forked from stealth/qdns
-
Notifications
You must be signed in to change notification settings - Fork 0
/
test.zone
76 lines (54 loc) · 2.31 KB
/
test.zone
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
; only IN class is honored (IN is case sensitive)
; comments are like this, separators are space(s) or tab(s)
; there are two types of RR's. Normal (matching) ones that specify a RR
; and link-RR starting with a '@' to indicate to which already existing
; RR this record is linked to as an additional answer. Only normal RR's
; are used for matching queries. link-RR's are _only_ used for chaining
; into existing matching-RR's. The RR that follows next-line to an @ RR
; is interpreated as the additional record.
; some funny rules
; name TTL IN type IP/dname
;
;
bsi.bund.de 1234 IN A 213.73.89.123 ; a IPv4 record
ccc.de 123 IN NS foo
; to save client from additional lookup, provide an AAAA RR
; along with the NS RR by linking the following AAAA RR to the matching NS RR
; from above:
@ccc.de NS
foo 789 IN AAAA ::123 ; a IPv6 record
@ccc.de NS
bar 123 IN A 1.2.3.4
; some rules for the community and more ranting vs. ranting:
mail.oxff.net 3600 IN A 46.4.99.131
grsecurity.net 3600 IN A 173.10.160.233
; Above mail.oxff.net RR is also answered by queries for it. Now also link
; it to grsecurity.net's MX:
grsecurity.net 3600 IN MX mail.oxff.net
@grsecurity.net MX
mail.oxff.net 3600 IN A 46.4.99.131
kernel.org 7350 IN A 173.10.160.233
@kernel.org A
kernel.org 7350 IN CNAME grsecurity.net ; nobody would ask for a CNAME, so an A RR is required
@kernel.org A
grsecurity.net 7350 IN A 173.10.160.233
; demonstrate DNS rebind attack or load-balancing; for rebind the TTL should be shorter though
kernel.org 7350 IN A 127.0.0.1
@kernel.org A
yolo 1234 IN CNAME yala
_ldap._tcp.foo 1234 IN SRV ldap:389
@_ldap._tcp.foo SRV
ldap 1234 IN A 1.2.3.4
; TTL 1 is special and means only one reply per seen client source
; in order to demonstrate quantum-insert capability via DNS run
; acid.pl on 192.168.0.253:80
; due to a TTL of 1, it will expire in the resolver cache soon and the next lookup
; will reach its legit destination
*google.com 1 IN a 192.168.0.253 ; a wildcard match for this domain
; [forward] is a special name that pops in when nothing else matches
; it is a simplified SOA record with fixed serial number and min values
; afer linking in a SOA, you must not link in more RR's
[forward] 1234 IN SOA ns.google.com ; SOA records for NXDOMAIN
@[forward] SOA
ns.google.com 1234 IN A 8.8.8.8
; end