summaryrefslogtreecommitdiffstats
path: root/prog/6/6d.conf
blob: 3af780cc40c1e61914e2fff23f5964c75ebb7b2d (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
# The example configuration file for 6d.
# This is where you define your zones/networks and static entries.
# It is parsed by libconfuse.
# Default TTL is 420.
# You can run `6d dry <config file>` to parse the configuration file, output it and exit.
# You can `killall -SIGHUP 6d` or `service 6d reload` to reload the configuration of a running 6d. Reloading is a safe operation as an unparsable config file will not cause the program to stop, so check the logs after reloading to see if the reload succeeded.
# Hostnames that need to be resolved (for 6d-protocol communication) are resolved when needed and not on configuration reload, so you can change IP addresses of servers in DNS without needing to reload the server. This also means that if something doesn't resolve, it will not be apparent when you reload the config, but later on in runtime.
# Reloading the server also schedules a synchronization from masters (if any).
# Masters and slaves must have accurate clocks (at least minute accuracy is expected)
# To specify IPv4 addresses, use the V4MAPPED address format (::ffff:192.0.2.69).
# Config transfers are made using a 6d-specific TCP-based protocol, so if you run 6d being a DNS proxy, such as bind9 zone forward, you must specify the host/port combination where 6d listens, not where bind9 listens. When unencrypted, this 6d-specific protocol relies on trusted routing to master servers and no MiTM attacks on the line.
# DNSSEC and encrypted zone transfers are available upon request (mailto:anton@šijanec.eu).

#################### SLAVE CONFIGURATION ###################### (You may delete this part on master-only 6d.)

# You can optionally define master servers here, all of their configuration will be periodically retrieved and mirrored to this 6d instance. A host may optionally be followed by /TCPport.
masters = {6master.sijanec.eu, 6d2.example, 2001:db8::1/5353}

# Master servers will be checked for changes every poll_interval number of seconds. 69 is the default.
poll_interval = 69

# Slaves hold everything they know in memory.

#################### MASTER CONFIGURATION ##################### (You may delete this part on slave-only 6d.)

# A computer in networks defined here may register a PTR for itself with the 6c program; such records are valid for two days. Everytime a record is created, it will be logged into this file. When 6d starts, old records are pruned and valid records are loaded into memory. Pruning is also done every two days.
# Static PTR and NS records obtained from the configuration file or master server always take precedence before 6c PTR requests.
# This binary file is not not portable. You can only read it on the same machine it was created on.
# /var/cache/6/backup is the default file.
ptr_file = /var/cache/6/backup

# Defines networks to generate PTR records on the fly.
network
{
	# List of networks this block defines.
	networks = {2001:db8:d::/48, 2001:db8:e::/48}
	# List the following servers in NS responses. The first server will be put into SOA responses.
	ns = {6d.example, 6slave.sijanec.eu, 6slave.example}
	# This will be published in the SOA record.
	admin = 6@sijanec.eu
	# PTRs will be generated in form 2001-db8-d--5932.suffix for address 2001:db8:d::5932.
	# By default, this suffix is the [...].ip6.arpa domain, so for network 2001:db8::/32, the suffix will be 8.B.D.0.1.0.0.2.IP6.ARPA, and the above mentioned PTR would be 2001-db8-d--5932.8.b.d.0.1.0.0.2.ip6.adpa, which is totaly OK standard-wise. Do not specify [...].ip6.arpa addresses as suffixes yourself, they will be managed automatically.
	# The suffix must respond to queries with the correct AAAA records, 6d can serve it for you (see below).
	### suffix = "6ptr.sijanec.eu"
	# TTL for generated records and negative caching.
	ttl = 513
	# Customers with dynamicly assigned subnets may register NS subnet delegations for their subnet or smaller.
	# The address preceding the mask defines the host bits of the address inside a delegation subnet that is allowed to request NS delegations. For example ::1/128 would mean 2a01:261:e77:5500::1 would be the only computer in network 2a01:261:e77:5500::/56 that is allowed to request NS delegations.
	# The default is ::/128 (single /128 IPv6 addresses are assigned to customers -- no subnet delegations).
	# This feature is safe against UDP IPv6 source address spoofing attacks.
	delegation = ::/56
	# Lease time for NS or PTR delegations. Set close to your DHCP lease time and try not to exceed the default of 2 days. This does not apply to static definitions.
	lease = 172790
}

# Another networks definition.
network
{
	networks = {2001:db8:f:100::/56, 2001:db8:f:200::/56, 2001:db8:900::/48}
	ns = {ptrdns1.example}
	suffix = suffixgenerator.net.example
}
/*
# Define suffixes that will generate AAAA records on the fly.
suffix
{
	# List of suffixes
	suffixes = {6ptr.sijanec.eu, ipv6.isp-provider.example}
	# The netmasks that this on-the-fly generator will accept.
	# By specifying ::/0 here you allow any network on the internet to use your suffix for PTRs.
	# ::/0 is the default.
	accept = {::/0}
	ns = {6ptr.sijanec.eu, 6slave.sijanec.org, 6slave.example}
	admin = 6@sijanec.eu
	# TTL for generated records and negative caching.
	ttl = 513
}

# Another suffixes definition, this time networks are specified, other IPv6 addresses will be NXDOMAIN.
suffix
{
	suffixes = {private-ipv6.net.example, private-ipv6.org.example}
	accept = {2001:db8:f:100::/56, 2001:db8:f:200::/56, 2001:db8:900::/48}
	ns = {locked-ns1.net.example}
}
*/
# Another one with large accept clauses.
suffix
{
	suffixes = {almost-public.example}
	accept = {8000::/1, 4000::/2, ::/2}
	ns = {weird-ns1.net.example}
}

############################# STATIC NS AND PTR RECORDS ###############################

# A static PTR entry for an IP address. You must configure the hostname to have the correct AAAA record yourself! The only required option is hostname.
ptr 2001:db8:d::1
{
	hostname = mail.example
	ttl = 513
}

# Another PTR definition
ptr 2001:db8:d::2
{
	hostname = mail-out2.example
}

# A static NS entry for some networks. Instead of on-the-fly generation, PTR queries will redirect clients to this NS. The only requirement is that ns list has a least one element.
ns
{
	networks = {2001:db8:d:1337::/64, 2001:db8:d:1338::/64}
	ns = {ns1.sijanec.org, ns2.sijanec.org}
	ttl = 513
}

# Another NS delegation.
ns
{
	networks = {2001:db8:8:1300::/56}
	ns = {ns1.kompot.example}
}

################################ IMPLEMENTATION NOTES ###################################

# Specifying overlapping networks in accept clauses of suffix declarations is not suggested. Only the smaller network of two overlapping networks will be accepted.
# Specifying overlapping networks in network clauses is also not suggested. The configuration of the larger network of the two overlapping networks will be used.
# Static records only make sense in networks you are authoritative for. Static records not inside a network will be silently ignored.