; An example domain table for the NSC ; If you do not want to use DNSSEC, please remove the lines ; commented with "; DNSSEC". ; Various mandatory things required by RFC 1912, section 4.1 PRIMARY(localhost) REVERSE(127.0.0, localhost) ; Blackhole zones recommended by RFC 6303 BLACKHOLE(REV(0)) ; IPv4 reserved net BLACKHOLE(REV(127)) ; IPv4 loopback net BLACKHOLE(REV(169.254)) ; IPv4 link-local BLACKHOLE(REV(192.0.2)) ; IPv4 test BLACKHOLE(REV(198.51.100)) ; IPv4 test BLACKHOLE(REV(203.0.113)) ; IPv4 test BLACKHOLE(REV(255.255.255.255)) ; IPv4 broadcast BLACKHOLE(REV(::1/128)) ; IPv6 loopback BLACKHOLE(REV(::0/128)) ; IPv6 unspecified BLACKHOLE(REV(fd00::/8)) ; IPv6 locally assigned BLACKHOLE(REV(fe80::/12)) ; IPv6 link-local BLACKHOLE(REV(fe90::/12)) BLACKHOLE(REV(fea0::/12)) BLACKHOLE(REV(feb0::/12)) BLACKHOLE(REV(2001:0db8::/32)) ; IPv6 example prefix ; Blackhole zones for site-local addresses recommended by RFC 6303 BLACKHOLE(REV(10)) nsc_forloop(`i', 16, 31, `BLACKHOLE(REV(172.i))') BLACKHOLE(REV(192.168)) ; A pretty normal example domain (we act as a primary nameserver for it) DNSSEC(` ; DNSSEC PRIMARY(example.com) DSFOR(a.example.com) ; DNSSEC ') ; DNSSEC ; It also has a couple of sub-domains and one of them resides on another server PRIMARY(a.example.com) SECONDARY(b.example.com, 10.0.0.1) ; Yet another subdomain residing on another server, but this time with ; access restricted to the internal network. The closing quote after the ; options has to be on a separate line, because semicolon is a comment character. ZONE_OPTIONS(`allow-query { 127.0.0.0/8; 10.0.0.0/8; }; allow-recursion { 127.0.0.0/8; 10.0.0.0/8; }; allow-transfer { 127.0.0.0/8; 10.0.0.0/8; }; ') SECONDARY(priv.example.com, 10.10.10.1) ZONE_OPTIONS() ; Here are reverse delegations for two networks. NSC automatically creates ; the PTR records from A records in all mentioned zones. See cf/{0,1}.0.10. DNSSEC(` ; DNSSEC REVERSE(10.0.0, example.com, a.example.com) REVERSE(10.1.0, example.com, a.example.com, ip6.example.com) ') ; DNSSEC ; You can even have reverse zones for larger networks REVERSE(10.2, a.example.com) ; Here are the examples of classless reverse delegation using subdomains ; and PTR records as recommended by RFC 2317. We use the subdomain names ; recommended by the RFC, however, this is not fixed anywhere and you can ; use any names you like (or your ISP likes). ; In the 10.1.0 network, we define a classless delegation (see cf/0.1.10), ; but we also want to run a secondary server for the subdomain. As usually, ; the REV macro is handy for constructing a reverse domain name. SECONDARY(REV(10.1.0.128/25), 10.1.0.2) ; And vice versa: we are delegated 10.3.0.64/26, so we want to create ; the corresponding subdomain. The "/" in domain name gets automatically ; translated to "@" when forming a file name, so you will find the corresponding ; config file in cf/64@26.0.3.10. REVERSE(10.3.0.64/26, a.example.com) ; The final challenge: a subdomain with both IPv4 and IPv6 records ; together with the corresponding reverse records (in IPv6 mode, all ; networks are always accompanied by a netmask). ; See cf/ip6.example.com and cf/4.3.2.1.0.c.e.f for details PRIMARY(ip6.example.com) REVERSE(fec0:1234::/32, ip6.example.com) ; One more: a forward-only zone FORWARDING(fwd.example.com, 10.0.0.1, 10.0.0.2)