Top-of-file comments

[pynsc.git] / nsconfig / sink.py

# PyNSC: Generator of sink zones
# (c) 2024 Martin Mareš <mj@ucw.cz>

from typing import List

from nsconfig.core import Nsc, NscZonePrimary
from nsconfig.util import IPNetwork, parse_network

# Networks which should have blackhole reverse zones as recommended by RFC 6303
BLACKHOLE_NETWORKS = [
    '0.0.0.0/8',                # IPv4 reserved
    '10.0.0.0/8',               # IPv4 private
    '169.254.0.0/16',           # IPv4 link-local
    '192.0.2.0/24',             # IPv4 test
    '192.168.0.0/16',           # IPv4 private
    '198.51.100.0/24',          # IPv4 test
    '203.0.113.0/24',           # IPv4 test
    '255.255.255.255/32',       # IPv4 broadcast
    '::0/128',                  # IPv6 unspecified
    '2001:0db8::/32',           # IPv6 example
    'fd00::/8',                 # IPv6 unique local
    'fe80::/12',                # IPv6 link-local
    'fe90::/12',
    'fea0::/12',
    'feb0::/12',
] + [f'172.{i}.0.0/16' for i in range(16, 32)]  # IPv4 private


def generate_localhost(nsc) -> None:
    z = nsc.add_zone('localhost')
    (z[""]
        .NS(z.config.origin_server)
        .A('127.0.0.1', '::1'))

    r4 = nsc.add_zone(reverse_for='127.0.0.0/8')
    r4[""].NS(z.config.origin_server)

    r6 = nsc.add_zone(reverse_for='::1/128')
    r6[""].NS(z.config.origin_server)


def generate_blackhole(nsc: Nsc,
                       skip_networks: List[IPNetwork] = [],
                       admin_email: str = 'nobody@invalid',
                       **kwargs) -> None:
    invalid_zone = nsc.add_zone('invalid', admin_email=admin_email, **kwargs)
    invalid_zone[""].NS(invalid_zone.config.origin_server)
    assert isinstance(invalid_zone, NscZonePrimary)
    for raw_net in BLACKHOLE_NETWORKS:
        net = parse_network(raw_net)
        if net not in skip_networks:
            nsc.add_zone(reverse_for=net, alias_for=invalid_zone)