diff options
Diffstat (limited to 'prog/6/6d.conf')
| -rw-r--r-- | prog/6/6d.conf | 53 |
1 files changed, 24 insertions, 29 deletions
diff --git a/prog/6/6d.conf b/prog/6/6d.conf index 3ecc3ff..c6d8756 100644 --- a/prog/6/6d.conf +++ b/prog/6/6d.conf @@ -8,22 +8,15 @@ # Reloading the server also schedules a synchronization from masters (if any). # Masters and slaves must have accurate clocks (at least minute accuracy is expected) # To specify IPv4 addresses, use the V4MAPPED address format (::ffff:192.0.2.69). -# Zone transfers are made using a 6d-specific TCP+UDP-based protocol, so if you run 6d being a DNS proxy, such as bind9 zone forward, you must specify the host/port combination where 6d listens, not where bind9 listens. When unsigned, this 6d-specific protocol relies on trusted routing to master servers and no MiTM attacks on the line. -# DNSSEC and signed zone transfers are available upon request (mailto:anton@šijanec.eu). +# Config transfers are made using a 6d-specific TCP-based protocol, so if you run 6d being a DNS proxy, such as bind9 zone forward, you must specify the host/port combination where 6d listens, not where bind9 listens. When unencrypted, this 6d-specific protocol relies on trusted routing to master servers and no MiTM attacks on the line. +# DNSSEC and encrypted zone transfers are available upon request (mailto:anton@šijanec.eu). #################### SLAVE CONFIGURATION ###################### (You may delete this part on master-only 6d.) # You can optionally define master servers here, all of their configuration will be periodically retrieved and mirrored to this 6d instance. A host may optionally be followed by /TCPport. -master_servers = {6master.sijanec.eu, 6d2.example, 2001:db8::1/5353} +masters = {6master.sijanec.eu, 6d2.example, 2001:db8::1/5353} -# OBSOLETE NON-FEATURE (NOT WORKING) -# You can optionally define master networks/zones here, they will be also be mirrored from their master server. The master server will be obtained from their SOA record. -# Note that 6d is not a general purpose DNS server! Any FQDNs specified here will be treated as 6d suffix generators. -# Note that if this is used, master must not be behind a DNS proxy, such as bind9 zone forward. Use master_servers instead if that's the case. -# master_zones = {2001:db8:a::/48, 2001:db8:b::/48, 2001:db8:c::/48, 6ptr.sijanec.eu} - -# Master servers will be checked for changes every poll_interval number of seconds. Set to 0 to disable polling. -# 69 is the default. +# Master servers will be checked for changes every poll_interval number of seconds. 69 is the default. poll_interval = 69 # Slaves hold everything they know in memory. @@ -36,37 +29,32 @@ poll_interval = 69 # /var/cache/6/backup is the default file. ptr_file = /var/cache/6/backup -# Instead of polling, slaves can be notified on changes. This is done over a DNS-compatible UDP protocol so slaves can run behind bind9 forward zone-like DNS proxies. -slaves = {6slave.sijanec.eu/666, ::ffff:192.0.2.69, 2001:db8::2/5353} - -# Defines networks to generate PTR records on the fly. The only required option is master. +# Defines networks to generate PTR records on the fly. network { # List of networks this block defines. networks = {2001:db8:d::/48, 2001:db8:e::/48} - # List the following slaves in NS responses. - slaves = {6slave.sijanec.eu, 6slave.example} + # List the following servers in NS responses. The first server will be put into SOA responses. + ns = {6d.example, 6slave.sijanec.eu, 6slave.example} # This will be published in the SOA record. admin = 6@sijanec.eu - # This will be published as the authoritative server in the SOA record (point it to this 6d instance). - master = 6d.example # PTRs will be generated in form 2001-db8-d--5932.suffix for address 2001:db8:d::5932. # By default, this suffix is the [...].ip6.arpa domain, so for network 2001:db8::/32, the suffix will be 8.B.D.0.1.0.0.2.IP6.ARPA, and the above mentioned PTR would be 2001-db8-d--5932.8.b.d.0.1.0.0.2.ip6.adpa, which is totaly OK standard-wise. Do not specify [...].ip6.arpa addresses as suffixes yourself, they will be managed automatically. # The suffix must respond to queries with the correct AAAA records, 6d can serve it for you (see below). ### suffix = "6ptr.sijanec.eu" # TTL for generated records and negative caching. - ttl = 420 + ttl = 513 } # Another networks definition. network { networks = {2001:db8:f:100::/56, 2001:db8:f:200::/56, 2001:db8:900::/48} - master = ptrdns1.example + ns = {ptrdns1.example} suffix = suffixgenerator.net.example } - -# Define suffixes that will generate AAAA records on the fly. The only required option is master. +/* +# Define suffixes that will generate AAAA records on the fly. suffix { # List of suffixes @@ -75,11 +63,10 @@ suffix # By specifying ::/0 here you allow any network on the internet to use your suffix for PTRs. # ::/0 is the default. accept = {::/0} - slaves = {6slave.sijanec.org, 6slave.example} + ns = {6ptr.sijanec.eu, 6slave.sijanec.org, 6slave.example} admin = 6@sijanec.eu - master = 6ptr.sijanec.eu # TTL for generated records and negative caching. - ttl = 420 + ttl = 513 } # Another suffixes definition, this time networks are specified, other IPv6 addresses will be NXDOMAIN. @@ -87,7 +74,15 @@ suffix { suffixes = {private-ipv6.net.example, private-ipv6.org.example} accept = {2001:db8:f:100::/56, 2001:db8:f:200::/56, 2001:db8:900::/48} - master = locked-ns1.net.example + ns = {locked-ns1.net.example} +} +*/ +# Another one with large accept clauses. +suffix +{ + suffixes = {almost-public.example} + accept = {8000::/1, 4000::/2, ::/2} + ns = {weird-ns1.net.example} } ############################# STATIC NS AND PTR RECORDS ############################### @@ -96,7 +91,7 @@ suffix ptr 2001:db8:d::1 { hostname = mail.example - ttl = 420 + ttl = 513 } # Another PTR definition @@ -110,7 +105,7 @@ ns { networks = {2001:db8:d:1337::/64, 2001:db8:d:1338::/64} ns = {ns1.sijanec.org, ns2.sijanec.org} - ttl = 420 + ttl = 513 } # Another NS delegation. |