1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
# The example configuration file for 6d.
# This is where you define your zones/networks and static entries.
# It is parsed by libconfuse.
# Default TTL is 420.
# You can run `6d dry <config file>` to parse the configuration file, output it and exit.
# You can `killall -SIGHUP 6d` or `service 6d reload` to reload the configuration of a running 6d. Reloading is a safe operation as an unparsable config file will not cause the program to stop, so check the logs after reloading to see if the reload succeeded.
# Hostnames that need to be resolved (for 6d-protocol communication) are resolved when needed and not on configuration reload, so you can change IP addresses of servers in DNS without needing to reload the server. This also means that if something doesn't resolve, it will not be apparent when you reload the config, but later on in runtime.
# Reloading the server also schedules a synchronization from masters (if any).
# Masters and slaves must have accurate clocks (at least minute accuracy is expected)
# To specify IPv4 addresses, use the V4MAPPED address format (::ffff:192.0.2.69).
# Zone transfers are made using a 6d-specific TCP+UDP-based protocol, so if you run 6d being a DNS proxy, such as bind9 zone forward, you must specify the host/port combination where 6d listens, not where bind9 listens. When unsigned, this 6d-specific protocol relies on trusted routing to master servers and no MiTM attacks on the line.
# DNSSEC and signed zone transfers are available upon request (mailto:anton@šijanec.eu).
#################### SLAVE CONFIGURATION ###################### (You may delete this part on master-only 6d.)
# You can optionally define master servers here, all of their configuration will be periodically retrieved and mirrored to this 6d instance. A host may optionally be followed by /TCPport.
master_servers = {6master.sijanec.eu, 6d2.example, 2001:db8::1/5353}
# OBSOLETE NON-FEATURE (NOT WORKING)
# You can optionally define master networks/zones here, they will be also be mirrored from their master server. The master server will be obtained from their SOA record.
# Note that 6d is not a general purpose DNS server! Any FQDNs specified here will be treated as 6d suffix generators.
# Note that if this is used, master must not be behind a DNS proxy, such as bind9 zone forward. Use master_servers instead if that's the case.
# master_zones = {2001:db8:a::/48, 2001:db8:b::/48, 2001:db8:c::/48, 6ptr.sijanec.eu}
# Master servers will be checked for changes every poll_interval number of seconds. Set to 0 to disable polling.
# 69 is the default.
poll_interval = 69
# Slaves hold everything they know in memory.
#################### MASTER CONFIGURATION ##################### (You may delete this part on slave-only 6d.)
# A computer in networks defined here may register a PTR for itself with the 6c program; such records are valid for two days. Everytime a record is created, it will be logged into this file. When 6d starts, old records are pruned and valid records are loaded into memory. Pruning is also done every two days.
# Static PTR and NS records obtained from the configuration file or master server always take precedence before 6c PTR requests.
# This binary file is not not portable. You can only read it on the same machine it was created on.
# /var/cache/6/backup is the default file.
ptr_file = /var/cache/6/backup
# Instead of polling, slaves can be notified on changes. This is done over a DNS-compatible UDP protocol so slaves can run behind bind9 forward zone-like DNS proxies.
slaves = {6slave.sijanec.eu/666, ::ffff:192.0.2.69, 2001:db8::2/5353}
# Defines networks to generate PTR records on the fly. The only required option is master.
network
{
# List of networks this block defines.
networks = {2001:db8:d::/48, 2001:db8:e::/48}
# List the following slaves in NS responses.
slaves = {6slave.sijanec.eu, 6slave.example}
# This will be published in the SOA record.
admin = 6@sijanec.eu
# This will be published as the authoritative server in the SOA record (point it to this 6d instance).
master = 6d.example
# PTRs will be generated in form 2001-db8-d--5932.suffix for address 2001:db8:d::5932.
# By default, this suffix is the [...].ip6.arpa domain, so for network 2001:db8::/32, the suffix will be 8.B.D.0.1.0.0.2.IP6.ARPA, and the above mentioned PTR would be 2001-db8-d--5932.8.b.d.0.1.0.0.2.ip6.adpa, which is totaly OK standard-wise. Do not specify [...].ip6.arpa addresses as suffixes yourself, they will be managed automatically.
# The suffix must respond to queries with the correct AAAA records, 6d can serve it for you (see below).
### suffix = "6ptr.sijanec.eu"
# TTL for generated records and negative caching.
ttl = 420
}
# Another networks definition.
network
{
networks = {2001:db8:f:100::/56, 2001:db8:f:200::/56, 2001:db8:900::/48}
master = ptrdns1.example
suffix = suffixgenerator.net.example
}
# Define suffixes that will generate AAAA records on the fly. The only required option is master.
suffix
{
# List of suffixes
suffixes = {6ptr.sijanec.eu, ipv6.isp-provider.example}
# The netmasks that this on-the-fly generator will accept.
# By specifying ::/0 here you allow any network on the internet to use your suffix for PTRs.
# ::/0 is the default.
accept = {::/0}
slaves = {6slave.sijanec.org, 6slave.example}
admin = 6@sijanec.eu
master = 6ptr.sijanec.eu
# TTL for generated records and negative caching.
ttl = 420
}
# Another suffixes definition, this time networks are specified, other IPv6 addresses will be NXDOMAIN.
suffix
{
suffixes = {private-ipv6.net.example, private-ipv6.org.example}
accept = {2001:db8:f:100::/56, 2001:db8:f:200::/56, 2001:db8:900::/48}
master = locked-ns1.net.example
}
############################# STATIC NS AND PTR RECORDS ###############################
# A static PTR entry for an IP address. You must configure the hostname to have the correct AAAA record yourself! The only required option is hostname.
ptr 2001:db8:d::1
{
hostname = mail.example
ttl = 420
}
# Another PTR definition
ptr 2001:db8:d::2
{
hostname = mail-out2.example
}
# A static NS entry for some networks. Instead of on-the-fly generation, PTR queries will redirect clients to this NS. The only requirement is that ns list has a least one element.
ns
{
networks = {2001:db8:d:1337::/64, 2001:db8:d:1338::/64}
ns = {ns1.sijanec.org, ns2.sijanec.org}
ttl = 420
}
# Another NS delegation.
ns
{
networks = {2001:db8:8:1300::/56}
ns = {ns1.kompot.example}
}
################################ IMPLEMENTATION NOTES ###################################
# Specifying overlapping networks in accept clauses of suffix declarations is not suggested. Only the smaller network of two overlapping networks will be accepted.
# Specifying overlapping networks in network clauses is also not suggested. The configuration of the larger network of the two overlapping networks will be used.
# Static records only make sense in networks you are authoritative for. Static records not inside a network will be silently ignored.
|
