{ config, dns, ... }:
with dns.lib.combinators;
let
  cfg = config.lab.networking;
in
{
  SOA = {
    nameServer = "ns";
    adminEmail = "hostmaster@geokunis2.nl";
    serial = 2024011401;
  };

  NS = [
    "ns.geokunis2.nl."
    "ns0.transip.net."
    "ns1.transip.nl."
    "ns2.transip.eu."
  ];

  MX = [ (mx.mx 10 "mail.geokunis2.nl.") ];

  A = [ cfg.public.ipv4.router ];
  AAAA = [ cfg.dmz.ipv6.dockerSwarm ];
  CAA = letsEncrypt "caa@geokunis2.nl";

  subdomains = {
    "*" = {
      A = [ cfg.public.ipv4.router ];
      AAAA = [ cfg.dmz.ipv6.dockerSwarm ];
    };

    ns = {
      A = [ cfg.public.ipv4.router ];
      AAAA = [ cfg.dmz.ipv6.services ];
    };

    ns1 = {
      A = [ cfg.public.ipv4.router ];
      AAAA = [ cfg.dmz.ipv6.services ];
    };

    ns2 = {
      A = [ cfg.public.ipv4.router ];
      AAAA = [ cfg.dmz.ipv6.services ];
    };

    # Override because we don't support IPv6 for KMS.
    kms = {
      A = [ cfg.public.ipv4.router ];
      AAAA = [ ];
    };

    wg = {
      A = [ cfg.public.ipv4.router ];
      AAAA = [ cfg.public.ipv6.router ];
    };

    wg4 = {
      A = [ cfg.public.ipv4.router ];
      AAAA = [ ];
    };

    wg6 = {
      A = [ ];
      AAAA = [ cfg.public.ipv6.router ];
    };
  };
}