Currently, the follow command is allowed.
set service dns forwarding domain 👋 name-server 1.2.3.4
We need to prevent this obviously :)
Note: For now, we can replicate the same constraint we have for authoritative-domain and apply it in domain. The regex constraint for the validation can be improved for both of them later on to comply with RFC5321 (255 character full length and 63 character fragment/label length).