add example zone

diff --git a/.gitignore b/.gitignore
index 5515fc54a3896923eacf8c62633a59a50253f878..af452c8fb5168569452b8c04a6f5dad0d39969ef 100644 (file)
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
 __pycache__
-*ralfj.de*
+*.srl

diff --git a/db.example.com.py b/db.example.com.py
new file mode 100644 (file)
index 0000000..3187832
--- /dev/null
+++ b/db.example.com.py
@@ -0,0 +1,38 @@
+from zonemaker.zone import *
+
+# Our IP addresses; we have machine one and machine two.
+one4 = A("172.16.254.1") # for each record type, there's a corresponding class with the same name
+one6 = AAAA("2606:2800:220:6d:26bf:1447:1097:aa7")
+one  = [one4, one6] # collect all addresses of this machine
+two4 = A("172.16.254.2")
+two  = [two4] # collext all addresses of this machine
+# our mail servers
+mail = [MX('mx', 10)] # this is first server name, then priority (as in plain DNS, lower numbers denote higher priorities)
+
+# define a useful shorthand to store HTTPS keys via TLSA
+def HTTPS(key):
+    return TLSA(Protocol.TCP, 443, TLSA.Usage.EndEntity, TLSA.Selector.Full, TLSA.MatchingType.SHA256, key)
+
+# Now to the actual zone: the header part should be fairly self-explanatory.
+__zone__ = Zone('example.com.', serialfile = 'db.example.com.srl', mail = 'root@example.com.',
+    NS = ['ns', 'ns.example.org.'],
+    secondary_refresh = 6*hour, secondary_retry = 1*hour, secondary_expire = 7*day,
+    NX_TTL = 1*hour, A_TTL = 1*hour, other_TTL = 1*day,
+    # Here come the actual domains. Each takes records as argument, either individually or as lists.
+    domains = {
+        '.':            Name(one, mail), # this will all all records from the list "one" and the list "mail" to this name
+        'ns':           Name(one),
+        'ipv4.ns':      Name(one4), # just a single record
+        'ipv6.ns':      Name(one6),
+        'mx' :          Name(two), # mail is handled by machine two
+        'www':          Name(one, HTTPS('0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef')), # since this is python, we can define shorthands
+        'lists':        Name(one, mail, HTTPS('0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef')), # this domain can both receive mail, and publishes its HTTPS key
+        #
+        'jabber':       Name(SRV(Protocol.TCP, 'xmpp-client', 'jabber.example.org.', port = 5222, prio = 0, weight = 5),  # forward jabber clients to jabber.example.org
+                             SRV(Protocol.TCP, 'xmpp-server', 'jabber.example.org.', port = 5269, prio = 0, weight = 5)), # and similar for server-to-server connections
+        #
+        'orgstuff':     CName('example.org.'), # CNAMEs cannot be combined with other records
+        #
+        'sub1':         Delegation('ns.example.org.'), # this adds an NS record
+        'sub2':         SecureDelegation('ns.example.com.', 12345, Algorithm.RSA_SHA256, Digest.SHA256, '0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF'), # this adds an NS and a DS record
+    })