Relative names with dots are now allowed if the dots are escaped

[nsc-5.git] / cf.dist / domains

; An example domain table for the NSC

; If you do not want to use DNSSEC, please remove the lines
; commented with "; DNSSEC".

; Various mandatory things required by RFC 1912, section 4.1
PRIMARY(localhost)
REVERSE(127.0.0, localhost)

; Blackhole zones recommended by RFC 6303
BLACKHOLE(REV(0))                       ; IPv4 reserved net
BLACKHOLE(REV(127))                     ; IPv4 loopback net
BLACKHOLE(REV(169.254))                 ; IPv4 link-local
BLACKHOLE(REV(192.0.2))                 ; IPv4 test
BLACKHOLE(REV(198.51.100))              ; IPv4 test
BLACKHOLE(REV(203.0.113))               ; IPv4 test
BLACKHOLE(REV(255.255.255.255))         ; IPv4 broadcast
BLACKHOLE(REV(::1/128))                 ; IPv6 loopback
BLACKHOLE(REV(::0/128))                 ; IPv6 unspecified
BLACKHOLE(REV(fd00::/8))                ; IPv6 locally assigned
BLACKHOLE(REV(fe80::/12))               ; IPv6 link-local
BLACKHOLE(REV(fe90::/12))
BLACKHOLE(REV(fea0::/12))
BLACKHOLE(REV(feb0::/12))
BLACKHOLE(REV(2001:0db8::/32))          ; IPv6 example prefix

; Blackhole zones for site-local addresses recommended by RFC 6303
BLACKHOLE(REV(10))
nsc_forloop(`i', 16, 31, `BLACKHOLE(REV(172.i))')
BLACKHOLE(REV(192.168))

; A pretty normal example domain (we act as a primary nameserver for it)

DNSSEC(`                        ; DNSSEC
PRIMARY(example.com)
DSFOR(a.example.com)            ; DNSSEC
')                              ; DNSSEC

; It also has a couple of sub-domains and one of them resides on another server

PRIMARY(a.example.com)
SECONDARY(b.example.com, 10.0.0.1)

; Yet another subdomain residing on another server, but this time with
; access restricted to the internal network. The closing quote after the
; options has to be on a separate line, because semicolon is a comment character.

ZONE_OPTIONS(`allow-query { 127.0.0.0/8; 10.0.0.0/8; };
        allow-recursion { 127.0.0.0/8; 10.0.0.0/8; };
        allow-transfer { 127.0.0.0/8; 10.0.0.0/8; };
')
SECONDARY(priv.example.com, 10.10.10.1)
ZONE_OPTIONS()

; Here are reverse delegations for two networks. NSC automatically creates
; the PTR records from A records in all mentioned zones. See cf/{0,1}.0.10.

DNSSEC(`                        ; DNSSEC
REVERSE(10.0.0, example.com, a.example.com)
REVERSE(10.1.0, example.com, a.example.com, ip6.example.com)
')                              ; DNSSEC

; You can even have reverse zones for larger networks

REVERSE(10.2, a.example.com)

; Here are the examples of classless reverse delegation using subdomains
; and PTR records as recommended by RFC 2317. We use the subdomain names
; recommended by the RFC, however, this is not fixed anywhere and you can
; use any names you like (or your ISP likes).

; In the 10.1.0 network, we define a classless delegation (see cf/0.1.10),
; but we also want to run a secondary server for the subdomain. As usually,
; the REV macro is handy for constructing a reverse domain name.

SECONDARY(REV(10.1.0.128/25), 10.1.0.2)

; And vice versa: we are delegated 10.3.0.64/26, so we want to create
; the corresponding subdomain. The "/" in domain name gets automatically
; translated to "@" when forming a file name, so you will find the corresponding
; config file in cf/64@26.0.3.10.

REVERSE(10.3.0.64/26, a.example.com)

; The final challenge: a subdomain with both IPv4 and IPv6 records
; together with the corresponding reverse records (in IPv6 mode, all
; networks are always accompanied by a netmask).
; See cf/ip6.example.com and cf/4.3.2.1.0.c.e.f for details

PRIMARY(ip6.example.com)
REVERSE(fec0:1234::/32, ip6.example.com)

; One more: a forward-only zone

FORWARDING(fwd.example.com, 10.0.0.1, 10.0.0.2)