--- /dev/null
+controls { };
+
+options {
+ query-source address 10.53.0.1;
+ notify-source 10.53.0.1;
+ transfer-source 10.53.0.1;
+ port 5300;
+ pid-file "named.pid";
+ session-keyfile "session.key";
+ listen-on { 10.53.0.1; 127.0.0.1; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+ tkey-gssapi-keytab "dns.keytab";
+};
+
+key rndc_key {
+ secret "1234abcd8765";
+ algorithm hmac-md5;
+};
+
+controls {
+ inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; };
+};
+
+zone "example.nil." IN {
+ type master;
+ file "example.nil.db";
+
+ update-policy {
+ grant Administrator@EXAMPLE.NIL wildcard * A AAAA SRV CNAME;
+ grant testdenied@EXAMPLE.NIL wildcard * TXT;
+ };
+
+ /* we need to use check-names ignore so _msdcs A records can be created */
+ check-names ignore;
+};