X-Git-Url: http://mj.ucw.cz/gitweb/?a=blobdiff_plain;f=cf.dist%2Fdomains;h=35d1d942a9a647c746a8cf46a21d6dd9fbf173c3;hb=57e60f9a9bd96a6cd81651dfd8b833ea82c509c6;hp=fd7afccd83e331b8ef10fc691db4955c781768f7;hpb=323b9539f2f302321145877450c133d4c3d1d909;p=nsc-5.git diff --git a/cf.dist/domains b/cf.dist/domains index fd7afcc..35d1d94 100644 --- a/cf.dist/domains +++ b/cf.dist/domains @@ -1,20 +1,57 @@ ; An example domain table for the NSC +; Hints how to find root servers +ROOTHINT() + ; Various mandatory things required by RFC 1912, section 4.1 PRIMARY(localhost) -REVERSE(0) -REVERSE(255) REVERSE(127.0.0, localhost) +; Blackhole zones recommended by RFC 6303 +BLACKHOLE(REV(0)) ; IPv4 reserved net +BLACKHOLE(REV(127)) ; IPv4 loopback net +BLACKHOLE(REV(169.254)) ; IPv4 link-local +BLACKHOLE(REV(192.0.2)) ; IPv4 test +BLACKHOLE(REV(198.51.100)) ; IPv4 test +BLACKHOLE(REV(203.0.113)) ; IPv4 test +BLACKHOLE(REV(255.255.255.255)) ; IPv4 broadcast +BLACKHOLE(REV(::1/128)) ; IPv6 loopback +BLACKHOLE(REV(::0/128)) ; IPv6 unspecified +BLACKHOLE(REV(fd00::/8)) ; IPv6 locally assigned +BLACKHOLE(REV(fe80::/12)) ; IPv6 link-local +BLACKHOLE(REV(fe90::/12)) +BLACKHOLE(REV(fea0::/12)) +BLACKHOLE(REV(feb0::/12)) +BLACKHOLE(REV(2001:0db8::/32)) ; IPv6 example prefix + +; Blackhole zones for site-local addresses recommended by RFC 6303 +BLACKHOLE(REV(10)) +nsc_forloop(`i', 16, 31, `BLACKHOLE(REV(172.i))') +BLACKHOLE(REV(192.168)) + ; A pretty normal example domain (we act as a primary nameserver for it) +DNSSEC(` PRIMARY(example.com) +DSFOR(a.example.com) +') ; It also has a couple of sub-domains and one of them resides on another server PRIMARY(a.example.com) SECONDARY(b.example.com, 10.0.0.1) +; Yet another subdomain residing on another server, but this time with +; access restricted to the internal network. The closing quote after the +; options has to be on a separate line, because semicolon is a comment character. + +ZONE_OPTIONS(`allow-query { 127.0.0.0/8; 10.0.0.0/8; }; + allow-recursion { 127.0.0.0/8; 10.0.0.0/8; }; + allow-transfer { 127.0.0.0/8; 10.0.0.0/8; }; +') +SECONDARY(priv.example.com, 10.10.10.1) +ZONE_OPTIONS() + ; Here are reverse delegations for two networks. NSC automatically creates ; the PTR records from A records in all mentioned zones. See cf/{0,1}.0.10. @@ -37,7 +74,9 @@ REVERSE(10.2, a.example.com) SECONDARY(REV(10.1.0.128/25), 10.1.0.2) ; And vice versa: we are delegated 10.3.0.64/26, so we want to create -; the corresponding subdomain. +; the corresponding subdomain. The "/" in domain name gets automatically +; translated to "@" when forming a file name, so you will find the corresponding +; config file in cf/64@26.0.3.10. REVERSE(10.3.0.64/26, a.example.com) @@ -48,3 +87,7 @@ REVERSE(10.3.0.64/26, a.example.com) PRIMARY(ip6.example.com) REVERSE(fec0:1234::/32, ip6.example.com) + +; One more: a forward-only zone + +FORWARDING(fwd.example.com, 10.0.0.1, 10.0.0.2)