# NSD configuration file for an AS112 name server. See RFC 6304 and
# <http://www.as112.net/>

# Used at least in the Paris node managed by Hivane

dnl This is the M4 source, intended to be processed by the M4
dnl preprocessor. The following warning will appear in the result:
# Automatically produced from a script. Do not edit.

define(ZONE,
`zone:
       name: "$1.in-addr.arpa"
       zonefile: "db.empty"
       provide-xfr: 0.0.0.0/0 BLOCKED
       notify-retry: 0
')

server:
       port: 53
       database: "/var/lib/nsd/nsd.db"
       zonesdir: "/etc/nsd"
       pidfile: "/var/lib/nsd/nsd.pid"
       ip-address: 127.0.0.1  # localhost
       # the following address is node-dependent, and should be set to
       # something appropriate for the new AS112 node
       ip-address: 203.0.113.1       # local address (globally-unique, unicast)
       # the following addresses correspond to AS112 addresses, and
       # are the same for all AS112 nodes
       ip-address: 192.175.48.1      # prisoner.iana.org (anycast)
       ip-address: 192.175.48.6      # blackhole-1.iana.org (anycast)
       ip-address: 192.175.48.42     # blackhole-2.iana.org (anycast)
       ip4-only: yes 
       # When AS112 will officiall use IPv6, set the above to no and use:
       #ip-address: 2620:4f:8000::1   # number-6.iana.org (anycast IPv6)
       #ip-address: 2620:4f:8000::6   # blackhole-3.iana.org (anycast IPv6)
       #ip-address: 2620:4f:8000::42  # blackhole-4.iana.org (anycast IPv6)
       # Replace both with the real name
       # CH TXT queries
       identity: "hostname.as112.net - Gondor node"
       # NSID (RFC 5011) queries. *Must* be in hex :-( Use for instance:
       # echo -n "ns.example.net" | hexdump -v -e '/1 "%02X"'  
       nsid: "686f73746e616d652e61733131322e6e6574202d20476f6e646f72206e6f6465"
       # The default value is too small
       tcp-count: 100
       tcp-query-count: 10
       tcp-timeout: 60

# RFC 1918
ZONE(10)
ZONE(16.172)
ZONE(17.172)
ZONE(18.172)
ZONE(19.172)
ZONE(20.172)
ZONE(21.172)
ZONE(23.172)
ZONE(24.172)
ZONE(25.172)
ZONE(26.172)
ZONE(27.172)
ZONE(28.172)
ZONE(29.172)
ZONE(30.172)
ZONE(31.172)
ZONE(168.192)
# RFC 5735
ZONE(254.169)

zone:
       name: "hostname.as112.net"
       zonefile: "db.hostname.as112.net"

# Unlike the sample BIND configuration in RFC 6304, we do not log
# requests: NSD cannot do it and, anyway, it is better done outside of
# the name server, for instance with dnscap
# <https://www.dns-oarc.net/tools/dnscap>.