bind named using hard tab, set the following 47 | " 48 | " namedident_override_with_local_expandtab = 1 49 | " namedident_disable_expandtab = 0 50 | 51 | if namedindent_override_with_local_expandtab != 0 52 | 53 | if namedindent_disable_expandtab != 0 54 | " expandtab got defined elsewhere, so we use hard tab, locally 55 | setlocal noexpandtab 56 | echomsg "No nein Expandtabby..." 57 | else 58 | " noexpandtab got defined elsewhere, so we use hard tab, locally 59 | " echomsg "Expandtabby..." 60 | setlocal expandtab 61 | endif 62 | endif 63 | 64 | setlocal expandtab 65 | filetype plugin indent on 66 | 67 | setlocal completefunc=syntaxcomplete#Complete 68 | -------------------------------------------------------------------------------- /syntax/bindzone.vim: -------------------------------------------------------------------------------- 1 | " Vim syntax file 2 | " Language: BIND zone files (RFC1035) 3 | " Maintainer: Mathieu Arnold 4 | " URL: https://github.com/Absolight/vim-bind 5 | " Last Change: Mon 2020-09-14 21:21:13 UTC 6 | " 7 | " Based on an earlier version by Julian Mehnle, with heavy modifications. 8 | 9 | if exists("b:current_syntax") 10 | finish 11 | endif 12 | 13 | syn case match 14 | 15 | syn sync fromstart 16 | 17 | " Directives 18 | syn region zoneRRecord start=/\v^/ end=/\v$/ contains=zoneOwnerName,zoneSpecial,zoneComment,zoneUnknown 19 | 20 | syn match zoneDirective /\v^\$ORIGIN\s+/ nextgroup=zoneOrigin,zoneUnknown 21 | syn match zoneDirective /\v^\$TTL\s+/ nextgroup=zoneNumber,zoneTTL,zoneUnknown 22 | syn match zoneDirective /\v^\$INCLUDE\s+/ nextgroup=zoneText,zoneUnknown 23 | syn match zoneDirective /\v^\$GENERATE\s/ 24 | hi def link zoneDirective Macro 25 | 26 | syn match zoneUnknown contained /\v\S+/ 27 | hi def link zoneUnknown Error 28 | 29 | syn match zoneOwnerName contained /\v^[^[:space:]!"#$%&'()*+,\/:;<=>?@[\]\^`{|}~]*(\s|;)@=/ nextgroup=zoneTTL,zoneClass,zoneRRType skipwhite 30 | hi def link zoneOwnerName Statement 31 | 32 | syn match zoneOrigin contained /\v[^[:space:]!"#$%&'()*+,\/:;<=>?@[\]\^`{|}~]+(\s|;|$)@=/ 33 | hi def link zoneOrigin Statement 34 | 35 | syn match zoneDomain contained /\v([^[:space:]!"#$%&'()*+,\/:;<=>?@[\]\^`{|}~]+|\@)(\s|;|$)@=/ 36 | hi def link zoneDomain Underlined 37 | 38 | " syn match zoneCAA_QuotedTagValue contained /\v"(([\x21-\x3a])|([\x37-\x7e])){1,255)"(\s|;|$)@=/ 39 | syn match zoneCAA_QuotedTagValue contained /\v"(([\x21\x23-\x7e])){1,255}"/ 40 | hi def link zoneCAA_QuotedTagValue String 41 | 42 | syn match zoneSpecial contained /\v^(\@|\*(\.\S*)?)\s@=/ nextgroup=zoneTTL,zoneClass,zoneRRType skipwhite 43 | hi def link zoneSpecial Special 44 | 45 | syn match zoneTTL contained /\v<(\d[HhWwDd]?)*>/ nextgroup=zoneClass,zoneRRType skipwhite 46 | hi def link zoneTTL Constant 47 | 48 | syn keyword zoneClass contained IN CHAOS CH HS ANY nextgroup=zoneRRType,zoneTTL skipwhite 49 | hi def link zoneClass Include 50 | 51 | syn match zoneCAA_unknown_tag contained 52 | \ /\v<[a-zA-Z0-9]{1,64}>/ 53 | \ skipwhite 54 | \ nextgroup=zoneCAA_QuotedTagValue 55 | hi def link zoneCAA_unknown_tag Special 56 | 57 | syn match zoneCAA_property_issue contained /issue/ skipwhite 58 | \ nextgroup=zoneCAA_QuotedTagValue 59 | hi def link zoneCAA_property_issue Variable 60 | 61 | syn match zoneCAA_property_issuewild contained /issuewild/ skipwhite 62 | \ nextgroup=zoneCAA_QuotedTagValue 63 | hi def link zoneCAA_property_issuewild Variable 64 | 65 | syn match zoneCAA_property_iodef contained /iodef/ skipwhite 66 | \ nextgroup=zoneCAA_QuotedTagValue 67 | hi def link zoneCAA_property_iodef Variable 68 | 69 | syn match zoneCAA_Number contained /\v\d{1,3}/ skipwhite 70 | \ nextgroup= 71 | \ zoneCAA_property_issue, 72 | \ zoneCAA_property_issuewild, 73 | \ zoneCAA_property_iodef, 74 | \ zoneCAA_unknown_tag 75 | hi def link zoneCAA_Number Constant 76 | 77 | 78 | let s:dataRegexp = {} 79 | let s:dataRegexp["zoneNumber"] = "/\\v<[0-9]+>/" 80 | let s:dataRegexp["zoneDomain"] = "/\\v[^[:space:]!\"#$%&'()*+,\\/:;<=>?@[\\]\\^`{|}~]+[^[:space:]!\"#$%&'()*+,\\/:;<=>?@[\\]\\^`{|}~]@!/" 81 | let s:dataRegexp["zoneBase64"] = "/\\v[[:space:]]@<=[a-zA-Z0-9\\/\\=\\+]+[a-zA-Z0-9\\/\\=\\+]@!/" 82 | let s:dataRegexp["zoneHex"] = "/\\v<[a-fA-F0-9]+>/" 83 | let s:dataRegexp["zoneRR"] = "/\\v<[A-Z0-9]+>/" 84 | let s:dataRegexp["zoneText"] = "/\\v\"([^\"\\\\]|\\\\.)*\"/" 85 | let s:dataRegexp["zoneSerial"] = "/\\v<[0-9]{9,10}>/" 86 | let s:dataRegexp["zoneTTL"] = "/\\v<(\\d[HhWwDd]?)+>/" 87 | 88 | function! s:zoneName(...) 89 | return "zone_" . join(a:000, "_") 90 | endfunction 91 | 92 | function! s:createChain(whose, ...) 93 | let l:first = join(split(a:whose, " "), "_") 94 | for args in a:000 95 | if type(args) == type("") 96 | let i = [args] 97 | else 98 | let i = args 99 | endif 100 | let l:size = len(i) 101 | let l:c = 0 102 | exe "syn keyword zoneRRType contained " . a:whose . " skipwhite nextgroup=" . s:zoneName(l:first, l:c) . "," . s:zoneName(l:first, l:c, "SP") 103 | while l:c < l:size 104 | let l:keyword = i[l:c] 105 | 106 | let l:str = "syn match " . s:zoneName(l:first, l:c) . " contained skipwhite " . s:dataRegexp[l:keyword] 107 | if l:c == l:size - 1 108 | " if we're at the end, loop. 109 | let l:str = l:str . " nextgroup=" . s:zoneName(l:first, l:c) 110 | else 111 | " if we're not at the end, nextgroup may be the next group or a 112 | " parenthesis. 113 | let l:str = l:str . " nextgroup=" . s:zoneName(l:first, l:c + 1) 114 | \ . "," . s:zoneName(l:first, l:c, "SP") 115 | endif 116 | exe l:str 117 | exe "hi link " . s:zoneName(l:first, l:c) . " " . l:keyword 118 | 119 | if l:c < size - 1 120 | let l:d = l:c + 1 121 | " or, it could be a multiline record which can start by either a 122 | " the first type, or a comment followed by the first type. 123 | exe "syn region " . s:zoneName(l:first, l:c, "SP") . " contained start=\"(\" end=\")\" skipwhite skipnl" 124 | \" contains=" . s:zoneName(l:first,l:c,l:d) . "," s:zoneName(l:first, l:c, l:d - 1, "Comment") 125 | exe "hi link " . s:zoneName(l:first, l:c, "SP") . " Macro" 126 | exe "syn match " . s:zoneName(l:first, l:c, l:d - 1, "Comment") . " /\\v\\;.*/" . " skipwhite skipnl nextgroup=" . s:zoneName(l:first, l:c, l:d) 127 | exe "hi link " . s:zoneName(l:first, l:c, l:d - 1, "Comment") . " zoneComment" 128 | while l:d < l:size 129 | let l:keyword = i[l:d] 130 | 131 | if l:d == l:size - 1 132 | let l:next = l:d 133 | else 134 | let l:next = l:d + 1 135 | endif 136 | 137 | exe "syn match " . s:zoneName(l:first, l:c, l:d) . " contained skipwhite skipnl " . s:dataRegexp[l:keyword] 138 | \ . " nextgroup=" . s:zoneName(l:first, l:c, l:next) . "," . s:zoneName(l:first, l:c, l:d, "Comment") 139 | exe "hi link " . s:zoneName(l:first, l:c, l:d) . " " . l:keyword 140 | 141 | exe "syn match " . s:zoneName(l:first, l:c, l:d, "Comment") . " /\\v\\;.*/" . " skipwhite skipnl nextgroup=" . s:zoneName(l:first, l:c, l:next) 142 | exe "hi link " . s:zoneName(l:first, l:c, l:d, "Comment") . " zoneComment" 143 | 144 | let l:d += 1 145 | endwhile 146 | endif 147 | let l:c += 1 148 | endwhile 149 | endfor 150 | endfunction 151 | 152 | " From : 153 | " http://www.iana.org/assignments/dns-parameters/dns-parameters.xml#dns-parameters-3 154 | " keep sorted by rrtype value as possible, no obsolete or experimental RR. 155 | syn keyword zoneRRType contained A nextgroup=zoneIPAddr skipwhite 156 | syn keyword zoneRRType contained AAAA nextgroup=zoneIP6Addr skipwhite 157 | syn keyword zoneRRType contained NS CNAME PTR DNAME nextgroup=zoneDomain skipwhite 158 | syn keyword zoneRRType contained CAA skipwhite 159 | \ nextgroup=zoneCAA_Number 160 | call s:createChain("OPENPGPKEY", ["zoneHex"]) 161 | call s:createChain("MX", ["zoneNumber", "zoneDomain"]) 162 | call s:createChain("SRV", ["zoneNumber", "zoneNumber", "zoneNumber", "zoneDomain"]) 163 | call s:createChain("DS DLV TLSA NSEC3PARAM", ["zoneNumber", "zoneNumber", "zoneNumber", "zoneHex"]) 164 | call s:createChain("DNSKEY", ["zoneNumber", "zoneNumber", "zoneNumber", "zoneBase64"]) 165 | call s:createChain("SSHFP", ["zoneNumber", "zoneNumber", "zoneHex"]) 166 | call s:createChain("RRSIG", ["zoneRR", "zoneNumber", "zoneNumber", "zoneNumber", "zoneNumber", "zoneNumber", "zoneNumber", "zoneDomain", "zoneBase64"]) 167 | call s:createChain("NSEC", ["zoneDomain", "zoneRR"]) 168 | call s:createChain("NSEC3", ["zoneNumber", "zoneNumber", "zoneNumber", "zoneHex", "zoneDomain", "zoneRR"]) 169 | call s:createChain("TXT", "zoneText") 170 | call s:createChain("SOA", ["zoneDomain", "zoneDomain", "zoneSerial", "zoneTTL"]) 171 | syn keyword zoneRRType contained WKS HINFO RP 172 | \ AFSDB X25 ISDN RT NSAP NSAP-PTR SIG KEY PX GPOS LOC EID NIMLOC 173 | \ ATMA NAPTR KX CERT SINK OPT APL IPSECKEY 174 | \ DHCID SMIMEA HIP NINFO RKEY TALINK CDS CDSNKEY CSYNC ZONEMD 175 | \ SVCB HTTPS SPF UINFO UID 176 | \ GID UNSPEC NID L32 L64 LP 177 | \ TKEY TSIG IXFR AXFR 178 | \ URI AVC DOA AMTRELAY TA OPENPGPKEY 179 | \ nextgroup=zoneRData skipwhite 180 | syn match zoneRRType contained /\vTYPE\d+/ nextgroup=zoneUnknownType1 skipwhite 181 | hi def link zoneRRType Type 182 | 183 | syn match zoneRData contained /\v[^;]*/ contains=zoneDomain,zoneNumber,zoneParen,zoneBase64,zoneHex,zoneUnknown,zoneRR 184 | 185 | syn match zoneIPAddr contained /\v<[0-9]{1,3}(.[0-9]{1,3}){,3}>/ 186 | hi def link zoneIPAddr Number 187 | 188 | " Plain IPv6 address IPv6-embedded-IPv4 address 189 | " ::[...:]8 ::[...:]127.0.0.1 190 | syn match zoneIP6Addr contained /\v\s@<=::((\x{1,4}:){,5}([0-2]?\d{1,2}\.){3}[0-2]?\d{1,2}|(\x{1,4}:){,6}\x{1,4})>/ 191 | " 1111::[...:]8 1111::[...:]127.0.0.1 192 | syn match zoneIP6Addr contained /\v<(\x{1,4}:){1}:((\x{1,4}:){,4}([0-2]?\d{1,2}\.){3}[0-2]?\d{1,2}|(\x{1,4}:){,5}\x{1,4})>/ 193 | " 1111:2::[...:]8 1111:2::[...:]127.0.0.1 194 | syn match zoneIP6Addr contained /\v<(\x{1,4}:){2}:((\x{1,4}:){,3}([0-2]?\d{1,2}\.){3}[0-2]?\d{1,2}|(\x{1,4}:){,4}\x{1,4})>/ 195 | " 1111:2:3::[...:]8 1111:2:3::[...:]127.0.0.1 196 | syn match zoneIP6Addr contained /\v<(\x{1,4}:){3}:((\x{1,4}:){,2}([0-2]?\d{1,2}\.){3}[0-2]?\d{1,2}|(\x{1,4}:){,3}\x{1,4})>/ 197 | " 1111:2:3:4::[...:]8 1111:2:3:4::[...:]127.0.0.1 198 | syn match zoneIP6Addr contained /\v<(\x{1,4}:){4}:((\x{1,4}:){,1}([0-2]?\d{1,2}\.){3}[0-2]?\d{1,2}|(\x{1,4}:){,2}\x{1,4})>/ 199 | " 1111:2:3:4:5::[...:]8 1111:2:3:4:5::127.0.0.1 200 | syn match zoneIP6Addr contained /\v<(\x{1,4}:){5}:(([0-2]?\d{1,2}\.){3}[0-2]?\d{1,2}|(\x{1,4}:){,1}\x{1,4})>/ 201 | " 1111:2:3:4:5:6:7:8 1111:2:3:4:5:6:127.0.0.1 202 | syn match zoneIP6Addr contained /\v<(\x{1,4}:){6}(\x{1,4}:\x{1,4}|([0-2]?\d{1,2}\.){3}[0-2]?\d{1,2})>/ 203 | " 1111:2:3:4:5:6::8 - 204 | syn match zoneIP6Addr contained /\v<(\x{1,4}:){6}:\x{1,4}>/ 205 | " 1111[:...]:: - 206 | syn match zoneIP6Addr contained /\v<(\x{1,4}:){1,7}:(\s|;|$)@=/ 207 | hi def link zoneIP6Addr Number 208 | 209 | syn match zoneBase64 contained /\v[[:space:]\n]@<=[a-zA-Z0-9\/\=\+]+(\s|;|$)@=/ 210 | hi def link zoneBase64 Identifier 211 | 212 | syn match zoneHex contained /\v[[:space:]\n]@<=[a-fA-F0-9]+(\s|;|$)@=/ 213 | hi def link zoneHex Identifier 214 | 215 | syn match zoneText contained /\v"([^"\\]|\\.)*"(\s|;|$)@=/ 216 | hi def link zoneText String 217 | 218 | syn match zoneNumber contained /\v<[0-9]+(\s|;|$)@=/ 219 | hi def link zoneNumber Number 220 | 221 | syn match zoneSerial contained /\v<[0-9]{9,10}(\s|;|$)@=/ 222 | hi def link zoneSerial Special 223 | 224 | syn match zoneRR contained /\v[[:space:]\n]@<=[A-Z0-9]+(\s|;|$)@=/ 225 | hi def link zoneRR Type 226 | 227 | syn match zoneErrParen /\v\)/ 228 | hi def link zoneErrParen Error 229 | 230 | syn region zoneParen contained start="(" end=")" contains=zoneBase64,zoneHex,zoneSerial,zoneNumber,zoneComment,zoneDomain,zoneRR 231 | 232 | syn match zoneComment /\v\;.*/ 233 | hi def link zoneComment Comment 234 | 235 | syn match zoneUnknownType1 contained /\v\\\#/ nextgroup=zoneUnknownType2 skipwhite 236 | hi def link zoneUnknownType1 Macro 237 | syn match zoneUnknownType2 contained /\v\d+/ nextgroup=zoneUnknownType3 skipwhite 238 | hi def link zoneUnknownType2 Number 239 | syn match zoneUnknownType3 contained /\v[0-9a-fA-F\ ]+/ 240 | hi def link zoneUnknownType3 String 241 | 242 | let b:current_syntax = "bindzone" 243 | 244 | " vim:sts=2 sw=2 245 | -------------------------------------------------------------------------------- /syntax/dns.vim: -------------------------------------------------------------------------------- 1 | " Vim syntax file 2 | " Language: DNS/BIND Zone File 3 | 4 | " This has been replaced by the bindzone syntax 5 | :runtime! syntax/bindzone.vim 6 | -------------------------------------------------------------------------------- /syntax/named.vim: -------------------------------------------------------------------------------- 1 | " Vim syntax file 2 | " Language: ISC BIND named Configuration File 3 | 4 | " This has been replaced by the bind-named syntax in case 5 | " the ~/.vim/ftdetect/bind-name.vim file goes missing 6 | :runtime! syntax/bind-named.vim 7 | -------------------------------------------------------------------------------- /test/BvARM9.16-authoritative-server-named.conf: -------------------------------------------------------------------------------- 1 | // Bv9.16 ARM Example - Authoritative-Only Name Server 2 | 3 | options { 4 | // Working directory 5 | directory "/etc/namedb"; 6 | // Do not allow access to cache 7 | allow-query-cache { none; }; 8 | // This is the default 9 | allow-query { any; }; 10 | // Do not provide recursive service 11 | recursion no; 12 | }; 13 | // Provide a reverse mapping for the loopback 14 | // address 127.0.0.1 15 | zone "0.0.127.in-addr.arpa" { 16 | type master; 17 | file "localhost.rev"; // TODO: BUG HERE 18 | notify no; 19 | }; 20 | // We are the master server for example.com 21 | zone "example.com" { 22 | type master; 23 | file "example.com.db"; // TODO: BUG HERE 24 | // IP addresses of slave servers allowed to 25 | // transfer example.com 26 | allow-transfer { 27 | 192.168.4.14; 28 | 192.168.5.53; 29 | }; 30 | }; 31 | // We are a slave server to eng.example.com 32 | zone "eng.example.com" { 33 | type slave 34 | file "eng.example.com.bk"; 35 | // IP address of eng.example.com master server 36 | masters { 192.168.4.12; }; 37 | }; 38 | 39 | -------------------------------------------------------------------------------- /test/db.example.net: -------------------------------------------------------------------------------- 1 | $ORIGIN example.tld. 2 | $TTL 86400 3 | $INCLUDE "no_such_file" 4 | ; use `date +%s` command to get serial number 5 | example.tld. 86400 IN SOA ns1.example.tld. admin.example.tld. ( 6 | 2020092002 ; serial 7 | 1200 ; refresh (20 minutes) 8 | 180 ; retry (3 minutes) 9 | 1209600 ; expire (2 week, RFC1912) 10 | 10800 ; minimum (3 hours) 11 | ) 12 | NS ns1.example.tld. 13 | NS ns1.isp.net. 14 | NS ns2.isp.net. 15 | 16 | example.tld. A 123.123.123.123 17 | ns1 A 123.123.123.123 18 | mx1 A 123.123.123.123 19 | 20 | example.tld. HINFO "PDP-11/E" "AP/L" 21 | example.tld. MX 10 mx1.example.tld. 22 | example.tld. IN TXT "mailconf=https://example.tld/.well-known/autoconfig/mail/config-v1.1.xml" 23 | TXT "v=spf1 mx a:ns1.example.tld -all" 24 | 25 | 86400 LOC 45 38 26.282 N 85 36 11.846 W 182.00m 10m 100m 10m 26 | 27 | ; regenerate SSHFP keys using 'ssh-keygen -r example.tld' 28 | example.tld. IN SSHFP 1 1 0123456789abcdef0123456789abcdef01234567 29 | example.tld. IN SSHFP 1 2 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef 30 | example.tld. IN SSHFP 3 1 0123456789abcdef0123456789abcdef01234567 31 | example.tld. IN SSHFP 3 2 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef 32 | example.tld. IN SSHFP 4 1 09af09af09af09af09af09af09af09af09af09af 33 | example.tld. IN SSHFP 4 2 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef 34 | 35 | example.tld. IN DNSKEY 257 3 14 ( 36 | D4ubdI/dt5C2taKEB1zKR61xdVdfnqt5qng1s8gzABya 37 | oorSXAOsdPB001GZlqUxzOecUPhc8W1cp9v4BKIcXpLk 38 | XLVRPzH9EHB6Kw+HtwtM6Fok yYRFals4eSkh8ysf 39 | ) ; ZSK; alg =ECDSA386SHA386; key id = 28748 40 | 41 | example.tld. IN DNSKEY 257 3 14 ( 42 | D4ubdI/dt5C2taKEB1zKR61xdVdfnqt5qng1s8gzABya 43 | oorSXAOsdPB001GZlqUxzOecUPhc8W1cp9v4BKIcXpLk 44 | XLVRPzH9EHB6Kw+HtwtM6FokyYRFals4eSkh8ysf 45 | ) ; KSK; alg = ECDSA386SHA386; key id = 28748 46 | CAA 0 issue "letsencrypt.org" 47 | CAA 0 issuewild "\;" 48 | CAA 0 iodef "mailto:admin+caa@example.tld" 49 | CAA 0 newtag "newtag_value" 50 | 51 | _dmarc TXT "v=DMARC1; p=none; rua=mailto:dmarc@example.tld; fo=1" 52 | 53 | www IN CNAME example.tld. 54 | autodiscover IN CNAME example.tld. 55 | autoconfig IN CNAME example.tld. 56 | smtp IN CNAME example.tld. 57 | imap IN CNAME example.tld. 58 | portal IN CNAME example.tld. 59 | 60 | ; 61 | ; Made with 'opendkim-genkey -S -r -s ns1 -d example.tld' command 62 | default._domainkey TXT "v=DKIM1; k=rsa; p=aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+a" "Z09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ09/+aZ" 63 | 64 | ; Taken from C3 that C1 cross-sign with into DER format then base64 output 65 | ; # openssl x509 -in lets-encrypt-x3-cross-signed.pem.txt -outform DER | openssl dgst -sha256 -hex | awk '{print "le-ca TLSA 2 0 1", $NF}' 66 | ; https://community.letsencrypt.org/t/making-a-dane-tlsa-to-work-with-le/2129 67 | _443._tcp IN TLSA 2 0 1 09af09af09af09af09af09af09af09af09af09af09af09af09af09af09af09af 68 | _443._tcp IN TLSA 2 1 1 09af09af09af09af09af09af09af09af09af09af09af09af09af09af09af09af 69 | _443._tc IN TLSA 3 0 2 09af09af09af09af09af09af09af09af09af09af09af09af09af09af09af09af09af09af09af09af09af09af09af09af09af09af09af09af09af09af09af09af 70 | _443._tcp IN TLSA 3 0 0 3082054b30820433a003020102021203f29a4df26c31fc6370827ba2b3954f1eaa300d06092a864886f70d01010b0500304a310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074312330210603550403131a4c6574277320456e637279707420417574686f72697479205833301e170d3230303432383232303033345a170d3230303732373232303033345a3015311330110603550403130a6567626572742e6e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100a80ff746162b1953a2f1e0cf11702920ce4d15b4f8924683f78fe3c3b09381dbcdd0c0222a876e95a521176a36ef04c1d3a236853eb17e7ded40d5383a38f856968680c545ce4d641ffc1c19349d6c4f889df83587d8073c8ce27db7372376acae0f1ae817bd089bff09524c5bd577a2b79543e86215a05e8c61fc2f867f90a873970710564bd464975992cc42e261f6c0538efe433e747afc6e5c3f7e1fd769482eb439dd50868566b8c64d93a81c745cd40a0634e3b3bc2d5acdc4ad220fc243b0d72ef78ec4874c1c011ed93be07d3f4c9c5b667ee22406664fe4a03b9e9eb5312d34c7278256ac59c0eb53afb6cd06ffef4920d14b39bdb97161f212ea010203010001a382025e3082025a300e0603551d0f0101ff0404030205a0301d0603551d250416301406082b0601050507030106082b06010505070302300c0603551d130101ff04023000301d0603551d0e041604145d53a5ca32ea156039a064a6fefb232a77a0ece8301f0603551d23041830168014a84a6a63047dddbae6d139b7a64565eff3a8eca1306f06082b0601050507010104633061302e06082b060105050730018622687474703a2f2f6f6373702e696e742d78332e6c657473656e63727970742e6f7267302f06082b060105050730028623687474703a2f2f636572742e696e742d78332e6c657473656e63727970742e6f72672f30150603551d11040e300c820a6567626572742e6e6574304c0603551d20044530433008060667810c0102013037060b2b0601040182df130101013028302606082b06010505070201161a687474703a2f2f6370732e6c657473656e63727970742e6f726730820103060a2b06010401d6790204020481f40481f100ef007600f095a459f200d18240102d2f93888ead4bfe1d47e399e1d034a6b0a8aa8eb27300000171c305438c0000040300473045022003fd1892539218ca9ffafeb3919d74f573b6441a787da73f5a3ee93de78914c3022100a626919fcca57626a685f0968620f989a3f90d1c6d69545743bb3e9d7424eb2700750007b75c1be57d68fff1b0c61d2315c7bae6577c5794b76aeebc613a1a69d3a21c00000171c30543e0000004030046304402201373e22e89b47d59a65b5541f6074d4929936ae9c14afd7650f6af9e7acee3a8022003f00d5270b5838fb8fead4aef982e7a8c308b0f447b1677ff93b8ea8c4f2acd300d06092a864886f70d01010b05000382010100354ad165ae663f303c346a60ccdb126fa92b9af502c678c9823161e1b9abd79e7d2f2c16fb3f95ee2362b07309e4081990dec97afd21a3a65671de90a76c3518aca5d485d99824007853b2e102823d7c2f8c0b093102297c7c3c73deaa06dca072e182b2975954405db1eea5093ea56c6e65924a26c7edadb29b3fa38a85ddecddb00e81d8869cb7a8b5fb80b46e0f237bf4db1f92cc2cb276ee314630044fadaff02ab0d5d7d6e003da62c1ed19bdaf0a201eccfb784f5b739f4382ce13aa29eee66c6b5e2b708f7160dc1444c89c4d6843a609371d26bce803d1e9170dee73a252d9501f2402b5015e935709d2c3580969a2867dbb5f1f7c3f38b56a70eff9 71 | 72 | 73 | ; smtp 25/tcp mail 74 | _25._tcp IN TLSA 2 0 1 09af09af09af09af09af09af09af09af09af09af09af09af09af09af09af09af 75 | _25._tcp IN TLSA 2 1 1 09af09af09af09af09af09af09af09af09af09af09af09af09af09af09af09af 76 | 77 | ; submissions 465/tcp ssmtp smtps urd # Submission over TLS [RFC8314] 78 | _465._tcp IN TLSA 2 0 1 09af09af09af09af09af09af09af09af09af09af09af09af09af09af09af09af 79 | _465._tcp IN TLSA 2 1 1 09af09af09af09af09af09af09af09af09af09af09af09af09af09af09af09af 80 | 81 | ; submission 587/tcp # Submission [RFC4409] 82 | _587._tcp IN TLSA 2 0 1 09af09af09af09af09af09af09af09af09af09af09af09af09af09af09af09af 83 | _587._tcp IN TLSA 2 1 1 09af09af09af09af09af09af09af09af09af09af09af09af09af09af09af09af 84 | 85 | 09af09af09af09af09af09af09af09af09af09af09af09af09af09af._openpgpkey.example.tld. IN OPENPGPKEY ( aZ09aZ09aZ09aZ09aZ09aZ09aZ09aZ09aZ09aZ09aZ09 ) 86 | 87 | 09af09af09af09af09af09af09af09af09af09af09af09af09af09af._openpgpkey.example.tld. IN OPENPGPKEY ( 88 | aZ09aZ09aZ09aZ09aZ09aZ09aZ09aZ09aZ09aZ09aZ09 89 | ) 90 | 91 | _autodiscover._tcp SRV 1 1 443 mx1.example.tld. 92 | 93 | ; RFC 6186 SRV records for e-mail services 94 | _imap._tcp.mx1.example.tld. SRV 0 0 0 . 95 | _imaps._tcp.mx1.example.tld. SRV 1 1 993 mx1.example.tld. 96 | _pop3._tcp.mx1.example.tld. SRV 0 0 0 . 97 | _pop3s._tcp.mx1.example.tld. SRV 0 0 0 . 98 | _submission._tcp.mx1.example.tld. SRV 1 1 587 mx1.example.tld. 99 | _submissions._tcp.mx1.example.tld. SRV 1 1 465 mx1.example.tld. 100 | 101 | ; BIMI 102 | ; a="self", "cert", "mva" or valid https URI. 103 | default._bimi.example.tld. TXT "v=BIMI1;l=https://example.tld/images/bimi1_image.svg;a=" 104 | -------------------------------------------------------------------------------- /test/example-9.16-named.conf: -------------------------------------------------------------------------------- 1 | // File: named.conf 2 | // Title: ISC Bind named configuration file: syntax exercise, full 3 | // Version: 9.17 4 | // C++-style inline comment 5 | /* C-style begin line comment 6 | An example C-style middle-line comment 7 | C-style end-line comment */ 8 | # bash-style inline comment 9 | // xxx TODO FIXME XXX 10 | // XxX 11 | include 'more_stuff'; // comment 12 | include "more_stuff"; # comment 13 | include "TODO nt_in_//comment line_filename"; 14 | include "_comment_in_/* comment line */filename"; 15 | include "comment_in_#comment line/filename"; 16 | include "quote_in_filename"; 17 | include 'quote_\\'in\'_filename'; 18 | include quote_\in\_filename; 19 | include "a-z09[]`~!@#$%^&*()'_=+[]|\:'?><,./" ; 20 | include 'a-z09[]`~!@#$%^&*()"_=+[]|\:"?><,./'; 21 | include a-z09[]`~!@#$%^&*()'"=_+[]|\:'"?><,./; 22 | 23 | acl j { asdasdf ;}; 24 | acl "j" { asdasdf ;}; 25 | acl 'j' { asdasdf ;}; 26 | acl j { ! 127.0.0.1; }; 27 | acl j{ }; // empty ACL 28 | acl k { none; any; { localhost; { any; none; }; }; }; 29 | acl k { none;}; 30 | acl l{ any; }; 31 | acl m { localhost ; }; 32 | acl n { localnets; } ; 33 | acl i { acl_name; }; 34 | acl e { 127.0.0.1; { 10.1.1.1; { 172.28.1.1; }; 1.1.1.1; }; }; 35 | acl any6 { ::127.0.0.1; }; 36 | acl any4 { 10.0.0.0/0; }; 37 | acl full_ip6 { 1111:222:333:4:5:6:7:8; }; 38 | acl full_ip6 { fd57:1d29:4f94:1:216:36ff:fe00:1; }; 39 | acl full_ip6 { fe80:0000:0000:0000:abcd:abcd:abcd:abcd; }; 40 | acl ip6_one { 1111::; }; 41 | acl ip6_two { 1111::1111; }; 42 | acl ip6_two { aa ; a; { ; }; 43 | // inline 44 | fe80::1; /* asdf */ }; // valid gateway IPv6 45 | acl ip6_three { 1111::222:1111; }; 46 | acl ip6_four { 1111::222:333:4; }; 47 | acl ip6_five { 1111::222:333:4:5; }; 48 | acl ip6_six { 1111::222:333:4:5:6; }; 49 | acl ip6_seven { 1111::222:333:4:5:6:7; }; 50 | acl ip6_seven { fe80::2016:3e11:1103:7524; }; 51 | acl ip6_seven { fe80::0:2016:3e11:1103:7524; }; 52 | acl ip6_seven { fe80:0::2016:3e11:1103:7524; }; 53 | acl ip6_seven { fe80::0:0:2016:3e11:1103:7524; }; 54 | acl ip6_seven { fe80:0::0:2016:3e11:1103:7524; }; 55 | acl ip6_seven { fe80:0:0::2016:3e11:1103:7524; }; 56 | acl ip6_seven { fe80:0:0:0:2016:3e11:1103:7524; }; 57 | acl link_local_with_zone_index { fe08::7:8%eth0; }; 58 | acl ip4_mapped_to_ip6 { ::8; }; 59 | acl double_colon_8 { ::3:4:5:6:7:8;}; 60 | acl ip4_mapped_to_ip6 { ::ffff:0:255.255.255.255; }; 61 | acl ip4_mapped_to_ip6 { ::ffff:255.255.255.255; }; 62 | acl ip4_mapped_to_ip6 { ::ffff:127.0.0.2; }; 63 | acl ip4_mapped_to_ip6 { ::ffff:0.0.0.0; }; 64 | acl ip4_embedded_ip6 { 2001:2::21.0.0.1; }; 65 | acl ip4_embedded_ip6 { 2001:2:3::21.0.0.1; }; 66 | acl ip4_embedded_ip6 { 64:2:3:4::192.0.2.33; }; 67 | acl ip4_mapped_to_ip6 { ::127.0.0.1; }; 68 | acl full_ip6_prefix { 1111:222:333:4:5:6:7:8/48; }; 69 | acl full_ip6_prefix { fd57:1d29:4f94:1:216:36ff:fe00:1/64; }; 70 | acl ip6_one_prefix { 1111::/48; }; 71 | acl ip6_one_prefix { ff00::/8; }; // IPv6 multicast 72 | acl ip6_two_prefix { 1111::1111/48; }; 73 | acl ip6_three_prefix { 1111::222:1111/48; }; 74 | acl ip6_four_prefix { 1111::222:333:4/48; }; 75 | acl ip6_five_prefix { 1111::222:333:4:5/48; }; 76 | acl ip6_six_prefix { 1111::222:333:4:5:6/48; }; 77 | acl ip6_seven_prefix { 1111::222:333:4:5:6:7/48; }; 78 | acl link_local_with_zone_index_prefix { fe08::7:8/48%eth0 ; }; 79 | acl link_local_with_zone_index { fd57:1d29:4f94:1:216:36ff:fe00:1/64; }; 80 | acl ip4_mapped_to_ip6_prefix { ::8/48; }; 81 | acl ip4_mapped_to_ip6_prefix { ::ffff:0:255.255.255.255/48; }; 82 | acl ip4_mapped_to_ip6_prefix { ::ffff:255.255.255.255/48; }; 83 | acl ip4_mapped_to_ip6_prefix { ::ffff:127.0.0.2/48; }; 84 | acl ip4_embedded_ip6_prefix { 2001:db8:3:4::21.0.0.1/48; }; 85 | acl ip4_embedded_ip6_prefix { 64:ff9b::192.0.2.33/48; }; 86 | acl double_colon_8_prefix { ::3:4:5:6:7:8/48;}; 87 | acl _ip4_mapped_to_ip6_prefix { ::127.0.0.1/48; }; 88 | 89 | acl k { ! none; }; 90 | acl l { ! any; }; 91 | acl m { ! localhost ; }; 92 | acl n { ! localnets; } ; 93 | acl i { ! acl_name; }; 94 | acl e { ! 127.0.0.1; }; 95 | acl any6 { ! ::127.0.0.1; }; 96 | acl any4 { ! 0.0.0.0/0; }; 97 | acl full_ip6 { ! 1111:222:333:4:5:6:7:8; }; 98 | acl full_ip6 { ! fd57:1d29:4f94:1:216:36ff:fe00:1; }; 99 | acl full_ip6 { ! fe80:0000:0000:0000:abcd:abcd:abcd:abcd; }; 100 | acl ip6_one { ! 1111::; }; 101 | acl ip6_two { ! 1111::1111; }; 102 | acl ip6_two { ! fe80::1; }; // valid gateway IPv6 103 | acl ip6_three { ! 1111::222:1111; }; 104 | acl ip6_four { ! 1111::222:333:4; }; 105 | acl ip6_five { ! 1111::222:333:4:5; }; 106 | acl ip6_six { ! 1111::222:333:4:5:6; }; 107 | acl ip6_seven { ! 1111::222:333:4:5:6:7; }; 108 | acl ip6_seven { ! fe80::2016:3e11:1103:7524; }; 109 | acl ip6_seven { ! fe80::0:2016:3e11:1103:7524; }; 110 | acl ip6_seven { ! fe80:0::2016:3e11:1103:7524; }; 111 | acl ip6_seven { ! fe80::0:0:2016:3e11:1103:7524; }; 112 | acl ip6_seven { ! fe80:0::0:2016:3e11:1103:7524; }; 113 | acl ip6_seven { ! fe80:0:0::2016:3e11:1103:7524; }; 114 | acl ip6_seven { ! fe80:0:0:0:2016:3e11:1103:7524; }; 115 | acl link_local_with_zone_index { ! fe08::7:8%eth0; }; 116 | acl ip4_mapped_to_ip6 { ! ::8; }; 117 | acl double_colon_8 { ! ::3:4:5:6:7:8;}; 118 | acl ip4_mapped_to_ip6 { ! ::ffff:0:255.255.255.255; }; 119 | acl ip4_mapped_to_ip6 { ! ::ffff:255.255.255.255; }; 120 | acl ip4_mapped_to_ip6 { ! ::ffff:127.0.0.2; }; 121 | acl ip4_mapped_to_ip6 { ! ::ffff:0.0.0.0; }; 122 | acl ip4_embedded_ip6 { ! 2001:2::21.0.0.1; }; 123 | acl ip4_embedded_ip6 { ! 2001:2:3::21.0.0.1; }; 124 | acl ip4_embedded_ip6 { ! 64:2:3:4::192.0.2.33; }; 125 | acl ip4_mapped_to_ip6 { ! ::127.0.0.1; }; 126 | acl full_ip6_prefix { ! 1111:222:333:4:5:6:7:8/48; }; 127 | acl full_ip6_prefix { ! fd57:1d29:4f94:1:216:36ff:fe00:1/64; }; 128 | acl ip6_one_prefix { ! 1111::/48; }; 129 | acl ip6_one_prefix { ! ff00::/8; }; // IPv6 multicast 130 | acl ip6_two_prefix { ! 1111::1111/48; }; 131 | acl ip6_three_prefix { ! 1111::222:1111/48; }; 132 | acl ip6_four_prefix { ! 1111::222:333:4/48; }; 133 | acl ip6_five_prefix { ! 1111::222:333:4:5/48; }; 134 | acl ip6_six_prefix { ! 1111::222:333:4:5:6/48; }; 135 | acl ip6_seven_prefix { ! 1111::222:333:4:5:6:7/48; }; 136 | acl link_local_with_zone_index_prefix { ! fe08::7:8/48%eth0 ; }; 137 | acl link_local_with_zone_index { ! fd57:1d29:4f94:1:216:36ff:fe00:1/64; }; 138 | acl ip4_mapped_to_ip6_prefix { ! ::8/48; }; 139 | acl ip4_mapped_to_ip6_prefix { ! ::ffff:0:255.255.255.255/48; }; 140 | acl ip4_mapped_to_ip6_prefix { ! ::ffff:255.255.255.255/48; }; 141 | acl ip4_mapped_to_ip6_prefix { ! ::ffff:127.0.0.2/48; }; 142 | acl ip4_embedded_ip6_prefix { ! 2001:db8:3:4::21.0.0.1/48; }; 143 | acl ip4_embedded_ip6_prefix { ! 64:ff9b::192.0.2.33/48; }; 144 | acl double_colon_8_prefix { ! ::3:4:5:6:7:8/48;}; 145 | acl _ip4_mapped_to_ip6_prefix { ! ::127.0.0.1/48; }; 146 | 147 | acl internal-net { 148 | 127.0.0.1; 149 | 1.2.3.0/24; 150 | 2001:0db8:100::/56; 151 | ::1; 152 | any; 153 | localhost; 154 | ! localnets; 155 | none; 156 | ::ffff:1.2.3.0; 157 | }; 158 | acl ns-internal-net { 159 | 1.2.3.4; 160 | 1.2.3.5; 161 | ! 2001:0db8:100::4/128; 162 | 2001:0db8:100::5/128; 163 | }; 164 | 165 | acl internal_home_ntwk_in6 { fe80::216:3eff:fe03:7524; }; 166 | acl internal_home_ntwk_in6 { fd57:1d29:4f94:1:216:36ff:fe00:1/64; }; 167 | acl internal_home_ntwk { 168 | internal_home_cable-ntwk; 169 | 192.168.1.0/24; 170 | fd57:1d29:4f94:1:216:36ff:fe00:1/64; 171 | }; 172 | acl internal_cable_ntwk { 192.168.2.0; 192.168.1.0/24; }; 173 | acl nexted_acl { internal_cable_ntwk; internal_home_cable; }; 174 | acl _a_i-nternal_vps_ntwk 175 | ! { 176 | 192.168.3.0; 177 | acl_vps_ntwk; 178 | { 179 | 1111:2:3:4::192.168.5.1; 180 | 192.168.4.0/24; 181 | ! { 182 | ! 5.1.1.1; 183 | }; 184 | }; 185 | }; 186 | 187 | controls{ }; 188 | controls { }; 189 | controls { inet 1.1.1.1 allow { 2.2.2.2; }; }; 190 | controls { inet acl_internal_ntwk allow { 2.2.2.2; } keys { asdfasdfasdf; }; }; 191 | controls { inet 1.1.1.1 allow { 2.2.2.2; } read-only true; }; 192 | controls { inet 1.1.1.1 allow { 2.2.2.2; } keys { asdfasdfasdf; } 193 | read-only true; }; 194 | controls { inet 1.1.1.1 port 123 allow { 2.2.2.2; }; }; 195 | controls { inet 1.1.1.1 port * allow { 2.2.2.2; }; }; 196 | controls { inet 1.1.1.1 port * allow { 2.2.2.2; } read-only False; }; 197 | controls { inet 1.1.1.1 port 123 allow { 2.2.2.2; oopsie; { acl_name; }; }; }; 198 | controls { inet 1.1.1.1 allow { int_home_ntwk; }; }; 199 | controls { inet 1.1.1.1 allow { int_cable_ntwk; } keys { asdfasdfasdf; }; }; 200 | controls { inet 1.1.1.1 allow { acl_vps_ntwk; } read-only true; }; 201 | controls { inet 1.1.1.1 allow { acl_home_1; } keys { asdfasdfasdf; } read-only true; }; 202 | controls { inet 1.1.1.1 port 123 allow { acl_private_2; }; }; 203 | controls { inet 1.1.1.1 port * allow { acl_vpn_3; }; }; 204 | controls { inet 1.1.1.1 port * allow { acl_name4; } read-only False; }; 205 | controls { inet 1.1.1.1 port 123 allow { acl-name5; oopsie; { acl_name; }; }; }; 206 | // TODO: namedIP6Addr is still borked in "controls { inet ... };" 207 | controls { inet fe08::7:8:127.0.0.1 allow { fe08:2:3:4:5:6:7:8; }; }; 208 | controls { inet fe08::7:8:127.0.0.1 allow { fe08::; } keys { asdfasdfasdf; }; }; 209 | controls { inet fe08::7:8:127.0.0.1 allow { fe08::7:8; } read-only true; }; 210 | controls { inet fe08::7:8:127.0.0.1 allow { fe80::1; } keys { asdfasdfasdf; } read-only true; }; 211 | controls { inet fe08::7:8:127.0.0.1 port 123 allow { fe08:2::8; }; }; 212 | controls { inet fe08::7:8:127.0.0.1 port * allow { fe08:2:3::8; }; }; 213 | controls { inet fe08::7:8:127.0.0.1 port * allow { 1134:2:3:4::127.0.0.1; } read-only False; }; 214 | controls { inet fe08::7:8:127.0.0.1 port 123 allow { 2001:0:0:0:0:0:0:8; oopsie; { acl_name; }; }; }; 215 | controls { inet fe08::7:8:127.0.0.1 port 123 allow { 2020::8; oopsie; { acl_name; }; }; }; 216 | controls { inet * allow { fe08:2:3:4:5:6:7:8; }; }; 217 | controls { inet * allow { 127.0.0.1; } keys { asdfasdfasdf; }; }; 218 | controls { inet * allow { fe08::7:8; } read-only true; }; 219 | controls { inet * allow { fe80::1; } keys { asdfasdfasdf; } read-only true; }; 220 | controls { inet * port 65535 allow { fe08:2::8; }; }; 221 | controls { inet * port * allow { fe08:2:3::8; }; }; 222 | controls { inet * port * allow { fe08::2.2.2.2; } read-only False; }; 223 | controls { inet * port 1 allow { 2001:0:0:0:0:0:0:8; oopsie; { acl_name; }; }; }; 224 | controls { inet * port 123 allow { 2020::8; oopsie; { acl_name; }; }; }; 225 | // comment 226 | controls 227 | { 228 | include "asdfasddfasdf"; 229 | // comment 230 | inet 231 | 1.1.1.1 232 | port 233 | 123 234 | allow 235 | { 236 | include "asdfasddfasdf"; 237 | // comment 238 | 2.2.2.2; 239 | include "asdfasddfasdf"; 240 | // comment 241 | oopsie; 242 | // comment 243 | include "asdfasddfasdf"; 244 | }; 245 | // comment 246 | include "asdfasddfasdf"; 247 | } ; // comment 248 | include "asdfasddfasdf"; 249 | // comment 250 | controls { unix /run/named/resolver.sock perm 0750 owner 11 group 101; }; 251 | controls { unix '/var/run/named/resolver.sock' perm 0750 owner 11 group 101; }; 252 | controls { unix "/var/run/named/resolver.sock" perm 0750 owner 11 group 101 keys { key_name1; key_name2; }; }; 253 | controls { unix "/v ar/run/named/resolver.sock" perm 0750 owner 11 group 101 read-only True; }; 254 | controls { unix "/var/run/named/resolver.sock" perm 0750 owner 11 group 101 keys { key_name1; key_name2; } read-only false; }; 255 | controls { unix "a-z 09[]`~!@#$%^&*()_+{}[]|\:;'?><,./" perm 0750 owner 11 group 101; }; 256 | controls { unix 'a-z 09[]`~!@#$%^&*()_+{}[]|\:;?><,./' perm 0750 owner 11 group 101; }; 257 | controls { unix a-z09[]'"`~!@#$%^&*()_+[]|\:?><,./ perm 0750 owner 11 group 101; }; 258 | 259 | dnssec-policy none { 260 | }; 261 | dnssec-policy default { 262 | }; 263 | dnssec-policy asdf.net { }; 264 | dnssec-policy My_Secured_Policy { 265 | dnskey-ttl 7; 266 | max-zone-ttl 15; 267 | parent-ds-ttl 7; 268 | parent-propagation-delay 23h; 269 | parent-registration-delay 5m; 270 | publish-safety 1h; 271 | retire-safety 24h; 272 | signatures-refresh 24h; 273 | signatures-validity 8h; 274 | signatures-validity-dnskey 24h; 275 | zone-propagation-delay 1h; 276 | keys { 277 | csk key-directory lifetime PS15 algorithm aes-sha256 128; 278 | zsk lifetime P15MT2WS15 algorithm ecdsa256; 279 | ksk lifetime 15s algorithm aes-sha256 15; 280 | ksk key-directory lifetime 15s algorithm rsasha1 2048; 281 | zsk lifetime 15s algorithm 8; 282 | csk lifetime P6MT12H3M15S algorithm ecdsa256; 283 | }; 284 | }; 285 | 286 | dnssec-policy "default" { 287 | keys { 288 | csk key-directory lifetime unlimited algorithm 13; 289 | }; 290 | dnskey-ttl 3600; 291 | publish-safety 1h; 292 | retire-safety 1h; 293 | signatures-refresh 5d; 294 | signatures-validity 14d; 295 | signatures-validity-dnskey 14d; 296 | max-zone-ttl 86400; 297 | zone-propagation-delay 300; 298 | parent-ds-ttl 86400; 299 | parent-registration-delay 24h; 300 | parent-propagation-delay 1h; 301 | }; 302 | 303 | dlz dlz_name { database "string" search yes; }; 304 | dlz example { 305 | search false; 306 | database "dlopen driver.so args"; 307 | }; 308 | dlz other { 309 | database "dlopen driver.so args"; 310 | search no; 311 | }; 312 | 313 | dyndb string "quoted_string" { unspecified text }; 314 | dyndb example "/usr/lib/mydriver[1, 2];_/driver.so" { 315 | parameters 316 | }; 317 | dyndb sample "sample.so" { example.nil. arpa. }; 318 | 319 | key key_name { algorithm hmac-md5; secret ASDASDASDASDASDAaDASaASDaSD;}; 320 | key key_name { algorithm hmac-md5.sig-alg.reg.int; secret ASDASDASDASDASDAaDASaASDaSD;}; 321 | key key_name { algorithm hmac-md5.sig-alg.reg.int.; secret ASDASDASDASDASDAaDASaASDaSD;}; 322 | key key_name { algorithm hmac-md5.sig-alg.reg.int.; secret ASDASDASDASDASDAaDASaASDaSD;}; 323 | key key_name { algorithm hmac-sha1; secret ASDASDASDASDASDAaDASaASDaSD;}; 324 | key key_name { algorithm hmac-sha224; secret ASDASDASDASDASDAaDASaASDaSD;}; 325 | key key_name { algorithm hmac-sha256; secret ASDASDASDASDASDAaDASaASDaSD;}; 326 | key key_name { algorithm hmac-sha384; secret ASDASDASDASDASDAaDASaASDaSD;}; 327 | key key_name { algorithm hmac-sha512; secret ASDASDASDASDASDAaDASaASDaSD;}; 328 | key 'key_name' { algorithm hmac-md5; secret ASDASDASDASDASDAaDASaASDaSD;}; 329 | key "key_name" { algorithm hmac-md5; secret ASDASDASDASDASDAaDASaASDaSD;}; 330 | key my_secret_name { algorithm hmac-md5; secret ASDASDASDASDASDASDASDASDASD; }; 331 | key my_secret_name { algorithm hmac-md5; secret ASDASDASDASDASDASDASDASDASD; }; 332 | 333 | logging { }; 334 | logging { 335 | channel default { // comment line 336 | buffered true; 337 | buffered 1; 338 | file "/var /log/pittance.log"; ; ;;;; 339 | file '/var/log/pitt ance.log'; ; ;;;; 340 | file /var/log/pittance.log versions unlimited; 341 | file "/var/log/pittance.log" versions 14; 342 | file "/var/log/pittance.log" size 14; 343 | file "/var/log/pittance.log" suffix increment; 344 | file "/var/log/pittance.log" suffix timestamp; 345 | file "/var/log/pittance.log" versions 14 size 14; 346 | file "/var/log/pittance.log" versions 14 suffix increment; 347 | file "/var/log/pittance.log" size 14 suffix increment version 15; 348 | file "/var/log/pittance.log" suffix increment size 14 version 15; 349 | file "/var/log/pittance.log" size 14 versions 14 suffix timestamp; 350 | file "/var/log/pittance.log" versions 14 size 14 suffix increment; 351 | file "az09[]`~!@#$%^&*()' _+ {}[]|\:;'?><,./"; 352 | file 'az09[]`~!@#$%^&*()" _+ {}[]|\:;"?><,./'; 353 | file az09[]`~!@#$%^&*()'"_+[]|\:'"?><,./; 354 | null; 355 | print-category true; 356 | print-severity true; 357 | print-time iso8601 ; 358 | print-time iso8601-utc ; 359 | print-time local; 360 | print-time TRUE; 361 | severity debug; 362 | severity debug 23335; 363 | severity info ; 364 | severity notice; 365 | severity warning ; 366 | severity error ; 367 | severity critical; 368 | severity dynamic; 369 | stderr; 370 | syslog 1; 371 | syslog kern; 372 | syslog user; 373 | syslog mail; 374 | syslog daemon; 375 | syslog auth; 376 | syslog syslog; 377 | }; 378 | channel named_file { 379 | file "/_%/log/bind/named.log" versions 3 size 5m; 380 | file '/_-%var/log/bind/named.log' versions 3 size 5m; 381 | file /%-_var/log/bind/named.log versions 3 size 5m; 382 | severity dynamic; 383 | print-time yes; 384 | print-severity true; 385 | print-category true; 386 | }; 387 | channel database_file { 388 | file "/var/log/bind/database.log" versions 3 size 5m; 389 | severity dynamic; 390 | print-time yes; 391 | print-severity true; 392 | print-category true; 393 | }; 394 | channel security_file { 395 | file "/var/log/bind/security.log" versions 3 size 5m; 396 | severity dynamic; 397 | print-time yes; 398 | print-severity true; 399 | print-category true; 400 | }; 401 | channel resolver_file { 402 | file "/var/log/bind/resolver.log" versions 3 size 5m; 403 | severity dynamic; 404 | print-time yes; 405 | print-severity true; 406 | print-category true; 407 | }; 408 | channel transfer_file { 409 | file "/var/log/bind/transfer.log" versions 3 size 5m; 410 | severity dynamic; 411 | print-time yes; 412 | print-severity true; 413 | print-category true; 414 | }; 415 | channel client_file { 416 | /* */ 417 | file "/var/log/bind/client.log" suffix increment size 5G versions unlimited ; 418 | file "/var/log/bind/client.log" size 5m versions 10; 419 | file "/var/log/bind/client.log" versions unlimited size 5m; 420 | severity dynamic; 421 | print-time yes; 422 | print-severity true; 423 | print-category true; 424 | }; 425 | channel unmatched_file { 426 | file "/var/log/bind/unmatched.log" versions 3 size 5m; 427 | severity dynamic; 428 | print-time yes; 429 | print-severity true; 430 | print-category true; 431 | }; 432 | channel queries_file { 433 | file "/var/log/bind/queries.log" versions 3 size 5m; 434 | severity dynamic; 435 | print-time yes; 436 | print-severity true; 437 | print-category true; 438 | }; 439 | channel query-errors_file { 440 | file "/var/log/bind/query-errors.log" versions 3 size 5m; 441 | severity dynamic; 442 | print-time yes; 443 | print-severity true; 444 | print-category true; 445 | }; 446 | channel network_file { 447 | file "/var/log/bind/network.log" size 5G versions 10; 448 | severity dynamic; 449 | print-time yes; 450 | print-severity true; 451 | print-category true; 452 | }; 453 | channel update_file { 454 | file "/var/log/bind/update.log" versions 3 size 5m; 455 | severity dynamic; 456 | print-time yes; 457 | print-severity true; 458 | print-category true; 459 | }; 460 | channel update-security_file { 461 | file "/var/log/bind/update-security.log" versions 3 size 5m; 462 | severity dynamic; 463 | print-time yes; 464 | print-severity true; 465 | print-category true; 466 | }; 467 | channel dispatch_file { 468 | file "/var/log/bind/dispatch.log" versions 3 size 5m; 469 | severity dynamic; 470 | print-time yes; 471 | print-severity true; 472 | print-category true; 473 | }; 474 | channel dnssec_file { 475 | file "/var/log/bind/dnssec.log" versions 3 size 5m; 476 | severity dynamic; 477 | print-time yes; 478 | print-severity true; 479 | print-category true; 480 | }; 481 | channel lame-servers_file { 482 | file "/var/log/bind/lame-servers.log" versions 3 size 5m; 483 | severity dynamic; 484 | print-time yes; 485 | print-severity true; 486 | print-category true; 487 | }; 488 | channel delegation-only_file { 489 | file "/var/log/bind/delegation-only.log" versions 3 size 5m; 490 | severity dynamic; 491 | print-time yes; 492 | print-severity true; 493 | print-category true; 494 | }; 495 | channel rate-limit_file { 496 | file "/var/log/bind/rate-limit.log" versions 3 size 5m; 497 | severity dynamic; 498 | print-time yes; 499 | print-severity true; 500 | print-category true; 501 | }; 502 | category client { client_file; }; 503 | category cname { null; }; 504 | category config { named_file; }; 505 | category custom-name2 { null; }; 506 | category database{ database_file; }; 507 | category default { default_syslog; named_file;}; 508 | category delegation-only { delegation-only_file; }; 509 | category dispatch { null; }; 510 | category dnssec { dnssec_file; }; 511 | category dnstap { null; }; 512 | category edns-disabled { null; }; 513 | category general { default_syslog; named_file; }; 514 | category lame-servers { lame-servers_file; }; 515 | category network { null; }; 516 | category notify { transfer_file; }; 517 | category nsid { null; }; 518 | category queries { queries_file; }; 519 | category query-errors { null; }; 520 | category rate-limit { rate-limit_file; }; 521 | category resolver { resolver_file; }; 522 | category rpz { null; }; 523 | category security { 524 | security_file; 525 | default_syslog; 526 | default_debug; 527 | }; 528 | category serve-stale { null; }; 529 | category spill { null; }; 530 | category trust-anchor-telemetry { null; }; 531 | category unmatched { null; }; 532 | category update { null; }; 533 | category update-security { null; }; 534 | category xfer-in { transfer_file; }; 535 | category xfer-out { transfer_file; }; 536 | category zoneload { null; }; 537 | }; 538 | 539 | lwres { "unspecified text"; }; // obsolete 540 | 541 | managed-keys { }; 542 | managed-keys { oopsie asdf 8 0 1 "asdfasddfasddfasf"; }; 543 | // TODO: Key secret has errors in them 544 | managed-keys { domain.name initial-key 8 1 2 "ab+cd/defet=="; 545 | }; 546 | managed-keys { 547 | asdf asdf 4 0 1 "keysecret=="; 548 | asdf asdf 8 0 1 "asdfasddfasddfasf"; 549 | }; 550 | 551 | masters empty_master { }; 552 | masters master_name { masters_nickname; }; 553 | masters master_name { 127.0.0.1; }; 554 | masters master_name { 1.1.1.1 key key_name; }; 555 | masters master_name { 1.1.1.1 port 65535; }; 556 | masters master_name{ 1.1.1.1 port 55 key XXX_name; }; 557 | masters master_name { fe08::7:8:127.0.0.1; }; 558 | masters master_name { fe08::7:8:127.0.0.1 key key_name; }; 559 | masters master_name { fe08::7:8:127.0.0.1 port 65535; }; 560 | masters master_name { fe08::7:8:127.0.0.1 port 65535 key XXX_key_name; }; 561 | masters master_name port 65535 { masters_nickname;}; 562 | masters master_name dscp 53 port 53 { masters_nickname; }; 563 | masters master_name port 53 dscp 53 { masters_nickname; }; 564 | masters master_name port 15 dscp 53 { masters_nickname key key_name; }; 565 | masters master_name dscp 1 { masters_nickname; }; 566 | masters master_name dscp 63 { masters_nickname; }; 567 | masters master_name { master_nickname key key_name ; }; 568 | masters master_name { masters_nickname; /* comment */; 1.1.1.1; 1.1.1.1 key key_name;}; 569 | masters master_name { 570 | /* comment */ 571 | one; }; 572 | masters master_name { 573 | masters_nickname; 574 | 1.1.1.1; /* my comments */ 575 | 1.1.1.1 key key_name; 576 | }; 577 | 578 | options { }; 579 | options 580 | { 581 | acache-cleaning-interval 12; // obsoleted 582 | acache-enable false; // obsoleted 583 | additional-from-auth true; // obsoleted 584 | additional-from-cache true; // obsoleted 585 | 586 | allow-new-zones yes; 587 | 588 | allow-notify { 1.1.1.1; }; 589 | allow-notify ! { ! 1.1.1.1; }; 590 | 591 | allow-notify { ! 1.1.1.1; }; 592 | allow-query ! { 1.1.1.1; { 127.0.0.1; }; }; 593 | allow-query-cache { 127.0.0.1; }; 594 | 595 | 596 | allow-query-cache { ! 127.0.0.1 ; }; 597 | 598 | # allow-query-cache { { 127.0.0.1 ; }; }; // TODO Do we want to fix this? 599 | # allow-query-cache { { { 127.0.0.1 ; }; }; }; 600 | allow-query-cache { 127.0.0.1; 127.0.0.1; 1.1.1.1; }; 601 | allow-query-cache {127.0.0.1; !{ !127.0.0.1;};}; 602 | allow-query-cache {!{1.1.1.1;{{3.3.3.3;}; ! 2.2.2.2;};};127.0.0.1;}; 603 | allow-query-cache {!{1.1.1.1;{{3.3.3.3;}; ! 2.2.2.2;};};127.0.0.1;}; 604 | allow-query-cache { key my_key_one; 127.0.0.1; { 1.1.1.1; }; }; 605 | allow-query-cache { 127.0.0.1; { 1.1.1.1; }; 127.0.0.1; }; 606 | allow-query-cache { 127.0.0.1; { 1.1.1.1; }; 127.0.0.1; { 127.1.1.1; }; }; 607 | allow-query-cache { !{ 1.1.1.1; }; 127.0.0.1; ! { 127.1.1.1; }; }; 608 | allow-query-cache-on { 1.1.1.1; }; 609 | allow-query-on { 1.1.1.1; }; 610 | allow-recursion { 1.1.1.1; }; 611 | allow-recursion-on { 1.1.1.1; }; 612 | /* options */ 613 | allow-transfer {1.1.1.1;}; 614 | allow-update {1.1.1.1;}; 615 | allow-update-forwarding {1.1.1.1;}; 616 | allow-v6-synthesis a6; // obsolete 617 | also-notify { master_name; 123.123.123.123; 2.2.2.2; fe80::1; }; 618 | alt-transfer-source 2.2.2.2 port * dscp 3; 619 | alt-transfer-source-v6 ffff:13::1 port * dscp 3; 620 | answer-cookie yes; 621 | attach-cache red_view; 622 | auth-nxdomain yes; 623 | auto-dnssec off; 624 | automatic-interface-scan yes; 625 | avoid-v4-udp-ports { *; }; 626 | avoid-v4-udp-ports { 9; }; 627 | avoid-v4-udp-ports { 9; 11; 12; 13; 14; }; 628 | avoid-v6-udp-ports { 9; 11; 12; 13; 14; }; 629 | bindkeys-file "/etc/bind/keys-file"; 630 | blackhole { key_id-name[1]1<1>; acl_name; 1.1.1.1; }; 631 | cache-file "/etc/bind/cache-file"; 632 | /* options */ 633 | catalog-zones { zone red_zone; }; 634 | catalog-zones { 635 | zone "catalog.example" 636 | default-masters { 10.53.0.1; master_name; } 637 | zone-directory "catzones" 638 | min-update-interval 10; 639 | in-memory no 640 | }; 641 | catalog-zones { zone "catalog.example"; }; 642 | check-dup-records warn; 643 | check-integrity yes; 644 | check-mx fail; 645 | check-mx-cname ignore; 646 | check-names primary warn; 647 | check-names secondary fail; 648 | check-names response ignore; 649 | check-names master ignore; 650 | check-names slave ignore; 651 | check-sibling yes; 652 | check-spf warn; 653 | check-spf ignore; 654 | check-spf fail; 655 | /* options */ 656 | check-srv-cname ignore; 657 | check-srv-cname fail; 658 | check-srv-cname warn; 659 | check-wildcard yes; 660 | cleaning-interval 1440; // obsoleted 661 | clients-per-query 0 ; 662 | cookie-algorithm sha1; 663 | cookie-algorithm aes; 664 | cookie-algorithm siphash24; 665 | cookie-secret "0123456789abcDef"; 666 | cookie-secret "0123456789aBcDeF0123"; 667 | cookie-secret "0123456789abcdef0123456789abcdef"; 668 | coresize 123; 669 | coresize unlimited; 670 | coresize default; 671 | datasize 123; 672 | datasize default; 673 | datasize unlimited; 674 | deallocate-on-exit no; // ancient 675 | deny-answer-addresses { "example.net"; 127.0.0.1/8; }; 676 | deny-answer-addresses { "example.net"; }; 677 | deny-answer-addresses { "acl_ntwk"; }; 678 | deny-answer-addresses { 123.123.123.123; }; 679 | /* options */ 680 | deny-answer-addresses { 123.123.123.123; } except-from { "localhost"; 1.2.3.4; }; 681 | deny-answer-addresses { 123.123.123.123; } 682 | except from { "localhost"; 1.2.3.4; }; 683 | deny-answer-addresses { 123.123.123.123; } 684 | except-from { ::ffff:0:127.0.0.1; "localhost" ; 1.2.3.4 ; }; 685 | deny-answer-addresses { 2001:db8:3:4::123.123.123.123; } 686 | except-from { 687 | "localhost"; 688 | 1.2.3.4; 689 | }; 690 | deny-answer-aliases { "example.net"; }; 691 | deny-answer-aliases { "acl_ntwk"; }; 692 | deny-answer-aliases { "example.org"; } except-from { "localhost"; 1.2.3.4; }; 693 | /* options */ 694 | deny-answer-aliases { "cname.example.com."; } 695 | except from { 696 | "localhost"; 697 | 1.2.3.4; 698 | }; 699 | dialup passive; 700 | dialup true; 701 | directory '/etc/bind'; 702 | disable-algorithms some_name { some_algo; some_algo2; }; 703 | disable-algorithms "some_name" { some_algo; }; 704 | disable-ds-digests some_name { some_algo; }; 705 | dns64 fe08::1/5 { break-dnssec no; }; // default 706 | dns64 fe08::1/5 { clients { any; }; }; // default 707 | dns64 fe08::1/5 { exclude { ::ffff:0.0.0.0/96; }; }; // default 708 | dns64 fe08::1/5 { mapped { any; }; }; // default 709 | dns64 fe08::1/5 { recursive-only no; }; // default 710 | /* options */ 711 | dns64 fe08::1/5 { 712 | break-dnssec yes ; 713 | recursive-only no ; 714 | suffix ::ffff:0.0.0.0/96 ; 715 | suffix ::ffff:0.0.0.0/96 ; 716 | exclude { ff:: ; } ; 717 | mapped { none; } ; 718 | recursive-only yes ; 719 | } ; 720 | dns64-contact "test.example.org"; 721 | dns64-server 'test.example.net.'; 722 | dnskey-sig-validity 1; 723 | dnsrps-enable yes; 724 | dnsrps-options { 'asdfasddfasdf'; }; 725 | dnsrps-options { "asdfasddfasdf"; }; 726 | dnsrps-options { xxxx } ; 727 | dnssec-accept-expired yes; 728 | dnssec-dnskey-kskonly no; 729 | dnssec-enable yes; // obsolete 730 | dnssec-enable no; // obsolete 731 | dnssec-enable True; // obsolete 732 | dnssec-enable faLSe; // obsolete 733 | /* options */ 734 | dnssec-loadkeys-interval 0; 735 | dnssec-lookaside no; 736 | dnssec-lookaside auto; 737 | dnssec-lookaside domain trust-anchor key_namename; 738 | dnssec-lookaside my-domain.edu trust-anchor keyname; 739 | dnssec-lookaside www_3.my-domain.edu trust-anchor keyname; 740 | dnssec-must-be-secure "aa_sr_v.example.org" yes; 741 | dnssec-must-be-secure 'aa_sr_v.example.org' yes; 742 | dnssec-must-be-secure aa_sr_v.example.org yes; 743 | dnssec-policy My_Secured_DNSSEC; 744 | dnssec-secure-to-insecure no; 745 | dnssec-update-mode no-resign; 746 | dnssec-update-mode maintain; 747 | dnssec-validation no; 748 | dnssec-validation yes; 749 | dnssec-validation auto; 750 | dnstap { all response; }; 751 | dnstap { all query; }; 752 | dnstap { auth query; }; 753 | dnstap { client query; }; 754 | dnstap { forwarder query; }; 755 | dnstap { resolver query; }; 756 | dnstap { update query; }; 757 | /* options */ 758 | dnstap-identity none; 759 | dnstap-identity hostname; 760 | dnstap-identity "example.com"; 761 | dnstap-identity 'example.com'; 762 | dnstap-identity example.com; # now invalid without quotes 763 | dnstap-output unix quotedstring" size unlimited version unlimited suffix increment; 764 | dnstap-output unix "quotedstring" size unlimited version unlimited suffix increment; 765 | dnstap-output 766 | unix "quotedstring" 767 | size unlimited 768 | versions unlimited suffix increment; 769 | dnstap-output 770 | file "/var/run/bind/dnstap-out.sock" 771 | size unlimited 772 | versions unlimited 773 | suffix increment; 774 | dnstap-version none; 775 | dnstap-version quoted_string; 776 | /* options */ 777 | dscp 63; 778 | dual-stack-servers { "example.com"; } ; 779 | dual-stack-servers { "example.com"; } ; 780 | dual-stack-servers port 123 {"example.com" ;} ; 781 | dual-stack-servers { "example.com" port 11111 dscp 53; }; 782 | dual-stack-servers { "example.com" port *; }; 783 | dual-stack-servers port * { 2.2.2.2; }; 784 | dual-stack-servers port 1 { 2.2.2.2 port 5; }; 785 | dual-stack-servers port 1 { 2.2.2.2 port 5 dscp 53; }; 786 | dual-stack-servers port 80 { "example.com."; }; 787 | dual-stack-servers port 443 { "example.com."; }; 788 | dump-file 'asdfasdfasdf'; 789 | edns-udp-size 512; 790 | empty-contact string; 791 | empty-contact "string"; 792 | empty-server string; 793 | empty-server "string"; 794 | empty-zones-enable yes; 795 | fake-iquery no; // ancient 796 | fetch-glue true; // ancient 797 | fetch-quota-params 1 1.1 1.1 1.1; 798 | fetches-per-server 50 fail; 799 | fetches-per-zone 50 fail; 800 | /* options */ 801 | files default; 802 | files unlimited; 803 | files 123; 804 | # filter-aaaa { any; }; // obsolete 805 | # filter-aaaa-on-v4 { any; }; // obsolete 806 | # filter-aaaa-on-v6 { any; }; // obsolete 807 | flush-zones-on-shutdown yes; 808 | forward first; 809 | forward only; 810 | forwarders { 1.1.1.1; }; 811 | forwarders { fe08::1; }; 812 | forwarders port 15 dscp 53 { 1.1.1.1 port 53 dscp 53; }; 813 | fstrm-set-buffer-hint 1; 814 | fstrm-set-flush-timeout 0; 815 | fstrm-set-input-queue-size 0; 816 | fstrm-set-output-notify-threshold 53; 817 | fstrm-set-output-queue-model mpsc; 818 | fstrm-set-output-queue-size 1; 819 | fstrm-set-reopen-interval 63; 820 | /* options */ 821 | geoip-directory '/usr/share/lib/geoip'; 822 | geoip-use-ecs no; // obsolete // obsolete 823 | glue-cache yes; 824 | has-old-clients no; // ancient 825 | heartbeat-interval 40320; 826 | host-statistics no; // ancient 827 | host-statistics-max 15; // ancient 828 | hostname none; 829 | hostname fqdn; 830 | hostname "fqdn"; 831 | inline-signing yes; 832 | interface-interval 40320; 833 | ixfr-from-differences primary; 834 | ixfr-from-differences master; 835 | ixfr-from-differences secondary; 836 | ixfr-from-differences slave; 837 | ixfr-from-differences true; 838 | ixfr-from-differences false; 839 | keep-response-order { 1.1.1.1; }; 840 | key-directory "/etc/bind/keys"; 841 | lame-ttl 35600; 842 | listen-on { 192.168.1.1; }; 843 | include "/var/lib/dhcp/bind-listen-on-named.conf"; 844 | listen-on { 845 | include "/var/lib/dhcp/bind-listen-on-ip.conf"; 846 | }; 847 | /* options */ 848 | listen-on { 849 | include "/var/lib/dhcp/bind-listen-on-ip.conf"; 850 | ; 851 | }; 852 | listen-on-v6 { ff08::1; }; 853 | lmdb-mapsize 15M; 854 | lock-file none; 855 | lock-file "/var/run/bind/lock/named.lock"; 856 | managed-keys-directory '/etc/bind/keys'; 857 | maintain-ixfr-base no; // ancient 858 | masterfile-format map; 859 | masterfile-style relative; 860 | match-mapped-addresses yes; 861 | max-acache-size unlimited; // obsolete 862 | max-cache-size 15G; 863 | max-cache-ttl 63; 864 | max-clients-per-query 1440; 865 | max-ixfr-log-size unlimited; // ancient 866 | max-journal-size 15G; 867 | max-ncache-ttl 63; 868 | max-records 63; 869 | /* options */ 870 | max-recursion-depth 63; 871 | max-recursion-queries 63; 872 | max-refresh-time 63; 873 | max-retry-time 63; 874 | max-rsa-exponent-size 7; 875 | max-stale-ttl 63; 876 | max-transfer-idle-in 100; 877 | max-transfer-idle-out 100; 878 | max-transfer-time-in 100; 879 | max-transfer-time-out 100; 880 | max-udp-size 1490; 881 | max-udp-size 490; 882 | max-zone-ttl 123123; 883 | max-zone-ttl unlimited; 884 | memstatistics yes; 885 | memstatistics-file "/var/bind/memstatistics"; 886 | message-compression no; 887 | /* options */ 888 | min-cache-ttl 63; 889 | min-ncache-ttl 63; 890 | min-refresh-time 63; 891 | min-retry-time 63; 892 | min-roots 5; // ancient 893 | minimal-any no; 894 | minimal-responses True; 895 | minimal-responses yes; 896 | minimal-responses no-auth; 897 | multi-master no; 898 | multiple-cnames no; // ancient 899 | named-xfer "/var/lib/bind9/named.xfer"; // ancient 900 | new-zones-directory "/var/lib/bind/newzones/"; 901 | no-case-compress { 1.1.1.1; }; 902 | nocookie-udp-size 1490; 903 | nosit-udp-size 512; // obsolete 904 | notify explicit; 905 | notify True; 906 | /* options */ 907 | notify-delay 15; 908 | notify-rate 15; 909 | notify-source 1.1.1.1 port * dscp 63; 910 | notify-source-v6 fe08::1 port * dscp 63; 911 | notify-source-v6 fe08::1.1.1.1 port * dscp 63; 912 | notify-to-soa yes; 913 | nta-lifetime 63; 914 | nta-recheck 63; 915 | nxdomain-redirect string; 916 | queryport-pool-ports 5; // obsolete 917 | queryport-pool-updateinterval 5; // obsolete 918 | pid-file '/run/named/named.pid'; 919 | port 53; 920 | preferred-glue A; 921 | preferred-glue AAAA; 922 | prefetch 53; 923 | prefetch 53 53; 924 | provide-ixfr yes; 925 | /* options */ 926 | qname-minimization off; 927 | query-source 1.1.1.1; 928 | query-source 1.1.1.1 port *; 929 | query-source 1.1.1.1 port 53; 930 | query-source 1.1.1.1 dscp 53; 931 | query-source 1.1.1.1 port * dscp 53; 932 | query-source address 1.1.1.1 port * dscp 53; 933 | query-source address 1.1.1.1; 934 | query-source address 1.1.1.1 port *; 935 | query-source address 1.1.1.1 port 53; 936 | query-source address 1.1.1.1 dscp 53; 937 | query-source address 1.1.1.1 port * dscp 53; 938 | query-source port *; 939 | query-source port 53; 940 | query-source port 53 dscp 53; 941 | query-source port * dscp 53; 942 | /* options */ 943 | query-source-v6 ff08::1 port * dscp 53; 944 | query-source-v6 1:2:3:4:5:6:7:1; 945 | query-source-v6 1:2:4::8 port *; 946 | query-source-v6 1:2:4::8 port 53; 947 | query-source-v6 1:2:4::8 dscp 53; 948 | query-source-v6 1:2:4::8 port * dscp 53; 949 | query-source-v6 address 1:2:4::8 port * dscp 53; 950 | query-source-v6 address 1:2:4::8; 951 | query-source-v6 address 1:2:4::8 port *; 952 | query-source-v6 address 1:2:4::8 port 53; 953 | query-source-v6 address 1:2:4::8 dscp 53; 954 | query-source-v6 address 1:2:4::8 port * dscp 53; 955 | query-source-v6 port *; 956 | query-source-v6 port 53; 957 | query-source-v6 port 53 dscp 53; 958 | query-source-v6 port * dscp 53; 959 | querylog yes; 960 | random-device "/dev/urandom"; 961 | random-device none; 962 | /* options */ 963 | rate-limit { all-per-second 15; 964 | errors-per-second 15; 965 | exempt-clients { 1.1.1.1; }; 966 | ipv4-prefix-length 12; 967 | ipv6-prefix-length 96; 968 | log-only no; 969 | max-table-size 63; 970 | min-table-size 63; 971 | nodata-per-second 63; 972 | nxdomains-per-second 63; 973 | qps-scale 5; 974 | referrals-per-second 15; 975 | responses-per-second 15; 976 | slip 15; 977 | window 15; 978 | }; 979 | recursing-file "/var/lib/bind/recursing/"; 980 | recursion yes; 981 | recursive-clients 123; 982 | /* options */ 983 | request-expire no; 984 | request-ixfr no; 985 | request-nsid no; 986 | request-sit no; // obsolete 987 | require-server-cookie no; 988 | reserved-sockets 128; 989 | resolver-nonbackoff-tries 10; 990 | resolver-query-timeout 5; 991 | resolver-retry-interval 5; 992 | response-padding { 1.1.1.1; } block-size 15; 993 | response-padding { ! 1.1.1.1; { ! 1.1.1.1; }; } block-size 15; 994 | response-padding { ! any; 1.1.1.1; } block-size 15; 995 | /* options */ 996 | response-policy { 997 | zone red_zone log yes max-policy-ttl 63 998 | min-update-interval 63 999 | policy no-op 1000 | recursive-only no 1001 | nsip-enable yes 1002 | nsdname-enable yes; } 1003 | break-dnssec True max-policy 63 min-update-interval 63 1004 | min-ns-dots 3 nsip-wait-recurse False 1005 | qname-wait-recurse False 1006 | recursive-only False nsip-enable True nsdname-enable True 1007 | dnsrps-enable True dnsrps-options { "IStrangeThings"; }; 1008 | rfc2308-type1 no; // ancient 1009 | root-delegation-only; 1010 | root-delegation-only exclude { "me"; "dk"; "ge"; }; 1011 | root-delegation-only exclude; 1012 | root-key-sentinel yes; 1013 | /* options */ 1014 | rrset-order { order fixed; }; 1015 | rrset-order { class ANY order none; }; 1016 | rrset-order { type ANY order none; }; 1017 | rrset-order { class ANY type ANY order none; }; 1018 | rrset-order { class ANY name "example.net" order none; }; 1019 | rrset-order { type ANY name "example.net" order none; }; 1020 | rrset-order { class ANY type ANY name "example.net" order none; }; 1021 | rrset-order { class any type A name "example.net" order fixed; }; 1022 | rrset-order { class IN type any name "*" order random; }; 1023 | rrset-order { class IN type A name "example.net" order cyclic; }; 1024 | rrset-order { class IN type A name "example.net" order none; }; 1025 | secroots-file "/var/lib/bind/secroots"; 1026 | send-cookie yes; 1027 | serial-queries 1; // ancient 1028 | serial-query-rate 1; 1029 | serial-update-method unixtime; 1030 | /* options */ 1031 | server-id none; 1032 | server-id hostname; 1033 | server-id example.org; 1034 | servfail-ttl 63; 1035 | session-keyalg algorithm_string; 1036 | session-keyfile none; 1037 | session-keyname my_session_key; 1038 | sig-signing-nodes 63; 1039 | sig-signing-signatures 63; 1040 | sig-signing-type 63; 1041 | sig-validity-interval 63; 1042 | sig-validity-interval 63 63; 1043 | sit-secret "secret_string"; // obsolete 1044 | sortlist { 1.1.1.1; }; 1045 | /* options */ 1046 | stacksize 1m; 1047 | stale-answer-enable no; 1048 | stale-answer-ttl 63; 1049 | startup-notify-rate 63; 1050 | statistics-file "/var/log/bind/statistics"; 1051 | statistics-interval 30; // ancient 1052 | synth-from-dnssec no; 1053 | tcp-advertised-timeout 63; 1054 | tcp-clients 63; 1055 | tcp-idle-timeout 63; 1056 | tcp-initial-timeout 63; 1057 | tcp-keepalive-timeout 63; 1058 | tcp-listen-queue 63; 1059 | tkey-dhkey "key_name" 33122; 1060 | tkey-domain "key_name"; 1061 | tkey-gssapi-credential quoted_string; 1062 | tkey-gssapi-keytab quoted_string; 1063 | transfer-format many-answers; 1064 | transfer-format one-answer; 1065 | /* options */ 1066 | transfer-message-size 63; 1067 | transfer-source * port * dscp 63; 1068 | transfer-source-v6 fe08::127.0.0.1 port 53; 1069 | transfers-in 63; 1070 | transfers-out 63; 1071 | transfers-per-ns 63; 1072 | treat-cr-as-space no; // ancient 1073 | trust-anchor-telemetry true; 1074 | try-tcp-refresh true; 1075 | trust-anchors { example.net initial-ds 1 1 1 yes; }; 1076 | update-check-ksk true; 1077 | use-alt-transfer-source yes; 1078 | use-id-pool no; // ancient 1079 | use-ixfr no; // obsolete 1080 | use-queryport-pool no; // obsolete 1081 | use-v6-udp-ports { range 1 65535; }; 1082 | use-v4-udp-ports { range 1 65535; }; 1083 | v6-bias 5; 1084 | validate-except { example.local; }; 1085 | version none; 1086 | zero-no-soa-ttl no; 1087 | /* options */ 1088 | zero-no-soa-ttl-cache 15; 1089 | zone-statistics false; 1090 | zone-statistics full; 1091 | zone-statistics none; 1092 | zone-statistics terse; 1093 | zone-statistics true; 1094 | }; 1095 | 1096 | plugin query "filespec.so" { driver_par ;ameters }; 1097 | plugin query filespec { "driver_para eters" }; 1098 | plugin query 'filespec' { 'driver_para="asdf", eters' }; 1099 | plugin "filespec"; 1100 | plugin query "filespec"; 1101 | 1102 | server 1.1.1.1/32 { }; 1103 | server 192.1.2.324/24 { 1104 | allow-v6-synthesis AAAA; // obsoleted 1105 | # also-notify { 123.123.123.123; 2.2.2.2; }; // obsoleted 1106 | bogus yes; 1107 | edns yes; 1108 | edns-version 15; 1109 | keys key_id; 1110 | max-udp-size 4096 1111 | max-udp-size 4097 1112 | max-udp-size x096xx 1113 | notify-source 1.1.1.1 port * dscp 53; 1114 | notify-source-v6 ff08::1 port * dscp 53; 1115 | padding 1490; 1116 | provide-ixfr no; 1117 | query-source 1.1.1.1 port * dscp 53; 1118 | query-source-v6 ff08::1 port * dscp 53; 1119 | request-expire yes; 1120 | request-ixfr yes; 1121 | request-nsid yes; 1122 | request-sit no; // obsolete 1123 | send-cookie yes; 1124 | support-ixfr no; // obsolete 1125 | tcp-keepalive yes; 1126 | tcp-only yes; 1127 | transfer-format many-answers; 1128 | transfer-source * port * dscp 63; 1129 | transfer-source-v6 fe80:1::127.0.0.1 port * dscp 63; 1130 | transfer-source-v6 fe08:1::127.0.0.1 port 53; 1131 | transfers 15; 1132 | }; 1133 | 1134 | statistics-channels { 1135 | inet 1.1.1.1 allow { any; };; 1136 | inet 1.1.1.1 port * allow { any; };; 1137 | inet 1.1.1.1 port 53 allow { any; };; 1138 | inet 1.1.1.1 allow { 1.1.1.1; }; 1139 | inet 1.1.1.1 port 53 allow { 1.1.1.1; }; 1140 | inet fe08::1; 1141 | inet fe08::1 port 53; 1142 | inet fe08::1 allow { 1.1.1.1; }; 1143 | inet fe08::1 port 53 allow { 1.1.1.1; }; 1144 | inet * allow { any; }; 1145 | inet * allow { 1.1.1.1; }; 1146 | inet * port * allow { any; }; 1147 | inet * port 53 allow { any; }; 1148 | inet * port 53 allow { 1.1.1.1; }; 1149 | }; 1150 | 1151 | trust-anchors { example.invalid initial-ds 3 8 3 12397123987123987123971239879; }; 1152 | trust-anchors { example.invalid static-ds 3 8 0 12397123987123987123971239879; }; 1153 | trust-anchors { example.invalid initial-key 3 8 1 12397123987123987123971239879; }; 1154 | trust-anchors { example.invalid static-key 3 11 0 12397123987123987123971239879; }; 1155 | trusted-keys { example.invalid 3 0 1 12397123987123987123971239879; }; 1156 | 1157 | view empty { }; 1158 | 1159 | view "redview" { 1160 | acache-cleaning-interval no; // obsolete 1161 | acache-enable no; // obsolete 1162 | additional-from-auth no; // obsolete 1163 | additional-from-cache no; // obsolete 1164 | /* help */ allow-new-zones yes; 1165 | allow-notify { 1.1.1.1; }; 1166 | allow-query { 1.1.1.1; }; 1167 | allow-query-cache { 1.1.1.1; }; 1168 | allow-query-cache-on { 1.1.1.1; }; 1169 | allow-query-on { 1.1.1.1; }; 1170 | allow-recursion { 1.1.1.1; }; 1171 | allow-recursion-on { 1.1.1.1; }; 1172 | /* VIEW */ 1173 | allow-transfer {1.1.1.1;}; 1174 | allow-update {1.1.1.1;}; 1175 | allow-update-forwarding {1.1.1.1;}; 1176 | allow-v6-synthesis AAAA; // obsoleted 1177 | also-notify { 123.123.123.123; 2.2.2.2; }; 1178 | alt-transfer-source 1.1.1.1; 1179 | alt-transfer-source *; 1180 | alt-transfer-source 2.2.2.2 dscp 15 port *; 1181 | alt-transfer-source 2.2.2.2 port * dscp 3; 1182 | alt-transfer-source * port * dscp 14; 1183 | alt-transfer-source-v6 fe08::7:8 port * dscp 3; 1184 | attach-cache view_red; 1185 | asdfasdfasddfasddf; 1186 | auth-nxdomain yes; 1187 | auto-dnssec maintain; 1188 | cache-file "/etc/bind/cache-file"; 1189 | catalog-zones { zone red_zone default-masters; }; 1190 | /* VIEW */ 1191 | catalog-zones { 1192 | zone "catalog.example" 1193 | default-masters { 10.53.0.1; } 1194 | in-memory no 1195 | zone-directory "catzones" 1196 | min-update-interval 10; 1197 | }; 1198 | catalog-zones { zone "catalog.example"; }; 1199 | check-dup-records warn; 1200 | check-integrity yes; /* help */ ; 1201 | check-mx fail; 1202 | check-mx-cname ignore; 1203 | check-names warn; 1204 | check-sibling yes; 1205 | check-spf ignore; 1206 | check-srv-cname fail; 1207 | check-wildcard yes; 1208 | /* VIEW */ 1209 | cleaning-interval 10; 1210 | clients-per-query 10; 1211 | deny-answer-addresses { "example.net"; }; 1212 | deny-answer-addresses { acl_ntwk; }; 1213 | deny-answer-addresses { 123.123.123.123; }; 1214 | deny-answer-addresses { 123.123.123.123; } except from { "localhost"; 1.2.3.4; }; 1215 | deny-answer-addresses { 123.123.123.123; } 1216 | except from { 1217 | "localhost"; 1218 | 1.2.3.4; 1219 | }; 1220 | deny-answer-aliases { "example.net"; }; 1221 | deny-answer-aliases { acl_ntwk; }; 1222 | deny-answer-aliases { "example.org"; } except from { "localhost"; 1.2.3.4; }; 1223 | /* VIEW */ 1224 | deny-answer-aliases { "cname.example.com"; } 1225 | except from { 1226 | "localhost"; 1227 | 1.2.3.4; 1228 | }; 1229 | dialup true; 1230 | dnskey-sig-validity 1; 1231 | disable-algorithms 'some_name' { some_algo; some_algo2; }; 1232 | disable-algorithms "some_name" { some_algo; }; 1233 | disable-algorithms some_name { some_algo; }; 1234 | disable-ds-digests some_name { some_algo; }; 1235 | disable-empty-zone blah; 1236 | dlz dlz_name { database "database-specific crap"; search no; }; 1237 | /* VIEW */ 1238 | dns64 fe08::1/5 { 1239 | suffix ::ffff:0.0.0.0/96; 1240 | recursive-only no; 1241 | }; 1242 | dns64-contact "test.level1.example"; 1243 | dns64-server "test.level2.example."; 1244 | dnskey-sig-validity 5; 1245 | dnsrps-enable yes; 1246 | dnsrps-options { "asdfasddfasdf"; }; 1247 | dnssec-accept-expired no; 1248 | dnssec-dnskey-kskonly yes; 1249 | dnssec-enable True; // obsolete 1250 | dnssec-lookaside auto; 1251 | dnssec-lookaside no; 1252 | dnssec-must-be-secure example.com True; 1253 | dnssec-update-mode no-resign; 1254 | dnssec-validation True; 1255 | dnstap { all; }; 1256 | dnstap { all query; }; 1257 | dnstap { all response; }; 1258 | dnstap { auth; }; 1259 | dnstap { auth query; }; 1260 | dnstap { auth response; }; 1261 | dnstap { client; }; 1262 | dnstap { client query; }; 1263 | dnstap { client response; }; 1264 | dnstap { forwarder; }; 1265 | dnstap { forwarder query; }; 1266 | dnstap { forwarder response; }; 1267 | dnstap { resolver; }; 1268 | dnstap { resolver query; }; 1269 | dnstap { resolver response; }; 1270 | dnstap { update; }; 1271 | dnstap { update query; }; 1272 | dnstap { update response; }; 1273 | dual-stack-servers { "example.com"; } ; 1274 | dual-stack-servers port 123{"example.com" ;} ; 1275 | dual-stack-servers { "example.com" port 11111; }; 1276 | dual-stack-servers port * { 2.2.2.2; }; 1277 | dual-stack-servers port 1 { 2.2.2.2 port 5; }; 1278 | dual-stack-servers port 80 { "example.com."; }; 1279 | dual-stack-servers port 443 { "example.com."; }; 1280 | dyndb dyndb_name "something" { "unspecified_text"; }; 1281 | edns-udp-size 1115; 1282 | empty-contact "webmaster.example.com"; 1283 | empty-server "webmaster.example.com"; 1284 | empty-zones-enable true; 1285 | fetch-glue true; // ancient 1286 | fetch-quota-params 15 3.0 2.0 1.0; 1287 | fetches-per-server 15 fail; 1288 | /* VIEW */ 1289 | fetches-per-zone 15 fail; 1290 | # filter-aaaa { any; }; // obsolete 1291 | filter-aaaa-on-v4 no; // obsolete 1292 | filter-aaaa-on-v6 no; // obsolete 1293 | forward only; 1294 | forwarders port 53 dscp 53 { 1.1.1.1; }; 1295 | glue-cache yes; 1296 | heartbeat-interval 1; // obsoleted? 1297 | hostname none; // obsoleted? 1298 | hostname "www.example.com"; // obsoleted? 1299 | /* ZZZ VIEW */ 1300 | inline-signing yes; 1301 | ixfr-from-differences no; 1302 | key key_name { algorithm AES; secret "0123456789abcdef0123456789abcdef"; }; 1303 | key-directory "/etc/bind/keys"; 1304 | lame-ttl 35600; 1305 | maintain-ixfr-base no; // ancient 1306 | managed-keys-directory "/etc/bind/keys"; 1307 | masterfile-format text; 1308 | /* VIEW */ 1309 | masterfile-style full; 1310 | match-clients { 1.1.1.1; }; 1311 | match-destinations { 1.1.1.1; }; 1312 | match-recursive-only yes; 1313 | max-acache-size unlimited; // obsolete 1314 | max-cache-size default; 1315 | max-cache-size unlimited; 1316 | max-cache-size 15G; 1317 | max-cache-ttl 3600; 1318 | max-clients-per-query 53; 1319 | /* VIEW */ 1320 | max-ixfr-log-size unlimited; // ancient 1321 | max-journal-size unlimited; 1322 | max-ncache-ttl 53; 1323 | max-records 53; 1324 | max-recursion-depth 53; 1325 | max-recursion-queries 53; 1326 | max-refresh-time 53; 1327 | max-retry-time 53; 1328 | max-stale-ttl 53; 1329 | max-transfer-idle-in 53; // my inline comment seems to work now. 1330 | max-transfer-idle-out 53; 1331 | max-transfer-time-in 53; 1332 | max-transfer-time-out 53; 1333 | max-udp-size 4096; 1334 | max-udp-size 1024; 1335 | max-udp-size 512; 1336 | max-udp-size 0; 1337 | max-udp-size 1; 1338 | max-udp-size 4097; 1339 | max-udp-size x; 1340 | max-zone-ttl unlimited; 1341 | message-compression no; 1342 | min-cache-ttl 53; 1343 | /* VIEW */ 1344 | min-ncache-ttl 53; 1345 | min-refresh-time 53; 1346 | min-retry-time 53; 1347 | min-roots 5; // ancient 1348 | minimal-any yes; 1349 | minimal-responses no-auth; 1350 | multi-master yes; 1351 | new-zones-directory "/var/lib/bind/newzones/"; 1352 | no-case-compress { 1.1.1.1; }; 1353 | nosit-udp-size 3; // obsolete 1354 | notify explicit; 1355 | notify-source 1.1.1.1 port * dscp 53; 1356 | notify-source-v6 1:: port * dscp 53; 1357 | notify-source * port * dscp 63; // moved to server/options 1358 | notify-source 1.1.1.1 port * dscp 63; // moved to server/options 1359 | notify-source-v6 fe08::1.1.1.1 port * dscp 63; // moved to server/options 1360 | notify-to-soa yes; 1361 | nta-lifetime 53; 1362 | nta-recheck 53; 1363 | nxdomain-redirect "string"; 1364 | plugin query "filter-aaaa.so" { "filter-aaaa.o" }; 1365 | preferred-glue aaaa; 1366 | prefetch 53; 1367 | prefetch 53 53; 1368 | provide-ixfr yes; 1369 | qname-minimization relaxed; 1370 | query-source 1.1.1.1 port * dscp 53; 1371 | query-source 1.1.1.1 port 123 dscp 53; 1372 | query-source-v6 fe08:1::127.0.0.1 port * dscp 53; 1373 | queryport-pool-ports 5; // obsolete 1374 | queryport-pool-updateinterval 5; // obsolete 1375 | rate-limit { 1376 | all-per-second 15; 1377 | errors-per-second 15; 1378 | exempt-clients { 1.1.1.1; }; 1379 | ipv4-prefix-length 12; 1380 | ipv6-prefix-length 96; 1381 | log-only no; 1382 | max-table-size 63; 1383 | min-table-size 63; 1384 | /* VIEW */ 1385 | nodata-per-second 63; 1386 | nxdomains-per-second 63; 1387 | qps-scale 5; 1388 | referrals-per-second 15; 1389 | responses-per-second 15; 1390 | slip 15; 1391 | window 15; 1392 | }; 1393 | recursion yes; 1394 | request-expire yes; 1395 | request-ixfr yes; 1396 | request-nsid yes; 1397 | request-sit no; // obsolete 1398 | require-server-cookie no; 1399 | resolver-nonbackoff-tries 5; 1400 | resolver-query-timeout 15; 1401 | resolver-retry-interval 15; 1402 | response-padding { 1.1.1.1; } block-size 15M; 1403 | /* VIEW */ 1404 | response-policy { zone red_zone log yes max-policy-ttl 63 }; 1405 | rfc2308-type1 no; // ancient 1406 | root-delegation-only exclude { string; }; 1407 | root-key-sentinel yes; 1408 | rrset-order { class IN type A name example.org order cyclic; }; 1409 | send-cookie yes; 1410 | session-keyname my_session_key; 1411 | server 192.1.2.324 { 1412 | # allow-v6-synthesis AAAA; // obsoleted 1413 | # also-notify { 123.123.123.123; master_name; 2.2.2.2; }; // obsoleted 1414 | bogus yes; 1415 | edns yes; 1416 | edns-version 15; 1417 | keys key_id; 1418 | max-udp-size 4096; 1419 | notify-source 1.1.1.1 port * dscp 53; 1420 | notify-source-v6 fe08:1::1.1.1.1 port * dscp 53; 1421 | padding 1490; 1422 | provide-ixfr no; 1423 | query-source 1.1.1.1 port * dscp 53; 1424 | query-source-v6 fe08:2::1.1.1.1 port * dscp 53; 1425 | request-expire yes; 1426 | request-ixfr yes; 1427 | request-nsid yes; 1428 | send-cookie yes; 1429 | tcp-keepalive yes; 1430 | tcp-only yes; 1431 | transfer-format many-answers; 1432 | transfer-source * port * dscp 63; 1433 | transfer-source-v6 fe08::1 port 53; 1434 | transfers 15; 1435 | }; 1436 | servfail-ttl 63; 1437 | sig-signing-nodes 53; 1438 | sig-signing-signatures 53; 1439 | sig-signing-type 53; 1440 | sig-validity-interval 53; 1441 | sig-validity-interval 53 53; 1442 | sortlist { 1.1.1.1; }; 1443 | stale-answer-enable no; 1444 | stale-answer-ttl 53; 1445 | synth-from-dnssec yes; 1446 | /* VIEW */ 1447 | transfer-format many-answers; 1448 | transfer-source * port * dscp 53; 1449 | transfer-source-v6 * port * dscp 53; 1450 | # trust-anchor-telemtry { string integer integer integer quoted_string; }; 1451 | try-tcp-refresh yes; 1452 | update-check-ksk yes; 1453 | use-alt-transfer-source yes; 1454 | v6-bias 5; 1455 | validate-except { example.net; }; 1456 | zero-no-soa-ttl no; 1457 | zero-no-soa-ttl-cache yes; 1458 | zone zone_name { }; # see top-level 'zone' statement for more options 1459 | zone-statistics full; 1460 | zone-statistics terse; 1461 | zone-statistics none; 1462 | zone-statistics True; 1463 | /* VIEW */ 1464 | }; 1465 | 1466 | view private_view { 1467 | recursion True; 1468 | zone adult_zone { 1469 | auto-dnssec off; 1470 | dnssec-policy example.com; 1471 | }; 1472 | servfail-ttl 63; 1473 | }; 1474 | view private_view { 1475 | allow-transfer {1.1.1.1;}; 1476 | zone teenagers_zone { 1477 | allow-transfer {1.1.1.1;}; 1478 | auto-dnssec maintain; 1479 | check-dup-records fail; 1480 | }; 1481 | allow-transfer {1.1.1.1;}; 1482 | }; 1483 | view private_view { 1484 | zone toddler_zone { }; 1485 | forwarders { 1.1.1.1; }; 1486 | }; 1487 | view private_view { 1488 | ixfr-from-differences no; 1489 | key key_name { algorithm AES; secret "0123456789abcdef0123456789abcdef"; }; 1490 | key-directory "/etc/bind/keys"; 1491 | lame-ttl 35600; 1492 | managed-keys-directory "/etc/bind/keys"; 1493 | masterfile-format text; 1494 | server 127.0.0.1/5 { }; 1495 | zone teenagers_zone { }; 1496 | }; 1497 | 1498 | # no_such_keyword; 1499 | 1500 | zone empty { }; 1501 | zone zone-red { 1502 | allow-notify { 1.1.1.1; }; 1503 | allow-query { 1.1.1.1; }; 1504 | allow-query-on { 1.1.1.1; }; 1505 | allow-transfer {1.1.1.1;}; 1506 | allow-update {1.1.1.1; key private_key; acl_name; }; 1507 | also-notify { 123.123.123.123; 2.2.2.2; }; 1508 | allow-update-forwarding {1.1.1.1;}; 1509 | alt-transfer-source 2.2.2.2 port * dscp 3; 1510 | alt-transfer-source-v6 fe08::2 port * dscp 3; 1511 | auto-dnssec maintain; 1512 | check-dup-records fail; 1513 | check-integrity yes; 1514 | /* ZONE */ 1515 | check-mx fail; 1516 | check-mx-cname ignore; 1517 | check-names warn; 1518 | check-sibling yes; 1519 | check-spf warn; 1520 | check-srv-cname fail; 1521 | check-wildcard yes; 1522 | database string; 1523 | delegation-only no; 1524 | dialup notify; 1525 | dialup notify-passive; 1526 | dialup refresh; 1527 | dialup notify; 1528 | dialup passive; 1529 | dialup true; 1530 | dialup false; 1531 | # dlz dlz_name { database "database-specific crap"; search no; }; # uh??? 1532 | # dlz block got all moved into a clause-level 'dlz' keyword 1533 | dlz dlz_name; 1534 | dnskey-sig-validity 366; 1535 | dnssec-dnskey-kskonly yes; 1536 | dnssec-loadkeys-interval 5; 1537 | dnssec-policy My_Secured_DNSSEC; 1538 | dnssec-secure-to-insecure no; 1539 | dnssec-update-mode no-resign; 1540 | file "/var/log/pittance.log"; 1541 | files *; 1542 | files default; 1543 | files unlimited; 1544 | files 99; 1545 | forward first; // only in top-level zone statement, and not inside view? 1546 | forward only; // only in top-level zone statement, and not inside view? 1547 | forwarders { 1.1.1.1; }; 1548 | forwarders { 1.1.1.1 port 53; }; 1549 | forwarders { 1.1.1.1 dscp 53; }; 1550 | forwarders { 1.1.1.1 port 53 dscp 53; }; 1551 | forwarders port 53 { 1.1.1.1; }; 1552 | forwarders port 53 { 1.1.1.1 port 53; }; 1553 | forwarders port 53 { 1.1.1.1 dscp 53; }; 1554 | forwarders port 53 { 1.1.1.1 port 53 dscp 53; }; 1555 | forwarders dscp 53 { 1.1.1.1; }; 1556 | forwarders dscp 53 { 1.1.1.1 port 53; }; 1557 | forwarders dscp 53 { 1.1.1.1 dscp 53; }; 1558 | forwarders dscp 53 { 1.1.1.1 port 53 dscp 53; }; 1559 | forwarders port 53 dscp 53 { 1.1.1.1; }; 1560 | forwarders port 53 dscp 53 { 1.1.1.1 port 53; }; 1561 | forwarders port 53 dscp 53 { 1.1.1.1 dscp 53; }; 1562 | forwarders port 53 dscp 53 { 1.1.1.1 port 53 dscp 53; }; 1563 | /* ZZZ ZONE */ 1564 | in-view view_name; 1565 | inline-signing yes; // only inside view 1566 | ixfr-base "asdf"; // ancient 1567 | ixfr-from-differences yes; 1568 | ixfr-tmp-file "asdf"; // ancient 1569 | journal "/var/lib/bind/journal/"; 1570 | key-directory "/etc/bind/keys"; 1571 | maintain-ixfr-base no; // ancient 1572 | masterfile-format raw; 1573 | masterfile-style relative; 1574 | masters port 53 dscp 53 { master_name key key_name; }; 1575 | max-ixfr-log-size unlimited; // ancient 1576 | max-journal-size unlimited; 1577 | max-records 53; 1578 | max-refresh-time 53; 1579 | max-retry-time 53; 1580 | max-transfer-idle-in 53; 1581 | max-transfer-idle-out 53; 1582 | max-transfer-time-in 53; 1583 | /* ZONE */ 1584 | max-transfer-time-out 53; 1585 | max-zone-ttl unlimited; 1586 | min-refresh-time 53; 1587 | min-retry-time 53; 1588 | multi-master no; 1589 | notify explicit; 1590 | notify-delay 53; 1591 | notify-source * port * dscp 63; // moved to server/options 1592 | notify-source 1.1.1.1 port * dscp 63; // moved to server/options 1593 | notify-source-v6 fe08::1.1.1.1 port * dscp 63; // moved to server/options 1594 | notify-to-soa yes; 1595 | nsec3-test-zone no; 1596 | pubkey 8 1 1 "asdfasdfasddfasddfasdfasdf"; 1597 | request-expire no; 1598 | request-ixfr no; 1599 | serial-update-method date; 1600 | server-addresses { 1.1.1.1; }; 1601 | server-names { example.com; }; 1602 | server-names { "example.com;" }; 1603 | session-keyname my_session_key; 1604 | sig-signing-nodes 53; 1605 | sig-signing-signatures 53; 1606 | /* ZONE */ 1607 | sig-signing-type 53; 1608 | sig-validity-interval 53; 1609 | sig-validity-interval 53 53; 1610 | transfer-source * port * dscp 63; 1611 | transfer-source-v6 fe08::127.0.0.1 port 53; 1612 | try-tcp-refresh yes; 1613 | type delegation-only; 1614 | type forward; 1615 | type master; 1616 | type mirror; 1617 | type redirect; 1618 | type primary; 1619 | type secondary; 1620 | update-check-ksk yes; 1621 | update-policy local; 1622 | update-policy { 1623 | grant ddns-sha256-arca-a-key self nsec3; 1624 | grant ddns-sha256-arca-a-key self A; 1625 | grant ddns-sha256-arca-a-key self ANY; 1626 | grant ddns-sha256-arca-a-key self arca.example.com Any; 1627 | grant ddns-sha256-arca-a-key self arca.example.com A6; 1628 | grant ddns-sha256-arca-a-key self example.com SOA; 1629 | grant ddns-sha256-arca-a-key self arca.example.com PTR; 1630 | }; 1631 | use-alt-transfer-source yes; 1632 | zero-no-soa-ttl yes; 1633 | zone-statistics full; 1634 | }; 1635 | 1636 | zone string { 1637 | type delegation-only; 1638 | }; 1639 | 1640 | zone string IN { 1641 | type delegation-only; 1642 | }; 1643 | 1644 | zone string IN { 1645 | type forward; 1646 | delegation-only yes; 1647 | delegation-only no; 1648 | delegation-only false; 1649 | delegation-only true; 1650 | forward first; 1651 | forward only; 1652 | forwarders { 1.1.1.1; }; 1653 | forwarders { 1.1.1.1 port 53; }; 1654 | forwarders { 1.1.1.1 dscp 53; }; 1655 | forwarders { 1.1.1.1 port 53 dscp 53; }; 1656 | forwarders port 53 { 1.1.1.1; }; 1657 | forwarders port 53 { 1.1.1.1 port 53; }; 1658 | forwarders port 53 { 1.1.1.1 dscp 53; }; 1659 | forwarders port 53 { 1.1.1.1 port 53 dscp 53; }; 1660 | forwarders dscp 53 { 1.1.1.1; }; 1661 | forwarders dscp 53 { 1.1.1.1 port 53; }; 1662 | forwarders dscp 53 { 1.1.1.1 dscp 53; }; 1663 | forwarders dscp 53 { 1.1.1.1 port 53 dscp 53; }; 1664 | forwarders port 53 dscp 53 { 1.1.1.1; }; 1665 | forwarders port 53 dscp 53 { 1.1.1.1 port 53; }; 1666 | forwarders port 53 dscp 53 { 1.1.1.1 dscp 53; }; 1667 | forwarders port 53 dscp 53 { 1.1.1.1 port 53 dscp 53; }; 1668 | }; 1669 | 1670 | zone string { 1671 | type hint; 1672 | check-names fail; 1673 | check-names warn; 1674 | check-names ignore; 1675 | delegation-only no; 1676 | delegation-only yes; 1677 | file "/dirspec/filepart.filetype"; 1678 | }; 1679 | zone string CHAOS { 1680 | type hint; 1681 | check-names fail; 1682 | check-names warn; 1683 | check-names ignore; 1684 | delegation-only no; 1685 | delegation-only yes; 1686 | file "/dirspec/filepart.filetype"; 1687 | }; 1688 | 1689 | 1690 | 1691 | zone redirect_zone IN { 1692 | type redirect; 1693 | allow-query { 1.1.1.1; }; 1694 | allow-query-on { 1.1.1.1; }; 1695 | dlz "some_dlz_string"; 1696 | file "/dirspec/filepart.filetype"; 1697 | masterfile-format map; 1698 | masterfile-format raw; 1699 | masterfile-format text; 1700 | masterfile-style full; 1701 | masterfile-style relative; 1702 | masters { primaries_name; }; 1703 | masters port 53 { primaries_name; }; 1704 | masters dscp 53 { primaries_name; }; 1705 | masters port 53 dscp 53 { primaries_name; }; 1706 | masters { primaries_name key some_key_name; }; 1707 | masters port 53 { primaries_name key some_key_name; }; 1708 | masters dscp 53 { primaries_name key some_key_name; }; 1709 | masters port 53 dscp 53 { primaries_name key some_key_name; }; 1710 | masters { 1.1.1.1 port 53; }; 1711 | masters port 53 { 1.1.1.1 port 53; }; 1712 | masters dscp 53 { 1.1.1.1 port 53; }; 1713 | masters port 53 dscp 53 { 1.1.1.1 port 53; }; 1714 | masters { 1.1.1.1 port 53 key some_key_name; }; 1715 | masters port 53 { 1.1.1.1 port 53 key some_key_name; }; 1716 | masters dscp 53 { 1.1.1.1 port 53 key some_key_name; }; 1717 | masters port 53 dscp 53 { 1.1.1.1 port 53 key some_key_name; }; 1718 | 1719 | max-records 1; 1720 | max-zone-ttl ( unlimited | ); 1721 | primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ]; ... }; 1722 | zone-statistics ( full | terse | none | ); 1723 | }; 1724 | zone "127.In-addr.ARPA" { type master; file "ARPA.In-addr.127"; }; 1725 | zone "0.0.127.in-addr.arpa" IN 1726 | { 1727 | type master; 1728 | file "master/localhost.rev"; 1729 | allow-update { none; }; 1730 | }; 1731 | 1732 | zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" { 1733 | type master; 1734 | file "ARPA.IP6.0000--0000-0000-0000"; }; 1735 | zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" { 1736 | type master; 1737 | file "ARPA.IP6.0000--0000-0000-0000"; }; 1738 | 1739 | zone "f.f.f.f.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" { 1740 | type master; 1741 | file "ARPA.IP6.0000--ffff-0000-0000"; }; 1742 | zone "f.f.f.f.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" { 1743 | type master; 1744 | file "ARPA.IP6.0000--ffff-0000-0000"; }; 1745 | 1746 | zone "secv6.your.domain" IN { 1747 | type master; 1748 | file "master/secv6.your.domain.rev"; 1749 | }; 1750 | 1751 | zone "secv6.int" IN { 1752 | type master; 1753 | file "master/secv6.int.rev"; 1754 | }; 1755 | 1756 | zone "secv6.arpa" IN { 1757 | type master; 1758 | file "master/secv6.arpa.rev"; 1759 | }; 1760 | 1761 | zone "b.a.1.0.8.b.d.0.1.0.0.2.ip6.arpa" 1762 | { 1763 | type master; 1764 | notify no; 1765 | file "/etc/bind/b.a.1.0.8.b.d.0.1.0.0.2.ip6.arpa"; 1766 | }; 1767 | 1768 | zone "example.org" { type master; file "org.example"; }; 1769 | zone "home.example.org" { type master; file "org.example.home"; }; 1770 | 1771 | zone "_._._._.0.0.4.0.8.1.6.0.1.0.0.2.IP6.ARPA" { 1772 | type master; file "ARPA.IP6.2001-0618-0400-____--"; }; 1773 | zone "_._._._.0.0.4.0.8.1.6.0.1.0.0.2.IP6.INT" { 1774 | type master; file "ARPA.IP6.2001-0618-0400-____--"; }; 1775 | 1776 | /////////////////////////////////////////////////////////////////////// 1777 | // purposely invalid syntax - begins 1778 | /////////////////////////////////////////////////////////////////////// 1779 | // purposely invalid syntax 1780 | 1; 1781 | oopsie ; 1782 | a; 1783 | no_such_statement; 1784 | aasdfasddfasdfasddfsadff; 1785 | acl // this is invalid 1786 | 1787 | x acl; // this is invalid 1788 | acl ; // this is invalid 1789 | acl{} // this is invalid 1790 | acl // this is invalid 1791 | acl { !}; // this is invalid 1792 | acl missing_Left_CurlyBrace oopsie; 1793 | acl missing_Right_CurlyBrace { ; // TODO Bug on missing right curly 1794 | acl link_local_with_zone_index_prefix { fe08/48%eth1; }; // this should fail 1795 | acl link_local_with_zone_index { fe80%eth1; }; // this fails (it's fe08, not fe80) 1796 | acl link_local_with_zone_index { fe08::8%eth0; }; // TODO this fails (missing 7) 1797 | acl link_local_with_zone_index { fd57:1d29:4f94:1:216:36ff:fe00:1%eth0; }; // valid? 1798 | acl link_local_with_zone_index { fe08::7:8:127.0.0.1%2; }; // valid? 1799 | 1800 | // purposely invalid syntax 1801 | controls /// TODO: needs to be a caught error in this syntax 1802 | controls { inet 1.1.1.1 port 70000 allow { 2.2.2.2; oopsie; { acl_name; }; }; }; // invalid 1803 | controls { unix a inet 1.1.1.1; inet unix ;}; // invalid 1804 | controls }; 1805 | controls { XXXt 1.1.1.1; }; // invalid 1806 | controls { fool inet *; }; // invalid 1807 | controls { unix "/var/run/named/resolver.sock" group 11 perm 0750 owner 101; }; // invalid 1808 | controls { unix "/var/run/named/resolver.sock" owner 11 perm 0750 group 101; }; // invalid 1809 | controls { inet 1.1.1.1 keys { asdfasdfasdf; } }; // invalid 1810 | controls { inet 1.1.1.1 keys { asdfasdfasdf; } read-only true; }; // invalid 1811 | 1812 | // purposely invalid syntax 1813 | // purposely invalid syntax 1814 | // purposely invalid syntax 1815 | // purposely invalid syntax 1816 | logging { 1817 | channel default { // comment line 1818 | null; 1819 | // intentional failures below 1820 | severity ; // TODO should have failed 1821 | severity debug 123 severity critical null; 1822 | severity info severity; 1823 | severity notice error; 1824 | severity warning error warning notice info debug; 1825 | severity error severity error; 1826 | severity critical severity null error warning notice info debug; 1827 | severity dynamic error warning notice info debug; 1828 | syslog oopsie; // invalid 1829 | }; 1830 | }; 1831 | 1832 | // purposely invalid syntax 1833 | masters ERRORS { mstr_name port 53 key key_name; }; // port not supported 1834 | masters MASTER_ERRORS { 1.1.1.1 port 12312353 key key; }; // port not valid 1835 | 1836 | // purposely invalid syntax 1837 | options // this is invalid 1838 | options; // this is invalid 1839 | spurious options { }; 1840 | options { 1841 | cookie-secret 0123"; // invalid 1842 | cookie-secret "YXZZ456789abcdef"; // invalid 1843 | dns64 fe08::1/5 { exclude { ::ffff:0000:0000/96; }; }; // this should work 1844 | dns64 fe08::1/5 { suffix ::; }; // default 1845 | query-source dscp 53; // invalid 1846 | listen-on-v6 { fe08::1; }; // ??? 1847 | }; 1848 | 1849 | // purposely invalid syntax 1850 | view view_error { 1851 | // purposely in wrong statement group 1852 | automatic-interface-scan yes; // only in options statement 1853 | pid-file "asdfasdfasdf"; // only in options statement 1854 | alt-transfer-source 2.2.2.2 1.1.1.1 port 2; // invalid 1855 | key key_name { algorithm SHA512-AES; 1856 | badsecret ASDASDASDASDASDAaDASaASDaSD;}; // 'badsecret' 1857 | in-view zone_name; // not allowed in view statement 1858 | }; 1859 | 1860 | // purposely invalid syntax 1861 | zone LOTS_OF_ZONE_ERRORS { 1862 | in-view zone_name; // this is ok, tests for working zone {} 1863 | recursive-only yes; // not allowed in zone 1864 | deny-answer-addresses { "example.net"; }; // not allowed in zone 1865 | deny-answer-addresses { acl_ntwk; }; // not allowed in zone 1866 | deny-answer-addresses { 123.123.123.123; }; // not allowed in zone 1867 | deny-answer-aliases { "example.net"; }; // not allowed in zone 1868 | deny-answer-aliases { acl_ntwk; }; // not allowed in zone 1869 | recursion yes; // not allowed in zone 1870 | allow-recursion { invalid; ; // not allowed in zone 1871 | allow-recursion-on { invalid; }; // not allowed in zone 1872 | allow-query-cache { invalid; }; // not allowed in zone 1873 | allow-query-cache-on { invalid; }; // not allowed in zone 1874 | check-wildcard yes; // not allowed in zone 1875 | clients-per-query 10; // not allowed in zone 1876 | attach-cache view_red; // not allowed in zone 1877 | avoid-v4-udp-ports { 9; }; // not allowed in zone 1878 | }; 1879 | /////////////////////////////////////////////////////////////////////// 1880 | // purposely invalid syntax - ends 1881 | /////////////////////////////////////////////////////////////////////// 1882 | 1883 | // set vim editor to do tabs at 4-char interval using spaces 1884 | // Crop off at 80-col 1885 | // vim: ts=4 sts=4 ts=4 1886 | -------------------------------------------------------------------------------- /test/example-named.conf: -------------------------------------------------------------------------------- 1 | // File: named.conf 2 | // Title: ISC Bind named configuration file: syntax exercise, full 3 | // Version: 9.17 4 | // C++-style inline comment 5 | /* C-style begin line comment 6 | An example C-style middle-line comment 7 | C-style end-line comment */ 8 | # bash-style inline comment 9 | // xxx TODO FIXME XXX 10 | // XxX 11 | include 'more_stuff'; // comment 12 | include "more_stuff"; # comment 13 | include "TODO nt_in_//comment line_filename"; 14 | include "_comment_in_/* comment line */filename"; 15 | include "comment_in_#comment line/filename"; 16 | include "quote_in_filename"; 17 | include 'quote_\\'in\'_filename'; 18 | include quote_\in\_filename; 19 | include "a-z09[]`~!@#$%^&*()'_=+[]|\:'?><,./" ; 20 | include 'a-z09[]`~!@#$%^&*()"_=+[]|\:"?><,./'; 21 | include a-z09[]`~!@#$%^&*()'"=_+[]|\:'"?><,./; 22 | 23 | acl j { asdasdf ;}; 24 | acl j { ! 127.0.0.1; }; 25 | acl j{ }; // empty ACL 26 | acl k { none; any; { localhost; { any; none; }; }; }; 27 | acl k { none;}; 28 | acl l{ any; }; 29 | acl m { localhost ; }; 30 | acl n { localnets; } ; 31 | acl i { acl_name; }; 32 | acl e { 127.0.0.1; { 10.1.1.1; { 172.28.1.1; }; 1.1.1.1; }; }; 33 | acl any6 { ::127.0.0.1; }; 34 | acl any4 { 10.0.0.0/0; }; 35 | acl full_ip6 { 1111:222:333:4:5:6:7:8; }; 36 | acl full_ip6 { fd57:1d29:4f94:1:216:36ff:fe00:1; }; 37 | acl full_ip6 { fe80:0000:0000:0000:abcd:abcd:abcd:abcd; }; 38 | acl ip6_one { 1111::; }; 39 | acl ip6_two { 1111::1111; }; 40 | acl ip6_two { aa ; a; { ; }; 41 | // inline 42 | fe80::1; /* asdf */ }; // valid gateway IPv6 43 | acl ip6_three { 1111::222:1111; }; 44 | acl ip6_four { 1111::222:333:4; }; 45 | acl ip6_five { 1111::222:333:4:5; }; 46 | acl ip6_six { 1111::222:333:4:5:6; }; 47 | acl ip6_seven { 1111::222:333:4:5:6:7; }; 48 | acl ip6_seven { fe80::2016:3e11:1103:7524; }; 49 | acl ip6_seven { fe80::0:2016:3e11:1103:7524; }; 50 | acl ip6_seven { fe80:0::2016:3e11:1103:7524; }; 51 | acl ip6_seven { fe80::0:0:2016:3e11:1103:7524; }; 52 | acl ip6_seven { fe80:0::0:2016:3e11:1103:7524; }; 53 | acl ip6_seven { fe80:0:0::2016:3e11:1103:7524; }; 54 | acl ip6_seven { fe80:0:0:0:2016:3e11:1103:7524; }; 55 | acl link_local_with_zone_index { fe08::7:8%eth0; }; 56 | acl ip4_mapped_to_ip6 { ::8; }; 57 | acl double_colon_8 { ::3:4:5:6:7:8;}; 58 | acl ip4_mapped_to_ip6 { ::ffff:0:255.255.255.255; }; 59 | acl ip4_mapped_to_ip6 { ::ffff:255.255.255.255; }; 60 | acl ip4_mapped_to_ip6 { ::ffff:127.0.0.2; }; 61 | acl ip4_mapped_to_ip6 { ::ffff:0.0.0.0; }; 62 | acl ip4_embedded_ip6 { 2001:2::21.0.0.1; }; 63 | acl ip4_embedded_ip6 { 2001:2:3::21.0.0.1; }; 64 | acl ip4_embedded_ip6 { 64:2:3:4::192.0.2.33; }; 65 | acl ip4_mapped_to_ip6 { ::127.0.0.1; }; 66 | acl full_ip6_prefix { 1111:222:333:4:5:6:7:8/48; }; 67 | acl full_ip6_prefix { fd57:1d29:4f94:1:216:36ff:fe00:1/64; }; 68 | acl ip6_one_prefix { 1111::/48; }; 69 | acl ip6_one_prefix { ff00::/8; }; // IPv6 multicast 70 | acl ip6_two_prefix { 1111::1111/48; }; 71 | acl ip6_three_prefix { 1111::222:1111/48; }; 72 | acl ip6_four_prefix { 1111::222:333:4/48; }; 73 | acl ip6_five_prefix { 1111::222:333:4:5/48; }; 74 | acl ip6_six_prefix { 1111::222:333:4:5:6/48; }; 75 | acl ip6_seven_prefix { 1111::222:333:4:5:6:7/48; }; 76 | acl link_local_with_zone_index_prefix { fe08::7:8/48%eth0 ; }; 77 | acl link_local_with_zone_index { fd57:1d29:4f94:1:216:36ff:fe00:1/64; }; 78 | acl ip4_mapped_to_ip6_prefix { ::8/48; }; 79 | acl ip4_mapped_to_ip6_prefix { ::ffff:0:255.255.255.255/48; }; 80 | acl ip4_mapped_to_ip6_prefix { ::ffff:255.255.255.255/48; }; 81 | acl ip4_mapped_to_ip6_prefix { ::ffff:127.0.0.2/48; }; 82 | acl ip4_embedded_ip6_prefix { 2001:db8:3:4::21.0.0.1/48; }; 83 | acl ip4_embedded_ip6_prefix { 64:ff9b::192.0.2.33/48; }; 84 | acl double_colon_8_prefix { ::3:4:5:6:7:8/48;}; 85 | acl _ip4_mapped_to_ip6_prefix { ::127.0.0.1/48; }; 86 | 87 | acl k { ! none; }; 88 | acl l { ! any; }; 89 | acl m { ! localhost ; }; 90 | acl n { ! localnets; } ; 91 | acl i { ! acl_name; }; 92 | acl e { ! 127.0.0.1; }; 93 | acl any6 { ! ::127.0.0.1; }; 94 | acl any4 { ! 0.0.0.0/0; }; 95 | acl full_ip6 { ! 1111:222:333:4:5:6:7:8; }; 96 | acl full_ip6 { ! fd57:1d29:4f94:1:216:36ff:fe00:1; }; 97 | acl full_ip6 { ! fe80:0000:0000:0000:abcd:abcd:abcd:abcd; }; 98 | acl ip6_one { ! 1111::; }; 99 | acl ip6_two { ! 1111::1111; }; 100 | acl ip6_two { ! fe80::1; }; // valid gateway IPv6 101 | acl ip6_three { ! 1111::222:1111; }; 102 | acl ip6_four { ! 1111::222:333:4; }; 103 | acl ip6_five { ! 1111::222:333:4:5; }; 104 | acl ip6_six { ! 1111::222:333:4:5:6; }; 105 | acl ip6_seven { ! 1111::222:333:4:5:6:7; }; 106 | acl ip6_seven { ! fe80::2016:3e11:1103:7524; }; 107 | acl ip6_seven { ! fe80::0:2016:3e11:1103:7524; }; 108 | acl ip6_seven { ! fe80:0::2016:3e11:1103:7524; }; 109 | acl ip6_seven { ! fe80::0:0:2016:3e11:1103:7524; }; 110 | acl ip6_seven { ! fe80:0::0:2016:3e11:1103:7524; }; 111 | acl ip6_seven { ! fe80:0:0::2016:3e11:1103:7524; }; 112 | acl ip6_seven { ! fe80:0:0:0:2016:3e11:1103:7524; }; 113 | acl link_local_with_zone_index { ! fe08::7:8%eth0; }; 114 | acl ip4_mapped_to_ip6 { ! ::8; }; 115 | acl double_colon_8 { ! ::3:4:5:6:7:8;}; 116 | acl ip4_mapped_to_ip6 { ! ::ffff:0:255.255.255.255; }; 117 | acl ip4_mapped_to_ip6 { ! ::ffff:255.255.255.255; }; 118 | acl ip4_mapped_to_ip6 { ! ::ffff:127.0.0.2; }; 119 | acl ip4_mapped_to_ip6 { ! ::ffff:0.0.0.0; }; 120 | acl ip4_embedded_ip6 { ! 2001:2::21.0.0.1; }; 121 | acl ip4_embedded_ip6 { ! 2001:2:3::21.0.0.1; }; 122 | acl ip4_embedded_ip6 { ! 64:2:3:4::192.0.2.33; }; 123 | acl ip4_mapped_to_ip6 { ! ::127.0.0.1; }; 124 | acl full_ip6_prefix { ! 1111:222:333:4:5:6:7:8/48; }; 125 | acl full_ip6_prefix { ! fd57:1d29:4f94:1:216:36ff:fe00:1/64; }; 126 | acl ip6_one_prefix { ! 1111::/48; }; 127 | acl ip6_one_prefix { ! ff00::/8; }; // IPv6 multicast 128 | acl ip6_two_prefix { ! 1111::1111/48; }; 129 | acl ip6_three_prefix { ! 1111::222:1111/48; }; 130 | acl ip6_four_prefix { ! 1111::222:333:4/48; }; 131 | acl ip6_five_prefix { ! 1111::222:333:4:5/48; }; 132 | acl ip6_six_prefix { ! 1111::222:333:4:5:6/48; }; 133 | acl ip6_seven_prefix { ! 1111::222:333:4:5:6:7/48; }; 134 | acl link_local_with_zone_index_prefix { ! fe08::7:8/48%eth0 ; }; 135 | acl link_local_with_zone_index { ! fd57:1d29:4f94:1:216:36ff:fe00:1/64; }; 136 | acl ip4_mapped_to_ip6_prefix { ! ::8/48; }; 137 | acl ip4_mapped_to_ip6_prefix { ! ::ffff:0:255.255.255.255/48; }; 138 | acl ip4_mapped_to_ip6_prefix { ! ::ffff:255.255.255.255/48; }; 139 | acl ip4_mapped_to_ip6_prefix { ! ::ffff:127.0.0.2/48; }; 140 | acl ip4_embedded_ip6_prefix { ! 2001:db8:3:4::21.0.0.1/48; }; 141 | acl ip4_embedded_ip6_prefix { ! 64:ff9b::192.0.2.33/48; }; 142 | acl double_colon_8_prefix { ! ::3:4:5:6:7:8/48;}; 143 | acl _ip4_mapped_to_ip6_prefix { ! ::127.0.0.1/48; }; 144 | 145 | acl internal-net { 146 | 127.0.0.1; 147 | 1.2.3.0/24; 148 | 2001:0db8:100::/56; 149 | ::1; 150 | any; 151 | localhost; 152 | ! localnets; 153 | none; 154 | ::ffff:1.2.3.0; 155 | }; 156 | acl ns-internal-net { 157 | 1.2.3.4; 158 | 1.2.3.5; 159 | ! 2001:0db8:100::4/128; 160 | 2001:0db8:100::5/128; 161 | }; 162 | 163 | acl internal_home_ntwk_in6 { fe80::216:3eff:fe03:7524; }; 164 | acl internal_home_ntwk_in6 { fd57:1d29:4f94:1:216:36ff:fe00:1/64; }; 165 | acl internal_home_ntwk { 166 | internal_home_cable-ntwk; 167 | 192.168.1.0/24; 168 | fd57:1d29:4f94:1:216:36ff:fe00:1/64; 169 | }; 170 | acl internal_cable_ntwk { 192.168.2.0; 192.168.1.0/24; }; 171 | acl nexted_acl { internal_cable_ntwk; internal_home_cable; }; 172 | acl _a_i-nternal_vps_ntwk 173 | ! { 174 | 192.168.3.0; 175 | acl_vps_ntwk; 176 | { 177 | 1111:2:3:4::192.168.5.1; 178 | 192.168.4.0/24; 179 | ! { 180 | ! 5.1.1.1; 181 | }; 182 | }; 183 | }; 184 | 185 | controls{ }; 186 | controls { }; 187 | controls { inet 1.1.1.1 allow { 2.2.2.2; }; }; 188 | controls { inet acl_internal_ntwk allow { 2.2.2.2; } keys { asdfasdfasdf; }; }; 189 | controls { inet 1.1.1.1 allow { 2.2.2.2; } read-only true; }; 190 | controls { inet 1.1.1.1 allow { 2.2.2.2; } keys { asdfasdfasdf; } 191 | read-only true; }; 192 | controls { inet 1.1.1.1 port 123 allow { 2.2.2.2; }; }; 193 | controls { inet 1.1.1.1 port * allow { 2.2.2.2; }; }; 194 | controls { inet 1.1.1.1 port * allow { 2.2.2.2; } read-only False; }; 195 | controls { inet 1.1.1.1 port 123 allow { 2.2.2.2; oopsie; { acl_name; }; }; }; 196 | controls { inet 1.1.1.1 allow { int_home_ntwk; }; }; 197 | controls { inet 1.1.1.1 allow { int_cable_ntwk; } keys { asdfasdfasdf; }; }; 198 | controls { inet 1.1.1.1 allow { acl_vps_ntwk; } read-only true; }; 199 | controls { inet 1.1.1.1 allow { acl_home_1; } keys { asdfasdfasdf; } read-only true; }; 200 | controls { inet 1.1.1.1 port 123 allow { acl_private_2; }; }; 201 | controls { inet 1.1.1.1 port * allow { acl_vpn_3; }; }; 202 | controls { inet 1.1.1.1 port * allow { acl_name4; } read-only False; }; 203 | controls { inet 1.1.1.1 port 123 allow { acl-name5; oopsie; { acl_name; }; }; }; 204 | // TODO: namedIP6Addr is still borked in "controls { inet ... };" 205 | controls { inet fe08::7:8:127.0.0.1 allow { fe08:2:3:4:5:6:7:8; }; }; 206 | controls { inet fe08::7:8:127.0.0.1 allow { fe08::; } keys { asdfasdfasdf; }; }; 207 | controls { inet fe08::7:8:127.0.0.1 allow { fe08::7:8; } read-only true; }; 208 | controls { inet fe08::7:8:127.0.0.1 allow { fe80::1; } keys { asdfasdfasdf; } read-only true; }; 209 | controls { inet fe08::7:8:127.0.0.1 port 123 allow { fe08:2::8; }; }; 210 | controls { inet fe08::7:8:127.0.0.1 port * allow { fe08:2:3::8; }; }; 211 | controls { inet fe08::7:8:127.0.0.1 port * allow { 1134:2:3:4::127.0.0.1; } read-only False; }; 212 | controls { inet fe08::7:8:127.0.0.1 port 123 allow { 2001:0:0:0:0:0:0:8; oopsie; { acl_name; }; }; }; 213 | controls { inet fe08::7:8:127.0.0.1 port 123 allow { 2020::8; oopsie; { acl_name; }; }; }; 214 | controls { inet * allow { fe08:2:3:4:5:6:7:8; }; }; 215 | controls { inet * allow { 127.0.0.1; } keys { asdfasdfasdf; }; }; 216 | controls { inet * allow { fe08::7:8; } read-only true; }; 217 | controls { inet * allow { fe80::1; } keys { asdfasdfasdf; } read-only true; }; 218 | controls { inet * port 65535 allow { fe08:2::8; }; }; 219 | controls { inet * port * allow { fe08:2:3::8; }; }; 220 | controls { inet * port * allow { fe08::2.2.2.2; } read-only False; }; 221 | controls { inet * port 1 allow { 2001:0:0:0:0:0:0:8; oopsie; { acl_name; }; }; }; 222 | controls { inet * port 123 allow { 2020::8; oopsie; { acl_name; }; }; }; 223 | // comment 224 | controls 225 | { 226 | include "asdfasddfasdf"; 227 | // comment 228 | inet 229 | 1.1.1.1 230 | port 231 | 123 232 | allow 233 | { 234 | include "asdfasddfasdf"; 235 | // comment 236 | 2.2.2.2; 237 | include "asdfasddfasdf"; 238 | // comment 239 | oopsie; 240 | // comment 241 | include "asdfasddfasdf"; 242 | }; 243 | // comment 244 | include "asdfasddfasdf"; 245 | } ; // comment 246 | include "asdfasddfasdf"; 247 | // comment 248 | controls { unix /run/named/resolver.sock perm 0750 owner 11 group 101; }; 249 | controls { unix '/var/run/named/resolver.sock' perm 0750 owner 11 group 101; }; 250 | controls { unix "/var/run/named/resolver.sock" perm 0750 owner 11 group 101 keys { key_name1; key_name2; }; }; 251 | controls { unix "/v ar/run/named/resolver.sock" perm 0750 owner 11 group 101 read-only True; }; 252 | controls { unix "/var/run/named/resolver.sock" perm 0750 owner 11 group 101 keys { key_name1; key_name2; } read-only false; }; 253 | controls { unix "a-z 09[]`~!@#$%^&*()_+{}[]|\:;'?><,./" perm 0750 owner 11 group 101; }; 254 | controls { unix 'a-z 09[]`~!@#$%^&*()_+{}[]|\:;?><,./' perm 0750 owner 11 group 101; }; 255 | controls { unix a-z09[]'"`~!@#$%^&*()_+[]|\:?><,./ perm 0750 owner 11 group 101; }; 256 | 257 | dlz dlz_name { database "string" search yes; }; 258 | dlz example { 259 | search yes; 260 | database "dlopen driver.so args"; 261 | }; 262 | dlz other { 263 | database "dlopen driver.so args"; 264 | search no; 265 | }; 266 | 267 | dnssec-keys { 268 | }; 269 | 270 | dyndb string "quoted_string" { unspecified text }; 271 | dyndb example "/usr/lib/mydriver[1, 2];_/driver.so" { 272 | parameters 273 | }; 274 | dyndb sample "sample.so" { example.nil. arpa. }; 275 | 276 | key key_name { algorithm SHA512-AES; secret ASDASDASDASDASDAaDASaASDaSD;}; 277 | key my_secret_name { algorithm SHA256-AES-CDC; secret ASDASDASDASDASDASDASDASDASD; }; 278 | key my_secret_name { algorithm SHA512-AES; secret ASDASDASDASDASDASDASDASDASD; }; 279 | 280 | logging { }; 281 | logging { 282 | channel default { // comment line 283 | null; 284 | stderr; 285 | buffered true; 286 | buffered 1; 287 | file "/var /log/pittance.log"; ; ;;;; 288 | file '/var/log/pitt ance.log'; ; ;;;; 289 | file /var/log/pittance.log versions unlimited; 290 | file "/var/log/pittance.log" versions 14; 291 | file "/var/log/pittance.log" size 14; 292 | file "/var/log/pittance.log" suffix increment; 293 | file "/var/log/pittance.log" suffix timestamp; 294 | file "az09[]`~!@#$%^&*()' _+ {}[]|\:;'?><,./"; 295 | file 'az09[]`~!@#$%^&*()" _+ {}[]|\:;"?><,./'; 296 | file az09[]`~!@#$%^&*()'"_+[]|\:'"?><,./; 297 | print-category true; 298 | print-severity true; 299 | print-time iso8601 ; 300 | print-time iso8601-utc ; 301 | print-time local; 302 | print-time TRUE; 303 | severity debug; 304 | severity debug 23335; 305 | severity info ; 306 | severity notice; 307 | severity warning ; 308 | severity error ; 309 | severity critical; 310 | severity dynamic; 311 | syslog kern; 312 | syslog user; 313 | syslog mail; 314 | syslog daemon; 315 | syslog auth; 316 | syslog syslog; 317 | }; 318 | channel named_file { 319 | file "/_%/log/bind/named.log" versions 3 size 5m; 320 | file '/_-%var/log/bind/named.log' versions 3 size 5m; 321 | file /%-_var/log/bind/named.log versions 3 size 5m; 322 | severity dynamic; 323 | print-time yes; 324 | print-severity true; 325 | print-category true; 326 | }; 327 | channel database_file { 328 | file "/var/log/bind/database.log" versions 3 size 5m; 329 | severity dynamic; 330 | print-time yes; 331 | print-severity true; 332 | print-category true; 333 | }; 334 | channel security_file { 335 | file "/var/log/bind/security.log" versions 3 size 5m; 336 | severity dynamic; 337 | print-time yes; 338 | print-severity true; 339 | print-category true; 340 | }; 341 | channel resolver_file { 342 | file "/var/log/bind/resolver.log" versions 3 size 5m; 343 | severity dynamic; 344 | print-time yes; 345 | print-severity true; 346 | print-category true; 347 | }; 348 | channel transfer_file { 349 | file "/var/log/bind/transfer.log" versions 3 size 5m; 350 | severity dynamic; 351 | print-time yes; 352 | print-severity true; 353 | print-category true; 354 | }; 355 | channel client_file { 356 | /* */ 357 | file "/var/log/bind/client.log" suffix increment size 5G versions unlimited ; 358 | file "/var/log/bind/client.log" size 5m versions 10; 359 | file "/var/log/bind/client.log" versions unlimited size 5m; 360 | severity dynamic; 361 | print-time yes; 362 | print-severity true; 363 | print-category true; 364 | }; 365 | channel unmatched_file { 366 | file "/var/log/bind/unmatched.log" versions 3 size 5m; 367 | severity dynamic; 368 | print-time yes; 369 | print-severity true; 370 | print-category true; 371 | }; 372 | channel queries_file { 373 | file "/var/log/bind/queries.log" versions 3 size 5m; 374 | severity dynamic; 375 | print-time yes; 376 | print-severity true; 377 | print-category true; 378 | }; 379 | channel query-errors_file { 380 | file "/var/log/bind/query-errors.log" versions 3 size 5m; 381 | severity dynamic; 382 | print-time yes; 383 | print-severity true; 384 | print-category true; 385 | }; 386 | channel network_file { 387 | file "/var/log/bind/network.log" size 5G versions 10; 388 | severity dynamic; 389 | print-time yes; 390 | print-severity true; 391 | print-category true; 392 | }; 393 | channel update_file { 394 | file "/var/log/bind/update.log" versions 3 size 5m; 395 | severity dynamic; 396 | print-time yes; 397 | print-severity true; 398 | print-category true; 399 | }; 400 | channel update-security_file { 401 | file "/var/log/bind/update-security.log" versions 3 size 5m; 402 | severity dynamic; 403 | print-time yes; 404 | print-severity true; 405 | print-category true; 406 | }; 407 | channel dispatch_file { 408 | file "/var/log/bind/dispatch.log" versions 3 size 5m; 409 | severity dynamic; 410 | print-time yes; 411 | print-severity true; 412 | print-category true; 413 | }; 414 | channel dnssec_file { 415 | file "/var/log/bind/dnssec.log" versions 3 size 5m; 416 | severity dynamic; 417 | print-time yes; 418 | print-severity true; 419 | print-category true; 420 | }; 421 | channel lame-servers_file { 422 | file "/var/log/bind/lame-servers.log" versions 3 size 5m; 423 | severity dynamic; 424 | print-time yes; 425 | print-severity true; 426 | print-category true; 427 | }; 428 | channel delegation-only_file { 429 | file "/var/log/bind/delegation-only.log" versions 3 size 5m; 430 | severity dynamic; 431 | print-time yes; 432 | print-severity true; 433 | print-category true; 434 | }; 435 | channel rate-limit_file { 436 | file "/var/log/bind/rate-limit.log" versions 3 size 5m; 437 | severity dynamic; 438 | print-time yes; 439 | print-severity true; 440 | print-category true; 441 | }; 442 | category client { client_file; }; 443 | category cname { null; }; 444 | category config { named_file; }; 445 | category custom-name2 { null; }; 446 | category database{ database_file; }; 447 | category default { default_syslog; named_file;}; 448 | category delegation-only { delegation-only_file; }; 449 | category dispatch { null; }; 450 | category dnssec { dnssec_file; }; 451 | category dnstap { null; }; 452 | category edns-disabled { null; }; 453 | category general { default_syslog; named_file; }; 454 | category lame-servers { lame-servers_file; }; 455 | category network { null; }; 456 | category notify { transfer_file; }; 457 | category nsid { null; }; 458 | category queries { queries_file; }; 459 | category query-errors { null; }; 460 | category rate-limit { rate-limit_file; }; 461 | category resolver { resolver_file; }; 462 | category rpz { null; }; 463 | category security { 464 | security_file; 465 | default_syslog; 466 | default_debug; 467 | }; 468 | category serve-stale { null; }; 469 | category spill { null; }; 470 | category trust-anchor-telemetry { null; }; 471 | category unmatched { null; }; 472 | category update { null; }; 473 | category update-security { null; }; 474 | category xfer-in { transfer_file; }; 475 | category xfer-out { transfer_file; }; 476 | category zoneload { null; }; 477 | }; 478 | 479 | managed-keys { }; 480 | managed-keys { oopsie asdf 8 0 1 "asdfasddfasddfasf"; }; 481 | // TODO: Key secret has errors in them 482 | managed-keys { domain.name initial-key 8 1 2 "ab+cd/defet=="; 483 | }; 484 | managed-keys { 485 | asdf asdf 4 0 1 "keysecret=="; 486 | asdf asdf 8 0 1 "asdfasddfasddfasf"; 487 | }; 488 | 489 | masters empty_master { }; 490 | masters master_name { masters_nickname; }; 491 | masters master_name { 127.0.0.1; }; 492 | masters master_name { 1.1.1.1 key key_name; }; 493 | masters master_name { 1.1.1.1 port 65535; }; 494 | masters master_name{ 1.1.1.1 port 55 key XXX_name; }; 495 | masters master_name { fe08::7:8:127.0.0.1; }; 496 | masters master_name { fe08::7:8:127.0.0.1 key key_name; }; 497 | masters master_name { fe08::7:8:127.0.0.1 port 65535; }; 498 | masters master_name { fe08::7:8:127.0.0.1 port 65535 key XXX_key_name; }; 499 | masters master_name port 65535 { masters_nickname;}; 500 | masters master_name dscp 53 port 53 { masters_nickname; }; 501 | masters master_name port 53 dscp 53 { masters_nickname; }; 502 | masters master_name port 15 dscp 53 { masters_nickname key key_name; }; 503 | masters master_name dscp 1 { masters_nickname; }; 504 | masters master_name dscp 63 { masters_nickname; }; 505 | masters master_name { master_nickname key key_name ; }; 506 | masters master_name { masters_nickname; /* comment */; 1.1.1.1; 1.1.1.1 key key_name;}; 507 | masters master_name { 508 | /* comment */ 509 | one; }; 510 | masters master_name { 511 | masters_nickname; 512 | 1.1.1.1; /* my comments */ 513 | 1.1.1.1 key key_name; 514 | }; 515 | 516 | options { }; 517 | options 518 | { 519 | acache-cleaning-interval 12; // obsoleted 520 | /* asdf */ 521 | acache-enable true; // obsoleted 522 | additional-from-auth true; // obsoleted 523 | additional-from-cache true; // obsoleted 524 | 525 | allow-new-zones yes; 526 | 527 | allow-notify { 1.1.1.1; }; 528 | allow-notify ! { ! 1.1.1.1; }; 529 | 530 | allow-notify { ! 1.1.1.1; }; 531 | allow-query ! { 1.1.1.1; { 127.0.0.1; }; }; 532 | allow-query-cache { 127.0.0.1; }; 533 | 534 | 535 | allow-query-cache { ! 127.0.0.1 ; }; 536 | 537 | # allow-query-cache { { 127.0.0.1 ; }; }; // TODO Do we want to fix this? 538 | # allow-query-cache { { { 127.0.0.1 ; }; }; }; 539 | allow-query-cache { 127.0.0.1; 127.0.0.1; 1.1.1.1; }; 540 | allow-query-cache {127.0.0.1; !{ !127.0.0.1;};}; 541 | allow-query-cache {!{1.1.1.1;{{3.3.3.3;}; ! 2.2.2.2;};};127.0.0.1;}; 542 | allow-query-cache {!{1.1.1.1;{{3.3.3.3;}; ! 2.2.2.2;};};127.0.0.1;}; 543 | allow-query-cache { 127.0.0.1; { 1.1.1.1; }; }; 544 | allow-query-cache { 127.0.0.1; { 1.1.1.1; }; 127.0.0.1; }; 545 | allow-query-cache { 127.0.0.1; { 1.1.1.1; }; 127.0.0.1; { 127.1.1.1; }; }; 546 | allow-query-cache { !{ 1.1.1.1; }; 127.0.0.1; ! { 127.1.1.1; }; }; 547 | allow-query-cache-on { 1.1.1.1; }; 548 | allow-query-on { 1.1.1.1; }; 549 | allow-recursion { 1.1.1.1; }; 550 | allow-recursion-on { 1.1.1.1; }; 551 | allow-transfer {1.1.1.1;}; 552 | allow-update {1.1.1.1;}; 553 | allow-update-forwarding {1.1.1.1;}; 554 | #allow-v6-synthesis a6; 555 | also-notify { master_name; 123.123.123.123; 2.2.2.2; fe80::1; }; 556 | alt-transfer-source 2.2.2.2 port * dscp 3; 557 | alt-transfer-source-v6 ffff:13::1 port * dscp 3; 558 | answer-cookie yes; 559 | attach-cache red_view; 560 | auth-nxdomain yes; 561 | auto-dnssec off; 562 | automatic-interface-scan yes; 563 | avoid-v4-udp-ports { *; }; 564 | avoid-v4-udp-ports { 9; }; 565 | avoid-v4-udp-ports { 9; 11; 12; 13; 14; }; 566 | avoid-v6-udp-ports { 9; 11; 12; 13; 14; }; 567 | bindkeys-file "/etc/bind/keys-file"; 568 | blackhole { key_id-name[1]1<1>; acl_name; 1.1.1.1; }; 569 | cache-file "/etc/bind/cache-file"; 570 | catalog-zones { zone red_zone; }; 571 | catalog-zones { 572 | zone "catalog.example" 573 | default-masters { 10.53.0.1; master_name; } 574 | zone-directory "catzones" 575 | min-update-interval 10; 576 | in-memory no 577 | }; 578 | catalog-zones { zone "catalog.example"; }; 579 | check-dup-records warn; 580 | check-integrity yes; 581 | check-mx fail; 582 | check-mx-cname ignore; 583 | check-names primary warn; 584 | check-names secondary fail; 585 | check-names response ignore; 586 | check-names master ignore; 587 | check-names slave ignore; 588 | check-sibling yes; 589 | check-spf fail; 590 | #check-srv-cnames fail; 591 | check-wildcard yes; 592 | #cleaning-interval 1440; 593 | clients-per-query 0 ; 594 | cookie-algorithm sha1; 595 | cookie-secret "0123456789abcDef"; 596 | cookie-secret "0123456789aBcDeF0123"; 597 | cookie-secret "0123456789abcdef0123456789abcdef"; 598 | coresize 123; 599 | coresize unlimited; 600 | coresize default; 601 | datasize 123; 602 | datasize default; 603 | datasize unlimited; 604 | deny-answer-addresses { "example.net"; }; 605 | deny-answer-addresses { acl_ntwk; }; 606 | deny-answer-addresses { 123.123.123.123; }; 607 | deny-answer-addresses { 123.123.123.123; } except from { "localhost"; 1.2.3.4; }; 608 | deny-answer-addresses { 123.123.123.123; } 609 | except from { 610 | "localhost"; 611 | 1.2.3.4; 612 | }; 613 | deny-answer-aliases { "example.net"; }; 614 | deny-answer-aliases { acl_ntwk; }; 615 | deny-answer-aliases { "example.org"; } except from { "localhost"; 1.2.3.4; }; 616 | deny-answer-aliases { "cname.example.com."; } 617 | except from { 618 | "localhost"; 619 | 1.2.3.4; 620 | }; 621 | dialup passive; 622 | dialup true; 623 | directory '/etc/bind'; 624 | disable-algorithms some_name { some_algo; some_algo2; }; 625 | disable-algorithms "some_name" { some_algo; }; 626 | disable-ds-digests some_name { some_algo; }; 627 | dns64 fe08::1/5 { break-dnssec no; }; // default 628 | dns64 fe08::1/5 { clients { any; }; }; // default 629 | dns64 fe08::1/5 { exclude { ::ffff:0.0.0.0/96; }; }; // default 630 | dns64 fe08::1/5 { mapped { any; }; }; // default 631 | dns64 fe08::1/5 { recursive-only no; }; // default 632 | dns64 fe08::1/5 { 633 | break-dnssec yes; 634 | recursive-only no; 635 | suffix ::ffff:0.0.0.0/96; 636 | exclude { ff::; }; 637 | mapped { none; }; 638 | recursive-only yes; 639 | }; 640 | dns64-contact "test.example.org"; 641 | dns64-server 'test.example.net.'; 642 | dnskey-sig-validity 1; 643 | dnsrps-enable yes; 644 | dnsrps-options { 'asdfasddfasdf'; }; 645 | dnsrps-options { "asdfasddfasdf"; }; 646 | dnssec-accept-expired yes; 647 | dnssec-dnskey-kskonly no; 648 | #dnssec-enable True; 649 | dnssec-loadkeys-interval 0; 650 | #dnssec-lookaside no; 651 | #dnssec-lookaside auto; 652 | #dnssec-lookaside domain trust-anchor key_namename; 653 | #dnssec-lookaside my-domain.edu trust-anchor keyname; 654 | #dnssec-lookaside www_3.my-domain.edu trust-anchor keyname; 655 | dnssec-must-be-secure "aa_sr_v.example.org" yes; 656 | dnssec-must-be-secure 'aa_sr_v.example.org' yes; 657 | dnssec-must-be-secure aa_sr_v.example.org yes; 658 | dnssec-secure-to-insecure no; 659 | dnssec-update-mode maintain; 660 | dnssec-validation auto; 661 | dnstap { all response; }; 662 | dnstap { all query; }; 663 | dnstap-identity none; 664 | dnstap-identity hostname; 665 | dnstap-identity "example.com"; 666 | dnstap-identity 'example.com'; 667 | dnstap-identity example.com; 668 | dnstap-output unix quotedstring size unlimited version unlimited suffix increment; 669 | dnstap-output 670 | unix quotedstring 671 | size unlimited 672 | version unlimited 673 | #suffix increment; 674 | dnstap-output 675 | file "/var/run/bind/dnstap-out.sock" 676 | size unlimited 677 | version unlimited 678 | #suffix increment; 679 | dnstap-version none; 680 | dnstap-version quoted_string; 681 | dscp 63; 682 | dual-stack-servers { example.com; } ; 683 | dual-stack-servers port 123 {example.com ;} ; 684 | dual-stack-servers { example.com port 11111; }; 685 | dual-stack-servers { example.com port *; }; 686 | dual-stack-servers port * { 2.2.2.2; }; 687 | dual-stack-servers port 1 { 2.2.2.2 port 5; }; 688 | dual-stack-servers port 80 { example.com.; }; 689 | dual-stack-servers port 443 { example.com.; }; 690 | dump-file 'asdfasdfasdf'; 691 | edns-udp-size 512; 692 | empty-contact "string"; 693 | empty-server string; 694 | #empty-zone-enable yes; 695 | fetch-glue true; 696 | fetch-quota-params 1 1.1 1.1 1.1; 697 | fetches-per-server 50 fail; 698 | fetches-per-zone 50 fail; 699 | files default; 700 | files 123; 701 | flush-zones-on-shutdown yes; 702 | forward only; 703 | forwarders { 1.1.1.1; }; 704 | forwarders { fe08::1; }; 705 | forwarders port 15 dscp 53 { 1.1.1.1 port 53 dscp 53; }; 706 | fstrm-set-buffer-hint 1; 707 | fstrm-set-flush-timeout 0; 708 | fstrm-set-input-queue-size 0; 709 | fstrm-set-output-notify-threshold 53; 710 | fstrm-set-output-queue-model mpsc; 711 | fstrm-set-output-queue-size 1; 712 | fstrm-set-reopen-interval 63; 713 | geoip-directory '/usr/share/lib/geoip'; 714 | glue-cache yes; 715 | heartbeat-interval 40320; 716 | hostname none; 717 | inline-signing yes; 718 | interface-interval 40320; 719 | ixfr-from-differences primary; 720 | keep-response-order { 1.1.1.1; }; 721 | key-directory "/etc/bind/keys"; 722 | lame-ttl 35600; 723 | listen-on { 192.168.1.1; }; 724 | include "/var/lib/dhcp/bind-listen-on-named.conf"; 725 | listen-on { 726 | include "/var/lib/dhcp/bind-listen-on-ip.conf"; 727 | }; 728 | listen-on { 729 | include "/var/lib/dhcp/bind-listen-on-ip.conf"; 730 | ; 731 | }; 732 | listen-on-v6 { ff08::1; }; 733 | lmdb-mapsize 15M; 734 | managed-keys-directory '/etc/bind/keys'; 735 | masterfile-format map; 736 | masterfile-style relative; 737 | match-mapped-addresses yes; 738 | max-cache-size 15G; 739 | max-cache-ttl 63; 740 | max-clients-per-query 1440; 741 | max-ixfr-log-size unlimited; 742 | max-journal-size 15G; 743 | max-ncache-ttl 63; 744 | max-records 63; 745 | max-recursion-depth 63; 746 | max-recursion-queries 63; 747 | max-refresh-time 63; 748 | max-retry-time 63; 749 | max-rsa-exponent-size 7; 750 | max-stale-ttl 63; 751 | max-transfer-idle-in 100; 752 | max-transfer-idle-out 100; 753 | max-transfer-time-in 100; 754 | max-transfer-time-out 100; 755 | max-udp-size 1490; 756 | max-zone-ttl 123123; 757 | max-zone-ttl unlimited; 758 | memstatistics yes; 759 | memstatistics-file "/var/bind/memstatistics"; 760 | message-compression no; 761 | min-cache-ttl 63; 762 | min-ncache-ttl 63; 763 | min-refresh-time 63; 764 | min-retry-time 63; 765 | minimal-any no; 766 | minimal-responses True; 767 | minimal-responses yes; 768 | minimal-responses no-auth; 769 | multi-master no; 770 | named-xfer "/var/lib/bind9/named.xfer"; 771 | new-zones-directory "/var/lib/bind/newzones/"; 772 | no-case-compress { 1.1.1.1; }; 773 | nocookie-udp-size 1490; 774 | notify explicit; 775 | notify True; 776 | notify-delay 15; 777 | notify-rate 15; 778 | notify-source 1.1.1.1 port * dscp 63; 779 | notify-source-v6 fe08::1 port * dscp 63; 780 | notify-source-v6 fe08::1.1.1.1 port * dscp 63; 781 | notify-to-soa yes; 782 | nta-lifetime 63; 783 | nta-recheck 63; 784 | nxdomain-redirect string; 785 | pid-file '/run/named/named.pid'; 786 | port 53; 787 | preferred-glue A; 788 | preferred-glue AAAA; 789 | prefetch 53; 790 | prefetch 53 53; 791 | provide-ixfr yes; 792 | qname-minimization off; 793 | query-source 1.1.1.1; 794 | query-source 1.1.1.1 port *; 795 | query-source 1.1.1.1 port 53; 796 | query-source 1.1.1.1 dscp 53; 797 | query-source 1.1.1.1 port * dscp 53; 798 | query-source address 1.1.1.1 port * dscp 53; 799 | query-source address 1.1.1.1; 800 | query-source address 1.1.1.1 port *; 801 | query-source address 1.1.1.1 port 53; 802 | query-source address 1.1.1.1 dscp 53; 803 | query-source address 1.1.1.1 port * dscp 53; 804 | query-source port *; 805 | query-source port 53; 806 | query-source port 53 dscp 53; 807 | query-source port * dscp 53; 808 | query-source-v6 ff08::1 port * dscp 53; 809 | query-source-v6 1:2:3:4:5:6:7:1; 810 | query-source-v6 1:2:4::8 port *; 811 | query-source-v6 1:2:4::8 port 53; 812 | query-source-v6 1:2:4::8 dscp 53; 813 | query-source-v6 1:2:4::8 port * dscp 53; 814 | query-source-v6 address 1:2:4::8 port * dscp 53; 815 | query-source-v6 address 1:2:4::8; 816 | query-source-v6 address 1:2:4::8 port *; 817 | query-source-v6 address 1:2:4::8 port 53; 818 | query-source-v6 address 1:2:4::8 dscp 53; 819 | query-source-v6 address 1:2:4::8 port * dscp 53; 820 | query-source-v6 port *; 821 | query-source-v6 port 53; 822 | query-source-v6 port 53 dscp 53; 823 | query-source-v6 port * dscp 53; 824 | querylog yes; 825 | random-device "/dev/urandom"; 826 | random-device none; 827 | rate-limit { all-per-second 15; 828 | errors-per-second 15; 829 | exempt-clients { 1.1.1.1; }; 830 | ipv4-prefix-length 12; 831 | ipv6-prefix-length 96; 832 | log-only no; 833 | max-table-size 63; 834 | min-table-size 63; 835 | nodata-per-second 63; 836 | nxdomains-per-second 63; 837 | qps-scale 5; 838 | referrals-per-second 15; 839 | responses-per-second 15; 840 | slip 15; 841 | window 15; 842 | }; 843 | recursing-file "/var/lib/bind/recursing/"; 844 | recursion yes; 845 | recursive-clients 123; 846 | request-expire no; 847 | request-ixfr no; 848 | request-nsid no; 849 | require-server-cookie no; 850 | reserved-sockets 128; 851 | resolver-nonbackoff-tries 10; 852 | resolver-query-timeout 5; 853 | resolver-retry-interval 5; 854 | response-padding { 1.1.1.1; } block-size 15; 855 | response-padding { ! 1.1.1.1; { ! 1.1.1.1; }; } block-size 15; 856 | response-padding { ! any; 1.1.1.1; } block-size 15; 857 | response-policy { 858 | zone red_zone log yes max-policy-ttl 63 859 | min-update-interval 63 860 | policy no-op 861 | recursive-only no 862 | nsip-enable yes 863 | nsdname-enable yes; } 864 | break-dnssec True max-policy 63 min-update-interval 63 865 | min-ns-dots 3 nsip-wait-recurse False 866 | qname-wait-recurse False 867 | recursive-only False nsip-enable True nsdname-enable True 868 | dnsrps-enable True dnsrps-options { "IStrangeThings"; }; 869 | root-delegation-only; 870 | root-delegation-only exclude { "me"; "dk"; "ge"; }; 871 | root-delegation-only exclude; 872 | root-key-sentinel yes; 873 | /* options */ 874 | rrset-order { order fixed; }; 875 | rrset-order { class ANY order none; }; 876 | rrset-order { type ANY order none; }; 877 | rrset-order { class ANY type ANY order none; }; 878 | rrset-order { class ANY name "example.net" order none; }; 879 | rrset-order { type ANY name "example.net" order none; }; 880 | rrset-order { class ANY type ANY name "example.net" order none; }; 881 | rrset-order { class any type A name "example.net" order fixed; }; 882 | rrset-order { class IN type any name "*" order random; }; 883 | rrset-order { class IN type A name "example.net" order cyclic; }; 884 | rrset-order { class IN type A name "example.net" order none; }; 885 | secroots-file "/var/lib/bind/secroots"; 886 | send-cookie yes; 887 | serial-query-rate 1; 888 | serial-update-method unixtime; 889 | server-id none; 890 | server-id hostname; 891 | server-id example.org; 892 | servfail-ttl 63; 893 | session-keyalg algorithm_string; 894 | session-keyfile none; 895 | session-keyname my_session_key; 896 | sig-signing-nodes 63; 897 | sig-signing-signatures 63; 898 | sig-signing-type 63; 899 | sig-validity-interval 63; 900 | sig-validity-interval 63 63; 901 | sortlist { 1.1.1.1; }; 902 | /* options */ 903 | stacksize 1m; 904 | stale-answer-enable no; 905 | stale-answer-ttl 63; 906 | startup-notify-rate 63; 907 | statistics-file "/var/log/bind/statistics"; 908 | synth-from-dnssec no; 909 | tcp-advertised-timeout 63; 910 | tcp-clients 63; 911 | tcp-idle-timeout 63; 912 | tcp-initial-timeout 63; 913 | tcp-keepalive-timeout 63; 914 | tcp-listen-queue 63; 915 | tkey-dhkey "key_name" 33122; 916 | tkey-domain "key_name"; 917 | tkey-gssapi-credential quoted_string; 918 | tkey-gssapi-keytab quoted_string; 919 | transfer-format many-answers; 920 | transfer-format one-answer; 921 | /* options */ 922 | transfer-message-size 63; 923 | transfer-source * port * dscp 63; 924 | transfer-source-v6 fe08::127.0.0.1 port 53; 925 | transfers-in 63; 926 | transfers-out 63; 927 | transfers-per-ns 63; 928 | trust-anchor-telemetry true; 929 | try-tcp-refresh true; 930 | #trust-anchor { egbert.net initial-ds 1 1 1 yes; }; 931 | update-check-ksk true; 932 | use-alt-transfer-source yes; 933 | use-v6-udp-ports { range 1 65535; }; 934 | use-v4-udp-ports { range 1 65535; }; 935 | v6-bias 5; 936 | validate-except { example.local; }; 937 | version none; 938 | zero-no-soa-ttl no; 939 | /* options */ 940 | zero-no-soa-ttl-cache 15; 941 | zone-statistics full; 942 | }; 943 | 944 | plugin query "filespec.so" { driver_par ;ameters }; 945 | plugin query filespec { "driver_para eters" }; 946 | plugin query 'filespec' { 'driver_para="asdf", eters' }; 947 | plugin "filespec"; 948 | plugin query "filespec"; 949 | 950 | server 1.1.1.1 { }; 951 | server 192.1.2.324/24 { 952 | allow-v6-synthesis AAAA; // obsoleted 953 | also-notify { 123.123.123.123; 2.2.2.2; }; // obsoleted 954 | bogus yes; 955 | edns yes; 956 | edns-version 15; 957 | keys key_id; 958 | max-udp-size 4096; 959 | notify-source 1.1.1.1 port * dscp 53; 960 | notify-source-v6 ff08::1 port * dscp 53; 961 | padding 1490; 962 | provide-ixfr no; 963 | query-source 1.1.1.1 port * dscp 53; 964 | query-source-v6 ff08::1 port * dscp 53; 965 | request-expire yes; 966 | request-ixfr yes; 967 | request-nsid yes; 968 | send-cookie yes; 969 | tcp-keepalive yes; 970 | tcp-only yes; 971 | transfer-format many-answers; 972 | transfer-source * port * dscp 63; 973 | transfer-source-v6 fe80:1::127.0.0.1 port * dscp 63; 974 | transfer-source-v6 fe08:1::127.0.0.1 port 53; 975 | transfers 15; 976 | }; 977 | 978 | statistics-channels { 979 | inet 1.1.1.1 allow { any; };; 980 | inet 1.1.1.1 port * allow { any; };; 981 | inet 1.1.1.1 port 53 allow { any; };; 982 | inet 1.1.1.1 allow { 1.1.1.1; }; 983 | inet 1.1.1.1 port 53 allow { 1.1.1.1; }; 984 | inet fe08::1; 985 | inet fe08::1 port 53; 986 | inet fe08::1 allow { 1.1.1.1; }; 987 | inet fe08::1 port 53 allow { 1.1.1.1; }; 988 | inet * allow { any; }; 989 | inet * allow { 1.1.1.1; }; 990 | inet * port * allow { any; }; 991 | inet * port 53 allow { any; }; 992 | inet * port 53 allow { 1.1.1.1; }; 993 | }; 994 | 995 | trust-anchors { example.invalid initial-ds 3 0 1 12397123987123987123971239879; }; 996 | trusted-keys { example.invalid 3 0 1 12397123987123987123971239879; }; 997 | 998 | view empty { }; 999 | 1000 | view redview { 1001 | /* help */ allow-new-zones yes; 1002 | allow-notify { 1.1.1.1; }; 1003 | allow-query { 1.1.1.1; }; 1004 | allow-query-cache { 1.1.1.1; }; 1005 | allow-query-cache-on { 1.1.1.1; }; 1006 | allow-query-on { 1.1.1.1; }; 1007 | allow-recursion { 1.1.1.1; }; 1008 | allow-recursion-on { 1.1.1.1; }; 1009 | /* VIEW */ 1010 | allow-transfer {1.1.1.1;}; 1011 | allow-update {1.1.1.1;}; 1012 | allow-update-forwarding {1.1.1.1;}; 1013 | allow-v6-synthesis AAAA; // obsoleted 1014 | also-notify { 123.123.123.123; 2.2.2.2; }; 1015 | alt-transfer-source 1.1.1.1; 1016 | alt-transfer-source *; 1017 | alt-transfer-source 2.2.2.2 dscp 15 port *; 1018 | alt-transfer-source 2.2.2.2 port * dscp 3; 1019 | alt-transfer-source * port * dscp 14; 1020 | alt-transfer-source-v6 fe08::7:8 port * dscp 3; 1021 | attach-cache view_red; 1022 | auth-nxdomain yes; 1023 | auto-dnssec maintain; 1024 | cache-file "/etc/bind/cache-file"; 1025 | catalog-zones { zone red_zone default-masters; }; 1026 | /* VIEW */ 1027 | catalog-zones { 1028 | zone "catalog.example" 1029 | default-masters { 10.53.0.1; } 1030 | in-memory no 1031 | zone-directory "catzones" 1032 | min-update-interval 10; 1033 | }; 1034 | catalog-zones { zone "catalog.example"; }; 1035 | check-dup-records warn; 1036 | check-integrity yes; /* help */ ; 1037 | check-mx fail; 1038 | check-mx-cname ignore; 1039 | check-names warn; 1040 | check-sibling yes; 1041 | check-spf ignore; 1042 | check-srv-cnames fail; 1043 | check-wildcard yes; 1044 | /* VIEW */ 1045 | cleaning-interval 10; 1046 | clients-per-query 10; 1047 | deny-answer-addresses { "example.net"; }; 1048 | deny-answer-addresses { acl_ntwk; }; 1049 | deny-answer-addresses { 123.123.123.123; }; 1050 | deny-answer-addresses { 123.123.123.123; } except from { "localhost"; 1.2.3.4; }; 1051 | deny-answer-addresses { 123.123.123.123; } 1052 | except from { 1053 | "localhost"; 1054 | 1.2.3.4; 1055 | }; 1056 | deny-answer-aliases { "example.net"; }; 1057 | deny-answer-aliases { acl_ntwk; }; 1058 | deny-answer-aliases { "example.org"; } except from { "localhost"; 1.2.3.4; }; 1059 | /* VIEW */ 1060 | deny-answer-aliases { "cname.example.com"; } 1061 | except from { 1062 | "localhost"; 1063 | 1.2.3.4; 1064 | }; 1065 | dialup true; 1066 | dnskey-sig-validity 1; 1067 | disable-algorithms 'some_name' { some_algo; some_algo2; }; 1068 | disable-algorithms "some_name" { some_algo; }; 1069 | disable-algorithms some_name { some_algo; }; 1070 | disable-ds-digests some_name { some_algo; }; 1071 | disable-empty-zone blah; 1072 | dlz dlz_name { database "database-specific crap"; search no; }; 1073 | /* VIEW */ 1074 | dns64 fe08::1/5 { 1075 | suffix ::ffff:0.0.0.0/96; 1076 | recursive-only no; 1077 | }; 1078 | dns64-contact "test.level1.example"; 1079 | dns64-server "test.level2.example."; 1080 | dnskey-sig-validity 5; 1081 | dnsrps-enable yes; 1082 | dnsrps-options { "asdfasddfasdf"; }; 1083 | dnssec-accept-expired no; 1084 | dnssec-dnskey-kskonly yes; 1085 | dnssec-enable True; 1086 | dnssec-lookaside auto; 1087 | dnssec-lookaside no; 1088 | dnssec-must-be-secure example.com True; 1089 | dnssec-update-mode no-resign; 1090 | dnssec-validation True; 1091 | dnstap { all; }; 1092 | dual-stack-servers { example.com; } ; 1093 | dual-stack-servers port 123{example.com ;} ; 1094 | dual-stack-servers { example.com port 11111; }; 1095 | dual-stack-servers port * { 2.2.2.2; }; 1096 | dual-stack-servers port 1 { 2.2.2.2 port 5; }; 1097 | dual-stack-servers port 80 { example.com.; }; 1098 | dual-stack-servers port 443 { example.com.; }; 1099 | dyndb dyndb_name "something" { "unspecified_text"; }; 1100 | edns-udp-size 1115; 1101 | empty-contact "webmaster.example.com"; 1102 | empty-server "webmaster.example.com"; 1103 | empty-zone-enable true; 1104 | fetch-glue true; // obsoleted? 1105 | 1106 | fetch-quota-params 15 3.0 2.0 1.0; 1107 | fetches-per-server 15 fail; 1108 | /* VIEW */ 1109 | fetches-per-zone 15 fail; 1110 | forward only; 1111 | forwarders port 53 dscp 53 { 1.1.1.1; }; 1112 | glue-cache yes; 1113 | heartbeat-interval 1; // obsoleted? 1114 | hostname none; // obsoleted? 1115 | hostname "www.example.com"; // obsoleted? 1116 | /* ZZZ VIEW */ 1117 | inline-signing yes; 1118 | ixfr-from-differences no; 1119 | key key_name { algorithm AES; secret "0123456789abcdef0123456789abcdef"; }; 1120 | key-directory "/etc/bind/keys"; 1121 | lame-ttl 35600; 1122 | managed-keys-directory "/etc/bind/keys"; 1123 | masterfile-format text; 1124 | /* VIEW */ 1125 | masterfile-style full; 1126 | match-clients { 1.1.1.1; }; 1127 | match-destinations { 1.1.1.1; }; 1128 | match-recursive-only yes; 1129 | max-cache-size default; 1130 | max-cache-size unlimited; 1131 | max-cache-size 15G; 1132 | max-cache-ttl 3600; 1133 | max-clients-per-query 53; 1134 | /* VIEW */ 1135 | max-ixfr-log-size unlimited; // only inside view, not at top-level zone 1136 | max-journal-size unlimited; 1137 | max-ncache-ttl 53; 1138 | max-records 53; 1139 | max-recursion-depth 53; 1140 | max-recursion-queries 53; 1141 | max-refresh-time 53; 1142 | max-retry-time 53; 1143 | max-stale-ttl 53; 1144 | max-transfer-idle-in 53; 1145 | max-transfer-idle-out 53; 1146 | max-transfer-time-in 53; 1147 | max-transfer-time-out 53; 1148 | max-udp-size 53; 1149 | max-zone-ttl unlimited; 1150 | message-compression no; 1151 | min-cache-ttl 53; 1152 | /* VIEW */ 1153 | min-ncache-ttl 53; 1154 | min-refresh-time 53; 1155 | min-retry-time 53; 1156 | minimal-any yes; 1157 | minimal-responses no-auth; 1158 | multi-master yes; 1159 | new-zones-directory "/var/lib/bind/newzones/"; 1160 | no-case-compress { 1.1.1.1; }; 1161 | notify explicit; 1162 | notify-source 1.1.1.1 port * dscp 53; 1163 | notify-source-v6 1:: port * dscp 53; 1164 | notify-to-soa yes; 1165 | nta-lifetime 53; 1166 | nta-recheck 53; 1167 | nxdomain-redirect "string"; 1168 | plugin query "filter-aaaa.so" { "filter-aaaa.o" }; 1169 | preferred-glue aaaa; 1170 | prefetch 53; 1171 | prefetch 53 53; 1172 | provide-ixfr yes; 1173 | qname-minimization relaxed; 1174 | query-source 1.1.1.1 port * dscp 53; 1175 | query-source-v6 fe08:1::127.0.0.1 port * dscp 53; 1176 | rate-limit { 1177 | all-per-second 15; 1178 | errors-per-second 15; 1179 | exempt-clients { 1.1.1.1; }; 1180 | ipv4-prefix-length 12; 1181 | ipv6-prefix-length 96; 1182 | log-only no; 1183 | max-table-size 63; 1184 | min-table-size 63; 1185 | /* VIEW */ 1186 | nodata-per-second 63; 1187 | nxdomains-per-second 63; 1188 | qps-scale 5; 1189 | referrals-per-second 15; 1190 | responses-per-second 15; 1191 | slip 15; 1192 | window 15; 1193 | }; 1194 | recursion yes; 1195 | request-expire yes; 1196 | request-ixfr yes; 1197 | request-nsid yes; 1198 | require-server-cookie no; 1199 | resolver-nonbackoff-tries 5; 1200 | resolver-query-timeout 15; 1201 | resolver-retry-interval 15; 1202 | response-padding { 1.1.1.1; } block-size 15M; 1203 | /* VIEW */ 1204 | response-policy { zone red_zone log yes max-policy-ttl 63 }; 1205 | root-delegation-only exclude { string; }; 1206 | root-key-sentinel yes; 1207 | rrset-order { class IN type A name example.org order cyclic; }; 1208 | send-cookie yes; 1209 | server 192.1.2.324/24 { 1210 | allow-v6-synthesis AAAA; // obsoleted 1211 | #also-notify { 123.123.123.123; 2.2.2.2; }; // obsoleted 1212 | bogus yes; 1213 | edns yes; 1214 | edns-version 15; 1215 | keys key_id; 1216 | max-udp-size 15; 1217 | notify-source 1.1.1.1 port * dscp 53; 1218 | notify-source-v6 fe08:1::1.1.1.1 port * dscp 53; 1219 | padding 1490; 1220 | provide-ixfr no; 1221 | query-source 1.1.1.1 port * dscp 53; 1222 | query-source-v6 fe08:2::1.1.1.1 port * dscp 53; 1223 | request-expire yes; 1224 | request-ixfr yes; 1225 | request-nsid yes; 1226 | send-cookie yes; 1227 | tcp-keepalive yes; 1228 | tcp-only yes; 1229 | transfer-format many-answers; 1230 | transfer-source * port * dscp 63; 1231 | transfer-source-v6 fe08::1 port 53; 1232 | transfers 15; 1233 | }; 1234 | session-keyname my_session_key; 1235 | servfail-ttl 63; 1236 | sig-signing-nodes 53; 1237 | sig-signing-signatures 53; 1238 | sig-signing-type 53; 1239 | sig-validity-interval 53; 1240 | sig-validity-interval 53 53; 1241 | sortlist { 1.1.1.1; }; 1242 | stale-answer-enable no; 1243 | stale-answer-ttl 53; 1244 | synth-from-dnssec yes; 1245 | /* VIEW */ 1246 | transfer-format many-answers; 1247 | transfer-source * port * dscp 53; 1248 | transfer-source-v6 * port * dscp 53; 1249 | # trust-anchor-telemtry { string integer integer integer quoted_string; }; 1250 | try-tcp-refresh yes; 1251 | update-check-ksk yes; 1252 | use-alt-transfer-source yes; 1253 | v6-bias 5; 1254 | validate-except { example.net; }; 1255 | zero-no-soa-ttl no; 1256 | zero-no-soa-ttl-cache yes; 1257 | zone zone_name { }; # see top-level 'zone' statement for more options 1258 | zone-statistics full; 1259 | zone-statistics terse; 1260 | zone-statistics none; 1261 | zone-statistics True; 1262 | /* VIEW */ 1263 | }; 1264 | 1265 | view private_view { 1266 | recursion True; 1267 | zone adult_zone { 1268 | auto-dnssec off; 1269 | }; 1270 | servfail-ttl 63; 1271 | }; 1272 | view private_view { 1273 | allow-transfer {1.1.1.1;}; 1274 | zone teenagers_zone { 1275 | allow-transfer {1.1.1.1;}; 1276 | auto-dnssec maintain; 1277 | check-dup-records fail; 1278 | }; 1279 | allow-transfer {1.1.1.1;}; 1280 | }; 1281 | view private_view { 1282 | zone toddler_zone { }; 1283 | forwarders { 1.1.1.1; }; 1284 | }; 1285 | view private_view { 1286 | ixfr-from-differences no; 1287 | key key_name { algorithm AES; secret "0123456789abcdef0123456789abcdef"; }; 1288 | key-directory "/etc/bind/keys"; 1289 | lame-ttl 35600; 1290 | managed-keys-directory "/etc/bind/keys"; 1291 | masterfile-format text; 1292 | server 127.0.0.1/5_name { }; 1293 | zone teenagers_zone { }; 1294 | }; 1295 | 1296 | 1297 | 1298 | 1299 | zone empty { }; 1300 | zone zone-red { 1301 | allow-notify { 1.1.1.1; }; 1302 | allow-query { 1.1.1.1; }; 1303 | allow-query-on { 1.1.1.1; }; 1304 | allow-transfer {1.1.1.1;}; 1305 | allow-update {1.1.1.1;}; 1306 | also-notify { 123.123.123.123; 2.2.2.2; }; 1307 | allow-update-forwarding {1.1.1.1;}; 1308 | alt-transfer-source 2.2.2.2 port * dscp 3; 1309 | alt-transfer-source-v6 fe08::2 port * dscp 3; 1310 | auto-dnssec maintain; 1311 | check-dup-records fail; 1312 | check-integrity yes; 1313 | /* ZONE */ 1314 | check-mx fail; 1315 | check-mx-cname ignore; 1316 | check-names warn; 1317 | check-sibling yes; 1318 | check-spf warn; 1319 | check-srv-cnames fail; 1320 | check-wildcard yes; 1321 | database string; 1322 | delegation-only no; 1323 | dialup passive; 1324 | dialup true; 1325 | dlz dlz_name { database "database-specific crap"; search no; }; 1326 | dnskey-sig-validity 366; 1327 | dnssec-dnskey-kskonly yes; 1328 | dnssec-loadkeys-interval 5; 1329 | dnssec-secure-to-insecure no; 1330 | dnssec-update-mode no-resign; 1331 | file "/var/log/pittance.log"; 1332 | files *; // obsoleted? 1333 | files default; // obsoleted? 1334 | files unlimited; // obsoleted? 1335 | files 99; // obsoleted? 1336 | forward only; // only in top-level zone statement, and not inside view? 1337 | forwarders port 53 dscp 53 { 1.1.1.1 port 53 dscp 53; }; 1338 | /* ZZZ ZONE */ 1339 | in-view view_name; 1340 | inline-signing yes; // only inside view 1341 | ixfr-from-differences yes; 1342 | journal "/var/lib/bind/journal/"; 1343 | key-directory "/etc/bind/keys"; 1344 | masterfile-format raw; 1345 | masterfile-style relative; 1346 | masters port 53 dscp 53 { master_name key key_name; }; 1347 | max-ixfr-log-size unlimited; // only inside view, not at top-level zone 1348 | max-journal-size unlimited; 1349 | max-records 53; 1350 | max-refresh-time 53; 1351 | max-retry-time 53; 1352 | max-transfer-idle-in 53; 1353 | max-transfer-idle-out 53; 1354 | max-transfer-time-in 53; 1355 | /* ZONE */ 1356 | max-transfer-time-out 53; 1357 | max-zone-ttl unlimited; 1358 | min-refresh-time 53; 1359 | min-retry-time 53; 1360 | multi-master no; 1361 | notify explicit; 1362 | notify-delay 53; 1363 | notify-to-soa yes; 1364 | request-expire no; 1365 | request-ixfr no; 1366 | serial-update-method date; 1367 | server-addresses { 1.1.1.1; }; 1368 | server-names { example.com; }; 1369 | server-names { "example.com;" }; 1370 | session-keyname my_session_key; 1371 | sig-signing-nodes 53; 1372 | sig-signing-signatures 53; 1373 | /* ZONE */ 1374 | sig-signing-type 53; 1375 | sig-validity-interval 53; 1376 | sig-validity-interval 53 53; 1377 | transfer-source * port * dscp 63; 1378 | transfer-source-v6 fe08::127.0.0.1 port 53; 1379 | try-tcp-refresh yes; 1380 | type secondary; 1381 | update-check-ksk yes; 1382 | update-policy local; 1383 | use-alt-transfer-source yes; 1384 | zero-no-soa-ttl yes; 1385 | zone-statistics full; 1386 | #notify-source { 1.1.1.1 port * dscp 63; }; // moved to server/options 1387 | notify-source-v6 { fe08::1.1.1.1 port * dscp 63; }; // moved to server/options 1388 | }; 1389 | 1390 | zone "127.In-addr.ARPA" { type master; file "ARPA.In-addr.127"; }; 1391 | zone "0.0.127.in-addr.arpa" IN 1392 | { 1393 | type master; 1394 | file "master/localhost.rev"; 1395 | allow-update { none; }; 1396 | }; 1397 | 1398 | zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" { 1399 | type master; 1400 | file "ARPA.IP6.0000--0000-0000-0000"; }; 1401 | zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" { 1402 | type master; 1403 | file "ARPA.IP6.0000--0000-0000-0000"; }; 1404 | 1405 | zone "f.f.f.f.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" { 1406 | type master; 1407 | file "ARPA.IP6.0000--ffff-0000-0000"; }; 1408 | zone "f.f.f.f.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" { 1409 | type master; 1410 | file "ARPA.IP6.0000--ffff-0000-0000"; }; 1411 | 1412 | zone "secv6.your.domain" IN { 1413 | type master; 1414 | file "master/secv6.your.domain.rev"; 1415 | }; 1416 | 1417 | zone "secv6.int" IN { 1418 | type master; 1419 | file "master/secv6.int.rev"; 1420 | }; 1421 | 1422 | zone "secv6.arpa" IN { 1423 | type master; 1424 | file "master/secv6.arpa.rev"; 1425 | }; 1426 | 1427 | zone "b.a.1.0.8.b.d.0.1.0.0.2.ip6.arpa" 1428 | { 1429 | type master; 1430 | notify no; 1431 | file "/etc/bind/b.a.1.0.8.b.d.0.1.0.0.2.ip6.arpa"; 1432 | }; 1433 | 1434 | zone "example.org" { type master; file "org.example"; }; 1435 | zone "home.example.org" { type master; file "org.example.home"; }; 1436 | 1437 | zone "_._._._.0.0.4.0.8.1.6.0.1.0.0.2.IP6.ARPA" { 1438 | type master; file "ARPA.IP6.2001-0618-0400-____--"; }; 1439 | zone "_._._._.0.0.4.0.8.1.6.0.1.0.0.2.IP6.INT" { 1440 | type master; file "ARPA.IP6.2001-0618-0400-____--"; }; 1441 | 1442 | /////////////////////////////////////////////////////////////////////// 1443 | // purposely invalid syntax - begins 1444 | /////////////////////////////////////////////////////////////////////// 1445 | // purposely invalid syntax 1446 | acl // this is invalid 1447 | x acl; // this is invalid 1448 | acl ; // this is invalid 1449 | acl{} // this is invalid 1450 | acl // this is invalid 1451 | acl { !}; // this is invalid 1452 | acl link_local_with_zone_index_prefix { fe08/48%eth1; }; // this should fail 1453 | acl link_local_with_zone_index { fe80%eth1; }; // this fails (it's fe08, not fe80) 1454 | acl link_local_with_zone_index { fe08::8%eth0; }; // this fails (missing 7) 1455 | acl link_local_with_zone_index { fd57:1d29:4f94:1:216:36ff:fe00:1%eth0; }; // valid? 1456 | acl link_local_with_zone_index { fe08::7:8:127.0.0.1%2; }; // valid? 1457 | 1458 | // purposely invalid syntax 1459 | controls /// TODO: needs to be a caught error in this syntax 1460 | controls { inet 1.1.1.1 port 70000 allow { 2.2.2.2; oopsie; { acl_name; }; }; }; // invalid 1461 | controls { unix a inet 1.1.1.1; inet unix ;}; // invalid 1462 | controls }; 1463 | controls { XXXt 1.1.1.1; }; // invalid 1464 | controls { fool inet *; }; // invalid 1465 | controls { unix "/var/run/named/resolver.sock" group 11 perm 0750 owner 101; }; // invalid 1466 | controls { unix "/var/run/named/resolver.sock" owner 11 perm 0750 group 101; }; // invalid 1467 | controls { inet 1.1.1.1 keys { asdfasdfasdf; } }; // invalid 1468 | controls { inet 1.1.1.1 keys { asdfasdfasdf; } read-only true; }; // invalid 1469 | 1470 | // purposely invalid syntax 1471 | logging { 1472 | channel default { // comment line 1473 | null; 1474 | // intentional failures below 1475 | severity ; // TODO should have failed 1476 | severity debug 123 severity critical null; 1477 | severity info severity; 1478 | severity notice error; 1479 | severity warning error warning notice info debug; 1480 | severity error severity error; 1481 | severity critical severity null error warning notice info debug; 1482 | severity dynamic error warning notice info debug; 1483 | syslog oopsie; // invalid 1484 | }; 1485 | }; 1486 | 1487 | // purposely invalid syntax 1488 | masters ERRORS { mstr_name port 53 key key_name; }; // port not supported 1489 | masters MASTER_ERRORS { 1.1.1.1 port 12312353 key key; }; // port not valid 1490 | 1491 | // purposely invalid syntax 1492 | options // this is invalid 1493 | options; // this is invalid 1494 | spurious options { }; 1495 | options { 1496 | cookie-secret 0123"; // invalid 1497 | cookie-secret "YXZZ456789abcdef"; // invalid 1498 | dns64 fe08::1/5 { exclude { ::ffff:0000:0000/96; }; }; // this should work 1499 | dns64 fe08::1/5 { suffix ::; }; // default 1500 | query-source dscp 53; // invalid 1501 | listen-on-v6 { fe08::1; }; // ??? 1502 | }; 1503 | 1504 | // purposely invalid syntax 1505 | view view_error { 1506 | // purposely in wrong statement group 1507 | automatic-interface-scan yes; // only in options statement 1508 | pid-file "asdfasdfasdf"; // only in options statement 1509 | alt-transfer-source 2.2.2.2 1.1.1.1 port 2; // invalid 1510 | key key_name { algorithm SHA512-AES; 1511 | badsecret ASDASDASDASDASDAaDASaASDaSD;}; // 'badsecret' 1512 | in-view zone_name; // not allowed in view statement 1513 | }; 1514 | 1515 | // purposely invalid syntax 1516 | zone LOTS_OF_ZONE_ERRORS { 1517 | in-view zone_name; // this is ok, tests for working zone {} 1518 | recursive-only yes; // not allowed in zone 1519 | deny-answer-addresses { "example.net"; }; // not allowed in zone 1520 | deny-answer-addresses { acl_ntwk; }; // not allowed in zone 1521 | deny-answer-addresses { 123.123.123.123; }; // not allowed in zone 1522 | deny-answer-aliases { "example.net"; }; // not allowed in zone 1523 | deny-answer-aliases { acl_ntwk; }; // not allowed in zone 1524 | recursion yes; // not allowed in zone 1525 | allow-recursion { invalid; ; // not allowed in zone 1526 | allow-recursion-on { invalid; }; // not allowed in zone 1527 | allow-query-cache { invalid; }; // not allowed in zone 1528 | allow-query-cache-on { invalid; }; // not allowed in zone 1529 | check-wildcard yes; // not allowed in zone 1530 | clients-per-query 10; // not allowed in zone 1531 | attach-cache view_red; // not allowed in zone 1532 | avoid-v4-udp-ports { 9; }; // not allowed in zone 1533 | }; 1534 | /////////////////////////////////////////////////////////////////////// 1535 | // purposely invalid syntax - ends 1536 | /////////////////////////////////////////////////////////////////////// 1537 | 1538 | // set vim editor to do tabs at 4-char interval using spaces 1539 | // Crop off at 80-col 1540 | // vim: ts=4 sts=4 ts=4 1541 | -------------------------------------------------------------------------------- /test/github-issue-5-named.conf: -------------------------------------------------------------------------------- 1 | options { 2 | dnstap-output 'dnstap.out'; 3 | dnstap-output 'dnstap.out'; 4 | dnstap-output "dnstap.out" ; 5 | dnstap-output "dnstap.out" ; 6 | dnstap-output "dnstap.out" ; ; ; 7 | dnstap-output "dnstap.out" ; ; ; 8 | dnstap-output "dnstap.out" ; ; ; ; 9 | dnstap-output "dnstap.out" ; ; ; ; 10 | dnstap-output file 'dnstap.out'; 11 | dnstap-output file "dnstap.out"; ; ; ; 12 | dnstap-output file "dnstap.out" size 123; 13 | dnstap-output file "dnstap.out" size unlimited; 14 | dnstap-output file "dnstap.out" suffix increment; 15 | dnstap-output file "dnstap.out" suffix timestamp; 16 | dnstap-output file "dnstap.out" versions 23; 17 | dnstap-output file "dnstap.out" size unlimited suffix timestamp; 18 | dnstap-output file "dnstap.out" size 345 versions 3; 19 | dnstap-output file "dnstap.out" suffix increment versions 2; 20 | dnstap-output file "dnstap.out" size unlimited suffix timestamp versions 2; 21 | dnstap-output file "dnstap.out" versions 2 size 567 suffix increment; 22 | dnstap-output file "dnstap.out" versions 2 suffix timestamp size 789; 23 | dnstap { all; }; 24 | send-cookie no; 25 | require-server-cookie no; 26 | minimal-responses no; 27 | dnssec-validation yes; 28 | qname-minimization disabled; 29 | }; 30 | 31 | view { 32 | dnstap { all; }; 33 | }; 34 | -------------------------------------------------------------------------------- /test/rndc-minimal-BvARM9.16.conf: -------------------------------------------------------------------------------- 1 | key rndc_key { 2 | algorithm "hmac-sha256"; 3 | secret 4 | "asdfkjasdfkjhasdf9yasdf97876asdf5a8sd7f6asd8f76as8fd76asd8f76asdf876asdf876asdf"; 5 | }; 6 | options { 7 | default-server 127.0.0.1; 8 | default-key rndc_key; 9 | }; 10 | --------------------------------------------------------------------------------