first impementation of tests

Dockerfile

@@ -0,0 +1,16 @@
+FROM golang:alpine AS build
+
+WORKDIR /build
+
+COPY go.mod .
+COPY go.sum .
+COPY *.go ./
+
+RUN go build -o cool-dns .
+
+FROM alpine:latest
+WORKDIR /app
+
+COPY --from=build /build/cool-dns .
+
+ENTRYPOINT ["/app/cool-dns"]

README.md

@@ -23,10 +23,23 @@ acl:                        # List of ip filter rules
 - name: local
   cidr: 127.0.0.1/32
 
+tls:
+  enable: true              # Enable DNS over TLS
+  address: 0.0.0.0:8853     # What address and port to liste for tls connections
+  cert: cert.crt            # Path to the certificate file
+  key: private.key          # Path to the private key file
+
 forward:
   acl:                      # What IPs are allowed
     - vpn
   server: "8.8.8.8:53"      # DNS server to forward to
 
 address: 0.0.0.0:8053       # What address and port to listen on
+
+blacklist:                  # What domains to block when forwarding
+                            # URL of the blacklist
+  - url: https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt
+    format: host            # Format of the blacklist: Hostfile
+  - url: https://blocklistproject.github.io/Lists/alt-version/ads-nl.txt
+    format: line            # Format: One domain per line
 ```

blacklist.go

@@ -69,6 +69,7 @@ func getBlacklistFromURL(url string) (*string, error) {
 	return &bodyString, err
 }
 
+// parseRawBlacklist parse the raw string depending on the given format
 func parseRawBlacklist(blacklist configBlacklist, raw string) []string {
 	switch blacklist.Format {
 	case "host":
@@ -82,6 +83,7 @@ func parseRawBlacklist(blacklist configBlacklist, raw string) []string {
 	}
 }
 
+// parseHostFormat parse the string in the format of a hostfile
 func parseHostFormat(raw string) []string {
 	finalList := make([]string, 0)
 	reg := regexp.MustCompile(`(?mi)^\s*(#*)\s*(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\s+([a-zA-Z0-9\.\- ]+)$`)
@@ -95,6 +97,7 @@ func parseHostFormat(raw string) []string {
 	return finalList
 }
 
+// parseLineFormat one domain per line, ignore comments
 func parseLineFormat(raw string) []string {
 	list := make([]string, 0)
 
@@ -113,6 +116,7 @@ func handleBlockedDomain(w dns.ResponseWriter, r *dns.Msg) {
 	m := new(dns.Msg)
 	m.SetReply(r)
 	if q.Qtype == dns.TypeA {
+		// Respond with 0.0.0.0
 		m.Answer = append(m.Answer, &dns.A{
 			Hdr: dns.RR_Header{
 				Name:   q.Name,
@@ -123,6 +127,7 @@ func handleBlockedDomain(w dns.ResponseWriter, r *dns.Msg) {
 			A: nullIPv4,
 		})
 	} else if q.Qtype == dns.TypeAAAA {
+		// Respond with ::/0
 		m.Answer = append(m.Answer, &dns.AAAA{
 			Hdr: dns.RR_Header{
 				Name:   q.Name,

config.yml

@@ -22,8 +22,20 @@ forward:
 
 address: 0.0.0.0:8053
 
+tls:
+  enable: true
+  address: 0.0.0.0:8853
+  cert: cert.crt
+  key: private.key
+
 blacklist:
   - url: https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt
     format: host
   - url: https://blocklistproject.github.io/Lists/alt-version/ads-nl.txt
     format: line
+
+lego:
+  enable: true
+  address: :8080
+  username: lego
+  secret: "133742069ab"

coolDns.go

@@ -7,6 +7,7 @@ import (
 	"net"
 	"os"
 	"os/signal"
+	"path/filepath"
 	"strings"
 	"syscall"
 
@@ -23,12 +24,15 @@ type zoneMap map[string][]zoneView
 
 type rrMap map[uint16]map[string][]dns.RR
 
+// config format of the config file
 type config struct {
 	Zones     []configZone      `yaml:"zones"`
 	ACL       []configACL       `yaml:"acl"`
 	Forward   configForward     `yaml:"forward"`
 	Address   string            `yaml:"address"`
 	Blacklist []configBlacklist `yaml:"blacklist"`
+	TLS       configTLS         `yaml:"tls"`
+	Lego      configLego        `yaml:"lego"`
 }
 
 type configForward struct {
@@ -52,6 +56,14 @@ type configBlacklist struct {
 	Format string `yaml:"format"`
 }
 
+type configTLS struct {
+	Enable  bool   `yaml:"enable"`
+	Address string `yaml:"address"`
+	Cert    string `yaml:"cert"`
+	Key     string `yaml:"key"`
+}
+
+// All record types to send when a ANY request is send
 var anyRecordTypes = []uint16{
 	dns.TypeSOA,
 	dns.TypeA,
@@ -64,6 +76,47 @@ var anyRecordTypes = []uint16{
 	dns.TypeCAA,
 }
 
+func start(configPath string) {
+	config, err := loadConfig(configPath)
+	if err != nil {
+		log.Fatalf("Failed to load config: %s\n", err.Error())
+	}
+
+	err = os.Chdir(filepath.Dir(configPath))
+	if err != nil {
+		log.Fatalf("Failed to goto config dir: %s", err.Error())
+	}
+
+	zones, err := loadZones(config.Zones)
+	if err != nil {
+		log.Fatalf("Failed to load zones: %s\n", err.Error())
+	}
+
+	aclList, err := createACLList(config.ACL)
+	if err != nil {
+		log.Fatalf("Failed to parse ACL rules: %s\n", err.Error())
+	}
+
+	blacklist := loadBlacklist(config.Blacklist)
+
+	var acmeMap *legoMap
+	if config.Lego.Enable {
+		acmeMap = startLEGOWebSever(config.Lego)
+	}
+
+	server := createServer(zones, *config, aclList, blacklist, acmeMap)
+
+	listenAndServer(server, config.Address)
+
+	if config.TLS.Enable {
+		listenAndServerTLS(server, config.TLS.Address, config.TLS.Cert, config.TLS.Key)
+
+		log.Printf("Start listening on tcp %s for tls", config.TLS.Address)
+	}
+
+	log.Printf("Start listening on udp %s and tcp %s\n", config.Address, config.Address)
+}
+
 func loadConfig(configPath string) (*config, error) {
 	file, err := ioutil.ReadFile(configPath)
 	if err != nil {
@@ -101,6 +154,7 @@ func loadZones(configZones []configZone) (zoneMap, error) {
 	return zones, nil
 }
 
+// createRRMap order the rr into a structure that is more easy to use
 func createRRMap(rrs []dns.RR) rrMap {
 	rrMap := make(rrMap)
 	for _, rr := range rrs {
@@ -139,6 +193,7 @@ func loadZonefile(filepath, origin string) ([]dns.RR, error) {
 	return rrs, nil
 }
 
+// createACLList create a map with the CIDR and the name of the rule
 func createACLList(config []configACL) (map[string]*net.IPNet, error) {
 	acls := make(map[string]*net.IPNet)
 
@@ -155,10 +210,12 @@ func createACLList(config []configACL) (map[string]*net.IPNet, error) {
 	return acls, nil
 }
 
-func createServer(zones zoneMap, config config, aclList map[string]*net.IPNet, blacklist map[string]bool) *dns.ServeMux {
+// createServer creates a new serve mux. Adds all the logic to handle the request
+func createServer(zones zoneMap, config config, aclList map[string]*net.IPNet, blacklist map[string]bool, acmeList *legoMap) *dns.ServeMux {
 	srv := dns.NewServeMux()
 	c := new(dns.Client)
 
+	// For all zones set from the config
 	for zoneName, zones := range zones {
 		srv.HandleFunc(zoneName, func(w dns.ResponseWriter, r *dns.Msg) {
 
@@ -170,6 +227,11 @@ func createServer(zones zoneMap, config config, aclList map[string]*net.IPNet, b
 				return
 			}
 
+			// Check if it is a ACME DNS-01 challange
+			if handleACMERequest(w, r, acmeList) {
+				return
+			}
+
 			// find out what view to handle the request
 			zoneIndex := -1
 
@@ -179,6 +241,7 @@ func createServer(zones zoneMap, config config, aclList map[string]*net.IPNet, b
 				}
 			}
 
+			// No view found that can handle the request
 			if zoneIndex == -1 {
 				rcodeRequest(w, r, dns.RcodeRefused)
 				return
@@ -188,8 +251,10 @@ func createServer(zones zoneMap, config config, aclList map[string]*net.IPNet, b
 		})
 	}
 
-	// Handle any other request
+	// Handle any other request for forwarding
 	srv.HandleFunc(".", func(w dns.ResponseWriter, r *dns.Msg) {
+
+		// Parse IP
 		remoteIP, _, err := net.SplitHostPort(w.RemoteAddr().String())
 		ip := net.ParseIP(remoteIP)
 
@@ -198,12 +263,18 @@ func createServer(zones zoneMap, config config, aclList map[string]*net.IPNet, b
 			return
 		}
 
+		// Check if it is a ACME DNS-01 challange
+		if handleACMERequest(w, r, acmeList) {
+			return
+		}
+
 		// Check ACL rules
 		if !checkACL(config.Forward.ACL, aclList, ip) {
 			rcodeRequest(w, r, dns.RcodeRefused)
 			return
 		}
 
+		// Check if the domain is bocked
 		if _, ok := blacklist[r.Question[0].Name]; ok {
 			handleBlockedDomain(w, r)
 		} else {
@@ -214,21 +285,23 @@ func createServer(zones zoneMap, config config, aclList map[string]*net.IPNet, b
 				rcodeRequest(w, r, dns.RcodeServerFailure)
 				return
 			}
+
 			w.WriteMsg(in)
 		}
-
 	})
 
 	return srv
 }
 
 func listenAndServer(server *dns.ServeMux, address string) {
+	// Start UDP listner
 	go func() {
 		if err := dns.ListenAndServe(address, "udp", server); err != nil {
 			log.Fatalf("Failed to set udp listener %s\n", err.Error())
 		}
 	}()
 
+	// Start TCP listner
 	go func() {
 		if err := dns.ListenAndServe(address, "tcp", server); err != nil {
 			log.Fatalf("Failed to set tcp listener %s\n", err.Error())
@@ -236,6 +309,15 @@ func listenAndServer(server *dns.ServeMux, address string) {
 	}()
 }
 
+func listenAndServerTLS(server *dns.ServeMux, address, cert, key string) {
+	// Start TLS listner
+	go func() {
+		if err := dns.ListenAndServeTLS(address, cert, key, server); err != nil {
+			log.Fatalf("Failed to set DoT listener %s", err.Error())
+		}
+	}()
+}
+
 func checkACL(alcRules []string, aclList map[string]*net.IPNet, ip net.IP) bool {
 	if len(alcRules) != 0 {
 		passed := false
@@ -250,6 +332,7 @@ func checkACL(alcRules []string, aclList map[string]*net.IPNet, ip net.IP) bool
 	return true
 }
 
+// rcodeRequest respond to a request with a response code
 func rcodeRequest(w dns.ResponseWriter, r *dns.Msg, rcode int) {
 	m := new(dns.Msg)
 	m.SetReply(r)
@@ -257,74 +340,83 @@ func rcodeRequest(w dns.ResponseWriter, r *dns.Msg, rcode int) {
 	w.WriteMsg(m)
 }
 
+// handleRequest find the right RR(s) in the view and send them back
 func handleRequest(w dns.ResponseWriter, r *dns.Msg, zone zoneView) {
 	m := new(dns.Msg)
 	m.SetReply(r)
 	m.Authoritative = true
 
-	// maybe only support one question per query like most servers do it ???
-	for _, q := range r.Question {
-		rrs := zone.rr[q.Qtype]
+	// Only support one question per query because all the other server also does that
+	if len(r.Question) != 1 {
+		rcodeRequest(w, r, dns.RcodeServerFailure)
+	}
 
-		// Handle ANY
-		if q.Qtype == dns.TypeANY {
-			for _, rrType := range anyRecordTypes {
-				m.Answer = append(m.Answer, zone.rr[rrType][q.Name]...)
-			}
-		} else {
-			// Handle any other type
-			m.Answer = append(m.Answer, rrs[q.Name]...)
+	q := r.Question[0]
 
-			// Check for wildcard
-			if len(m.Answer) == 0 {
-				parts := dns.SplitDomainName(q.Name)[1:]
-				searchDomain := "*." + dns.Fqdn(strings.Join(parts, "."))
-				foundDomain := rrs[searchDomain]
-				for _, rr := range foundDomain {
-					newRR := rr
-					newRR.Header().Name = q.Name
-					m.Answer = append(m.Answer, newRR)
-				}
+	rrs := zone.rr[q.Qtype]
+
+	// Handle ANY
+	if q.Qtype == dns.TypeANY {
+		for _, rrType := range anyRecordTypes {
+			m.Answer = append(m.Answer, zone.rr[rrType][q.Name]...)
+		}
+	} else {
+		// Handle any other type
+		m.Answer = append(m.Answer, rrs[q.Name]...)
+
+		// Check for wildcard
+		if len(m.Answer) == 0 {
+			parts := dns.SplitDomainName(q.Name)[1:]
+			searchDomain := "*." + dns.Fqdn(strings.Join(parts, "."))
+			foundDomain := rrs[searchDomain]
+			for _, rr := range foundDomain {
+				newRR := rr
+				newRR.Header().Name = q.Name
+				m.Answer = append(m.Answer, newRR)
 			}
 		}
+	}
 
-		// Handle extras
-		switch q.Qtype {
-		// Dont handle extra stuff when answering ANY request
-		// case dns.TypeANY:
-		// 	fallthrough
-		case dns.TypeMX:
-			// Resolve MX domains
-			for _, mxRR := range m.Answer {
-				if t, ok := mxRR.(*dns.MX); ok {
-					m.Extra = append(m.Extra, zone.rr[dns.TypeA][t.Mx]...)
-					m.Extra = append(m.Extra, zone.rr[dns.TypeAAAA][t.Mx]...)
-				}
+	// Handle extras
+	switch q.Qtype {
+	// Dont handle extra stuff when answering ANY request
+	// case dns.TypeANY:
+	// 	fallthrough
+	case dns.TypeMX:
+		// Resolve MX domains
+		for _, mxRR := range m.Answer {
+			if t, ok := mxRR.(*dns.MX); ok {
+				m.Extra = append(m.Extra, zone.rr[dns.TypeA][t.Mx]...)
+				m.Extra = append(m.Extra, zone.rr[dns.TypeAAAA][t.Mx]...)
 			}
-		case dns.TypeA, dns.TypeAAAA:
-			if len(m.Answer) == 0 {
-				// no A or AAAA found. Look for CNAME
-				m.Answer = append(m.Answer, zone.rr[dns.TypeCNAME][q.Name]...)
-				if len(m.Answer) != 0 {
-					// Resolve CNAME
-					for _, nameRR := range m.Answer {
-						if t, ok := nameRR.(*dns.CNAME); ok {
-							m.Answer = append(m.Answer, zone.rr[q.Qtype][t.Target]...)
-						}
+		}
+	case dns.TypeA, dns.TypeAAAA:
+		if len(m.Answer) == 0 {
+			// no A or AAAA found. Look for CNAME
+			m.Answer = append(m.Answer, zone.rr[dns.TypeCNAME][q.Name]...)
+			if len(m.Answer) != 0 {
+				// Resolve CNAME
+				for _, nameRR := range m.Answer {
+					if t, ok := nameRR.(*dns.CNAME); ok {
+						m.Answer = append(m.Answer, zone.rr[q.Qtype][t.Target]...)
 					}
 				}
 			}
-		case dns.TypeNS:
-			// Resove NS records
-			for _, nsRR := range m.Answer {
-				if t, ok := nsRR.(*dns.NS); ok {
-					m.Extra = append(m.Extra, zone.rr[dns.TypeA][t.Ns]...)
-					m.Extra = append(m.Extra, zone.rr[dns.TypeAAAA][t.Ns]...)
-				}
+		}
+	case dns.TypeNS:
+		// Resove NS records
+		for _, nsRR := range m.Answer {
+			if t, ok := nsRR.(*dns.NS); ok {
+				m.Extra = append(m.Extra, zone.rr[dns.TypeA][t.Ns]...)
+				m.Extra = append(m.Extra, zone.rr[dns.TypeAAAA][t.Ns]...)
 			}
 		}
 	}
 
+	if len(m.Answer) == 0 {
+		m.SetRcode(m, dns.RcodeNameError)
+	}
+
 	w.WriteMsg(m)
 }
 
@@ -333,28 +425,7 @@ func main() {
 	configPath := flag.String("c", "/etc/cool-dns/config.yaml", "path to the config file")
 	flag.Parse()
 
-	config, err := loadConfig(*configPath)
-	if err != nil {
-		log.Fatalf("Failed to load config: %s\n", err.Error())
-	}
-
-	zones, err := loadZones(config.Zones)
-	if err != nil {
-		log.Fatalf("Failed to load zones: %s\n", err.Error())
-	}
-
-	aclList, err := createACLList(config.ACL)
-	if err != nil {
-		log.Fatalf("Failed to parse ACL rules: %s\n", err.Error())
-	}
-
-	blacklist := loadBlacklist(config.Blacklist)
-
-	server := createServer(zones, *config, aclList, blacklist)
-
-	listenAndServer(server, config.Address)
-
-	log.Printf("Start listening on udp %s and tcp %s\n", config.Address, config.Address)
+	start(*configPath)
 
 	sig := make(chan os.Signal)
 	signal.Notify(sig, syscall.SIGINT, syscall.SIGTERM)

docker-compose.yml

@@ -0,0 +1,11 @@
+version: "3"
+services:
+  cool-dns:
+    build: .
+    ports:
+      - "53:53"
+      - "53:53/udp"
+      - "853:853"
+      - "80:80"
+    volumes:
+      - ./docker:/etc/cool-dns/

lego.go

@@ -0,0 +1,118 @@
+package main
+
+import (
+	"encoding/json"
+	"log"
+	"net/http"
+
+	"github.com/miekg/dns"
+)
+
+// See https://go-acme.github.io/lego/dns/httpreq/
+
+type configLego struct {
+	Enable   bool   `yaml:"enable"`
+	Address  string `yaml:"address"`
+	Username string `yaml:"username"`
+	Secret   string `yaml:"secret"`
+}
+
+type legoPresent struct {
+	Fqdn  string `json:"fqdn"`
+	Value string `json:"value"`
+}
+
+type legoMap map[string]string
+
+func startLEGOWebSever(config configLego) *legoMap {
+	mux := http.NewServeMux()
+
+	acmeMap := make(legoMap)
+
+	mux.HandleFunc("/present", func(rw http.ResponseWriter, r *http.Request) {
+
+		if !checkBasicAuth(r, config) {
+			rw.WriteHeader(http.StatusUnauthorized)
+			return
+		}
+
+		var presentData legoPresent
+		err := json.NewDecoder(r.Body).Decode(&presentData)
+		defer r.Body.Close()
+
+		if err != nil {
+			log.Printf("Failed to parse request for ACME: %s", err.Error())
+		}
+
+		acmeMap[presentData.Fqdn] = presentData.Value
+
+		rw.WriteHeader(http.StatusOK)
+	})
+
+	mux.HandleFunc("/cleanup", func(rw http.ResponseWriter, r *http.Request) {
+		if !checkBasicAuth(r, config) {
+			rw.WriteHeader(http.StatusUnauthorized)
+			return
+		}
+
+		for k := range acmeMap {
+			delete(acmeMap, k)
+		}
+
+		rw.WriteHeader(http.StatusOK)
+	})
+
+	go func() {
+		if err := http.ListenAndServe(config.Address, mux); err != nil {
+			log.Fatalf("Failed to start Webserver for LEGO: %s\n", err.Error())
+		}
+	}()
+
+	log.Printf("Startet webserver on %s", config.Address)
+
+	return &acmeMap
+}
+
+func checkBasicAuth(r *http.Request, config configLego) bool {
+	if config.Username != "" && config.Secret != "" {
+		u, p, ok := r.BasicAuth()
+		if !ok {
+			return false
+		}
+
+		if u == config.Username && p == config.Secret {
+			return true
+		}
+
+		log.Printf("Failed lego authentication")
+
+		return false
+	}
+	return true
+}
+
+func handleACMERequest(w dns.ResponseWriter, r *dns.Msg, acmeMap *legoMap) bool {
+	if len(r.Question) == 1 {
+		if r.Question[0].Qtype == dns.TypeTXT && r.Question[0].Qclass == dns.ClassINET {
+			if value, ok := (*acmeMap)[r.Question[0].Name]; ok {
+				m := new(dns.Msg)
+				m.SetReply(r)
+
+				m.Answer = append(m.Answer, &dns.TXT{
+					Hdr: dns.RR_Header{
+						Name:   r.Question[0].Name,
+						Rrtype: dns.TypeTXT,
+						Class:  dns.ClassINET,
+						Ttl:    0,
+					},
+					Txt: []string{value},
+				})
+
+				w.WriteMsg(m)
+				return true
+			}
+		}
+	}
+
+	return false
+}

rr_test.go

@@ -0,0 +1,91 @@
+package main
+
+import (
+	"net"
+	"testing"
+
+	"github.com/miekg/dns"
+)
+
+func init() {
+	start("test/rrConfig.yaml")
+}
+
+// Helper
+
+func request(name string, rrType uint16) (*dns.Msg, error) {
+	m := new(dns.Msg)
+	m.SetQuestion(dns.Fqdn(name), rrType)
+	return dns.Exchange(m, "127.0.0.1:8053")
+}
+
+func containsA(haystack []dns.RR, name, ip string) bool {
+	searchIP := net.ParseIP(ip)
+	for _, v := range haystack {
+		if v.Header().Name == dns.Fqdn(name) && v.Header().Rrtype == dns.TypeA {
+			if t, ok := v.(*dns.A); ok {
+				if t.A.Equal(searchIP) {
+					return true
+				}
+			}
+		}
+	}
+
+	return false
+}
+
+func containsAAAA(haystack []dns.RR, name, ip string) bool {
+	searchIP := net.ParseIP(ip)
+	for _, v := range haystack {
+		if v.Header().Name == dns.Fqdn(name) && v.Header().Rrtype == dns.TypeAAAA {
+			if t, ok := v.(*dns.AAAA); ok {
+				if t.AAAA.Equal(searchIP) {
+					return true
+				}
+			}
+		}
+	}
+
+	return false
+}
+
+func TestNormalA(t *testing.T) {
+	res, err := request("example.com", dns.TypeA)
+	if err != nil {
+		t.Error(err)
+	}
+
+	if !containsA(res.Answer, "example.com", "1.2.3.1") || !containsA(res.Answer, "example.com", "1.2.3.2") {
+		t.FailNow()
+	}
+}
+
+func TestNormalAAAA(t *testing.T) {
+	res, err := request("example.com", dns.TypeAAAA)
+	if err != nil {
+		t.Error(err)
+	}
+
+	if !containsAAAA(res.Answer, "example.com", "2001:db8:10::1") {
+		t.FailNow()
+	}
+}
+
+func TestNormalSOA(t *testing.T) {
+	res, err := request("example.com", dns.TypeSOA)
+	if err != nil {
+		t.Error(err)
+	}
+
+	if len(res.Answer) != 1 {
+		t.Fatalf("Should only be 1 SOA got %d", len(res.Answer))
+	}
+
+	if soa, ok := res.Answer[0].(*dns.SOA); ok {
+		if soa.Ns != "ns.example.com." {
+			t.Fatal("Wrong SOA rr")
+		}
+	} else {
+		t.Fatal("Answer is not a SOA rr")
+	}
+}

test/rrConfig.yaml

@@ -0,0 +1,5 @@
+zones:
+- zone: example.com.
+  file: zonefile.txt
+
+address: 0.0.0.0:8053

test/zonefile.txt

@@ -0,0 +1,20 @@
+$ORIGIN example.com.     
+$TTL 3600               
+example.com.  IN  SOA   ns.example.com. username.example.com. ( 2020091025 7200 3600 1209600 3600 )
+example.com.  IN  NS    ns                    
+example.com.  IN  NS    ns.somewhere.example. 
+example.com.  IN  MX    10 mail.example.com.  
+@             IN  MX    20 mail2.example.com. 
+@             IN  MX    50 mail3              
+example.com.  IN  A     1.2.3.1             
+example.com.  IN  A     1.2.3.2
+              IN  AAAA  2001:db8:10::1        
+ns            IN  A     1.2.3.3
+              IN  AAAA  2001:db8:10::2        
+www           IN  CNAME example.com.          
+wwwtest       IN  CNAME www                   
+mail          IN  A     1.2.3.4
+mail2         IN  A     1.2.3.5
+mail3         IN  A     1.2.3.6
+*.www         IN  A     1.2.3.7
+a.www         IN  A     1.2.3.8

zonefile.txt

@@ -1,20 +0,0 @@
-$ORIGIN example.com.     ; designates the start of this zone file in the namespace
-$TTL 3600                ; default expiration time (in seconds) of all RRs without their own TTL value
-example.com.  IN  SOA   ns.example.com. username.example.com. ( 2020091025 7200 3600 1209600 3600 )
-example.com.  IN  NS    ns                    ; ns.example.com is a nameserver for example.com
-example.com.  IN  NS    ns.somewhere.example. ; ns.somewhere.example is a backup nameserver for example.com
-example.com.  IN  MX    10 mail.example.com.  ; mail.example.com is the mailserver for example.com
-@             IN  MX    20 mail2.example.com. ; equivalent to above line, "@" represents zone origin
-@             IN  MX    50 mail3              ; equivalent to above line, but using a relative host name
-example.com.  IN  A     192.0.2.1             ; IPv4 address for example.com
-example.com.  IN  A     192.0.3.1             ; IPv4 address for example.com
-              IN  AAAA  2001:db8:10::1        ; IPv6 address for example.com
-ns            IN  A     192.0.2.2             ; IPv4 address for ns.example.com
-              IN  AAAA  2001:db8:10::2        ; IPv6 address for ns.example.com
-www           IN  CNAME example.com.          ; www.example.com is an alias for example.com
-wwwtest       IN  CNAME www                   ; wwwtest.example.com is another alias for www.example.com
-mail          IN  A     192.0.2.3             ; IPv4 address for mail.example.com
-mail2         IN  A     192.0.2.4             ; IPv4 address for mail2.example.com
-mail3         IN  A     192.0.2.5             ; IPv4 address for mail3.example.com
-*.www         IN  A     192.1.0.1
-a.www         IN  A     192.1.0.11