From: Martin Mares Date: Sat, 15 Oct 2011 18:53:28 +0000 (+0200) Subject: Added BLACKHOLE macro X-Git-Tag: v5.1~28 X-Git-Url: http://mj.ucw.cz/gitweb/?a=commitdiff_plain;h=0f28cfaa52b633c4a0217345731973565b6ea897;p=nsc-5.git Added BLACKHOLE macro --- diff --git a/NEWS b/NEWS index 7cb0461..23ddb69 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,7 @@ - o Added the FORWARDING macro for generating forward-only zones. + o Added FORWARDING macro for generating forward-only zones. + o Added BLACKHOLE macro for blackhole zones as per RFC 6303. + Blackhole zones in example cf/domains updated to use this macro. Version 3.1 [21-05-2008] diff --git a/README b/README index 628c735..776108e 100644 --- a/README +++ b/README @@ -109,6 +109,9 @@ PRIMARY(zone, [extra-files...]) concatenated to produce a single configuration). See the next section for a look inside these files. + When the zone name contains a slash (as happens in classless + reverse zones), it is replaced by "@" in the cf file name. + SECONDARY(zone, primary) Define a zone we run a secondary name server for. "primary" is an IP address of the primary name server. @@ -140,6 +143,12 @@ FORWARDED(zone, ip...) Define a forwarding zone. All queries are forwarded to the specified name servers. +BLACKHOLE(zone) + Define an empty zone according to RFC 6303. This is usually done + for zones for which clients are known to erroneously ask queries + (e.g., reverse resolving of link-local addresses). The contents + served for these zones is taken from cf/blackhole. + ZONE_OPTIONS(`options; more options; ') diff --git a/cf.dist/blackhole b/cf.dist/blackhole new file mode 100644 index 0000000..e410064 --- /dev/null +++ b/cf.dist/blackhole @@ -0,0 +1,4 @@ +; Recommended contents of blackhole zones as per RFC 6303 + +@ 10800 IN SOA @ nobody.invalid. 1 3600 1200 604800 10800 +@ 10800 IN NS @ diff --git a/cf.dist/domains b/cf.dist/domains index 3933d45..e1be8a8 100644 --- a/cf.dist/domains +++ b/cf.dist/domains @@ -2,10 +2,30 @@ ; Various mandatory things required by RFC 1912, section 4.1 PRIMARY(localhost) -REVERSE(0) -REVERSE(255) REVERSE(127.0.0, localhost) +; Blackhole zones recommended by RFC 6303 +BLACKHOLE(REV(0)) ; IPv4 reserved net +BLACKHOLE(REV(127)) ; IPv4 loopback net +BLACKHOLE(REV(169.254)) ; IPv4 link-local +BLACKHOLE(REV(192.0.2)) ; IPv4 test +BLACKHOLE(REV(198.51.100)) ; IPv4 test +BLACKHOLE(REV(203.0.113)) ; IPv4 test +BLACKHOLE(REV(255.255.255.255)) ; IPv4 broadcast +BLACKHOLE(REV(::1/128)) ; IPv6 loopback +BLACKHOLE(REV(::0/128)) ; IPv6 unspecified +BLACKHOLE(REV(fd00::/8)) ; IPv6 locally assigned +BLACKHOLE(REV(fe80::/12)) ; IPv6 link-local +BLACKHOLE(REV(fe90::/12)) +BLACKHOLE(REV(fea0::/12)) +BLACKHOLE(REV(feb0::/12)) +BLACKHOLE(REV(2001:0db8::/32)) ; IPv6 example prefix + +; Blackhole zones for site-local addresses recommended by RFC 6303 +BLACKHOLE(REV(10)) +nsc_forloop(`i', 16, 31, `BLACKHOLE(REV(172.i))') +BLACKHOLE(REV(192.168)) + ; A pretty normal example domain (we act as a primary nameserver for it) PRIMARY(example.com) diff --git a/m4/mkconf.m4 b/m4/mkconf.m4 index 0d2ab00..eedde55 100644 --- a/m4/mkconf.m4 +++ b/m4/mkconf.m4 @@ -51,6 +51,15 @@ ZZ_OPTIONS()dnl divert(-1)') +# Blackhole zones + +define(`BLACKHOLE', `divert(0)zone "$1" in { + type master; + file "cf/blackhole"; +}; + +divert(-1)') + # Manual insertion of config file material define(`CONFIG', `divert(0)$1