; An example domain table for the NSC
+; If you do not want to use DNSSEC, please remove the lines
+; commented with "; DNSSEC".
+
; Various mandatory things required by RFC 1912, section 4.1
PRIMARY(localhost)
-REVERSE(0)
-REVERSE(255)
REVERSE(127.0.0, localhost)
+; Blackhole zones recommended by RFC 6303
+BLACKHOLE(REV(0)) ; IPv4 reserved net
+BLACKHOLE(REV(127)) ; IPv4 loopback net
+BLACKHOLE(REV(169.254)) ; IPv4 link-local
+BLACKHOLE(REV(192.0.2)) ; IPv4 test
+BLACKHOLE(REV(198.51.100)) ; IPv4 test
+BLACKHOLE(REV(203.0.113)) ; IPv4 test
+BLACKHOLE(REV(255.255.255.255)) ; IPv4 broadcast
+BLACKHOLE(REV(::1/128)) ; IPv6 loopback
+BLACKHOLE(REV(::0/128)) ; IPv6 unspecified
+BLACKHOLE(REV(fd00::/8)) ; IPv6 locally assigned
+BLACKHOLE(REV(fe80::/12)) ; IPv6 link-local
+BLACKHOLE(REV(fe90::/12))
+BLACKHOLE(REV(fea0::/12))
+BLACKHOLE(REV(feb0::/12))
+BLACKHOLE(REV(2001:0db8::/32)) ; IPv6 example prefix
+
+; Blackhole zones for site-local addresses recommended by RFC 6303
+BLACKHOLE(REV(10))
+nsc_forloop(`i', 16, 31, `BLACKHOLE(REV(172.i))')
+BLACKHOLE(REV(192.168))
+
; A pretty normal example domain (we act as a primary nameserver for it)
+DNSSEC(` ; DNSSEC
PRIMARY(example.com)
+DSFOR(a.example.com) ; DNSSEC
+') ; DNSSEC
; It also has a couple of sub-domains and one of them resides on another server
PRIMARY(a.example.com)
SECONDARY(b.example.com, 10.0.0.1)
+; Yet another subdomain residing on another server, but this time with
+; access restricted to the internal network. The closing quote after the
+; options has to be on a separate line, because semicolon is a comment character.
+
+ZONE_OPTIONS(`allow-query { 127.0.0.0/8; 10.0.0.0/8; };
+ allow-recursion { 127.0.0.0/8; 10.0.0.0/8; };
+ allow-transfer { 127.0.0.0/8; 10.0.0.0/8; };
+')
+SECONDARY(priv.example.com, 10.10.10.1)
+ZONE_OPTIONS()
+
; Here are reverse delegations for two networks. NSC automatically creates
; the PTR records from A records in all mentioned zones. See cf/{0,1}.0.10.
+DNSSEC(` ; DNSSEC
REVERSE(10.0.0, example.com, a.example.com)
REVERSE(10.1.0, example.com, a.example.com, ip6.example.com)
+') ; DNSSEC
; You can even have reverse zones for larger networks
SECONDARY(REV(10.1.0.128/25), 10.1.0.2)
; And vice versa: we are delegated 10.3.0.64/26, so we want to create
-; the corresponding subdomain.
+; the corresponding subdomain. The "/" in domain name gets automatically
+; translated to "@" when forming a file name, so you will find the corresponding
+; config file in cf/64@26.0.3.10.
REVERSE(10.3.0.64/26, a.example.com)
PRIMARY(ip6.example.com)
REVERSE(fec0:1234::/32, ip6.example.com)
+
+; One more: a forward-only zone
+
+FORWARDING(fwd.example.com, 10.0.0.1, 10.0.0.2)