Added BLACKHOLE macro

diff --git a/NEWS b/NEWS
index 7cb04612d90bcc3088d2c508705ab7cb0b5d5b9d..23ddb6901498fe57c5b5c4f6f325cb67cc519fab 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,7 @@
 
-  o  Added the FORWARDING macro for generating forward-only zones.
+  o  Added FORWARDING macro for generating forward-only zones.
+  o  Added BLACKHOLE macro for blackhole zones as per RFC 6303.
+     Blackhole zones in example cf/domains updated to use this macro.
 
 Version 3.1  [21-05-2008]
 

diff --git a/README b/README
index 628c7358bb52f9697f1be778b914c81d5e1330f4..776108e27e072117b7cbadd9f2c82edf486800f7 100644 (file)
--- a/README
+++ b/README
@@ -109,6 +109,9 @@ PRIMARY(zone, [extra-files...])
                concatenated to produce a single configuration). See the next
                section for a look inside these files.
 
+               When the zone name contains a slash (as happens in classless
+               reverse zones), it is replaced by "@" in the cf file name.
+
 SECONDARY(zone, primary)
                Define a zone we run a secondary name server for.
                "primary" is an IP address of the primary name server.
@@ -140,6 +143,12 @@ FORWARDED(zone, ip...)
                Define a forwarding zone. All queries are forwarded to the
                specified name servers.
 
+BLACKHOLE(zone)
+               Define an empty zone according to RFC 6303. This is usually done
+               for zones for which clients are known to erroneously ask queries
+               (e.g., reverse resolving of link-local addresses). The contents
+               served for these zones is taken from cf/blackhole.
+
 ZONE_OPTIONS(`options;
        more options;
 ')

diff --git a/cf.dist/blackhole b/cf.dist/blackhole
new file mode 100644 (file)
index 0000000..e410064
--- /dev/null
+++ b/cf.dist/blackhole
@@ -0,0 +1,4 @@
+; Recommended contents of blackhole zones as per RFC 6303
+
+@ 10800 IN SOA @ nobody.invalid. 1 3600 1200 604800 10800
+@ 10800 IN NS @

diff --git a/cf.dist/domains b/cf.dist/domains
index 3933d4537c72150871cc3df4795a5033e0271b7c..e1be8a8d447ff37732e4fabe0c9fe84edf9bf9f5 100644 (file)
--- a/cf.dist/domains
+++ b/cf.dist/domains
@@ -2,10 +2,30 @@
 
 ; Various mandatory things required by RFC 1912, section 4.1
 PRIMARY(localhost)
-REVERSE(0)
-REVERSE(255)
 REVERSE(127.0.0, localhost)
 
+; Blackhole zones recommended by RFC 6303
+BLACKHOLE(REV(0))                      ; IPv4 reserved net
+BLACKHOLE(REV(127))                    ; IPv4 loopback net
+BLACKHOLE(REV(169.254))                        ; IPv4 link-local
+BLACKHOLE(REV(192.0.2))                        ; IPv4 test
+BLACKHOLE(REV(198.51.100))             ; IPv4 test
+BLACKHOLE(REV(203.0.113))              ; IPv4 test
+BLACKHOLE(REV(255.255.255.255))                ; IPv4 broadcast
+BLACKHOLE(REV(::1/128))                        ; IPv6 loopback
+BLACKHOLE(REV(::0/128))                        ; IPv6 unspecified
+BLACKHOLE(REV(fd00::/8))               ; IPv6 locally assigned
+BLACKHOLE(REV(fe80::/12))              ; IPv6 link-local
+BLACKHOLE(REV(fe90::/12))
+BLACKHOLE(REV(fea0::/12))
+BLACKHOLE(REV(feb0::/12))
+BLACKHOLE(REV(2001:0db8::/32))         ; IPv6 example prefix
+
+; Blackhole zones for site-local addresses recommended by RFC 6303
+BLACKHOLE(REV(10))
+nsc_forloop(`i', 16, 31, `BLACKHOLE(REV(172.i))')
+BLACKHOLE(REV(192.168))
+
 ; A pretty normal example domain (we act as a primary nameserver for it)
 
 PRIMARY(example.com)

diff --git a/m4/mkconf.m4 b/m4/mkconf.m4
index 0d2ab00784ef3148a82b87fa2215ee42b617c0b4..eedde55b1e3119cf83e6db6f2e5981c0d5c08acf 100644 (file)
--- a/m4/mkconf.m4
+++ b/m4/mkconf.m4
@@ -51,6 +51,15 @@ ZZ_OPTIONS()dnl
 
 divert(-1)')
 
+# Blackhole zones
+
+define(`BLACKHOLE', `divert(0)zone "$1" in {
+       type master;
+       file "cf/blackhole";
+};
+
+divert(-1)')
+
 # Manual insertion of config file material
 
 define(`CONFIG', `divert(0)$1