{ dns, ... }:
let
  owner = {
    username = "satr14washere";
    email = "admin@satr14.my.id";
  };
  proxy = false;
in
with dns.lib.combinators;
{
  A = [
    {
      address = "203.0.113.1";
      ttl = 60 * 60;
    }
    "203.0.113.2"
    (ttl (60 * 60) (a "203.0.113.3"))
  ];

  AAAA = [
    "4321:0:1:2:3:4:567:89ab"
  ];

  MX = mx.google;

  TXT = [
    (
      with spf;
      strict [
        "a:mail.example.com"
        google
      ]
    )
  ];

  DMARC = [ (dmarc.postmarkapp "mailto:re+abcdefghijk@dmarc.postmarkapp.com") ];

  CAA = letsEncrypt "admin@example.com";

  SRV = [
    {
      service = "sip";
      proto = "tcp";
      port = 5060;
      target = "sip.example.com";
    }
  ];

  SSHFP = [
    {
      algorithm = "ed25519";
      fingerprintType = "sha256";
      fingerprint = "899EB4AC9285578AFDA3CCBE152EE78D8618B8F3862FEF2703E1FC7011E9B8AA";
    }
  ];
  OPENPGPKEY = [
    "very long base64 text"
  ];
  HTTPS = [
    {
      svcPriority = 1;
      targetName = ".";
      alpn = [
        "http/1.1"
        "h2"
        "h3"
      ];
      ipv4hint = [
        "203.0.113.1"
        "203.0.113.2"
        "203.0.113.3"
      ];
      ipv6hint = [ "4321:0:1:2:3:4:567:89ab" ];
    }
  ];
  TLSA = [
    {
      certUsage = "dane-ee";
      selector = "spki";
      matchingType = "sha256";
      certificate = "899EB4AC9285578AFDA3CCBE152EE78D8618B8F3862FEF2703E1FC7011E9B8AA";
    }
  ];

  subdomains = rec {
    www.A = [ "203.0.113.4" ];
    www2 = host "203.0.113.5" "4321:0:1:2:3:4:567:89bb";
    www3 = host "203.0.113.6" null;
    www4 = www3;

    staging = delegateTo [
      "ns1.another.com."
      "ns2.another.com."
    ];

    foo.subdomains.www.CNAME = [ "foo.test.com." ];
  };
}