# NSD configuration file for an AS112 name server. See RFC 6304 and
#
# Used at least in the Paris node managed by Hivane
# Automatically produced from a script. Do not edit.
server:
port: 53
database: "/var/lib/nsd/nsd.db"
zonesdir: "/etc/nsd"
pidfile: "/var/lib/nsd/nsd.pid"
ip-address: 127.0.0.1 # localhost
# the following address is node-dependent, and should be set to
# something appropriate for the new AS112 node
ip-address: 203.0.113.1 # local address (globally-unique, unicast)
# the following addresses correspond to AS112 addresses, and
# are the same for all AS112 nodes
ip-address: 192.175.48.1 # prisoner.iana.org (anycast)
ip-address: 192.175.48.6 # blackhole-1.iana.org (anycast)
ip-address: 192.175.48.42 # blackhole-2.iana.org (anycast)
ip4-only: yes
# When AS112 will officiall use IPv6, set the above to no and use:
#ip-address: 2620:4f:8000::1 # number-6.iana.org (anycast IPv6)
#ip-address: 2620:4f:8000::6 # blackhole-3.iana.org (anycast IPv6)
#ip-address: 2620:4f:8000::42 # blackhole-4.iana.org (anycast IPv6)
# Replace both with the real name
# CH TXT queries
identity: "hostname.as112.net - Gondor node"
# NSID (RFC 5011) queries. *Must* be in hex :-( Use for instance:
# echo -n "ns.example.net" | hexdump -v -e '/1 "%02X"'
nsid: "686f73746e616d652e61733131322e6e6574202d20476f6e646f72206e6f6465"
# The default value is too small
tcp-count: 100
tcp-query-count: 10
tcp-timeout: 60
# RFC 1918
zone:
name: "10.in-addr.arpa"
zonefile: "db.empty"
provide-xfr: 0.0.0.0/0 BLOCKED
notify-retry: 0
zone:
name: "16.172.in-addr.arpa"
zonefile: "db.empty"
provide-xfr: 0.0.0.0/0 BLOCKED
notify-retry: 0
zone:
name: "17.172.in-addr.arpa"
zonefile: "db.empty"
provide-xfr: 0.0.0.0/0 BLOCKED
notify-retry: 0
zone:
name: "18.172.in-addr.arpa"
zonefile: "db.empty"
provide-xfr: 0.0.0.0/0 BLOCKED
notify-retry: 0
zone:
name: "19.172.in-addr.arpa"
zonefile: "db.empty"
provide-xfr: 0.0.0.0/0 BLOCKED
notify-retry: 0
zone:
name: "20.172.in-addr.arpa"
zonefile: "db.empty"
provide-xfr: 0.0.0.0/0 BLOCKED
notify-retry: 0
zone:
name: "21.172.in-addr.arpa"
zonefile: "db.empty"
provide-xfr: 0.0.0.0/0 BLOCKED
notify-retry: 0
zone:
name: "23.172.in-addr.arpa"
zonefile: "db.empty"
provide-xfr: 0.0.0.0/0 BLOCKED
notify-retry: 0
zone:
name: "24.172.in-addr.arpa"
zonefile: "db.empty"
provide-xfr: 0.0.0.0/0 BLOCKED
notify-retry: 0
zone:
name: "25.172.in-addr.arpa"
zonefile: "db.empty"
provide-xfr: 0.0.0.0/0 BLOCKED
notify-retry: 0
zone:
name: "26.172.in-addr.arpa"
zonefile: "db.empty"
provide-xfr: 0.0.0.0/0 BLOCKED
notify-retry: 0
zone:
name: "27.172.in-addr.arpa"
zonefile: "db.empty"
provide-xfr: 0.0.0.0/0 BLOCKED
notify-retry: 0
zone:
name: "28.172.in-addr.arpa"
zonefile: "db.empty"
provide-xfr: 0.0.0.0/0 BLOCKED
notify-retry: 0
zone:
name: "29.172.in-addr.arpa"
zonefile: "db.empty"
provide-xfr: 0.0.0.0/0 BLOCKED
notify-retry: 0
zone:
name: "30.172.in-addr.arpa"
zonefile: "db.empty"
provide-xfr: 0.0.0.0/0 BLOCKED
notify-retry: 0
zone:
name: "31.172.in-addr.arpa"
zonefile: "db.empty"
provide-xfr: 0.0.0.0/0 BLOCKED
notify-retry: 0
zone:
name: "168.192.in-addr.arpa"
zonefile: "db.empty"
provide-xfr: 0.0.0.0/0 BLOCKED
notify-retry: 0
# RFC 5735
zone:
name: "254.169.in-addr.arpa"
zonefile: "db.empty"
provide-xfr: 0.0.0.0/0 BLOCKED
notify-retry: 0
zone:
name: "hostname.as112.net"
zonefile: "db.hostname.as112.net"
# Unlike the sample BIND configuration in RFC 6304, we do not log
# requests: NSD cannot do it and, anyway, it is better done outside of
# the name server, for instance with dnscap
# .