<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
On 30.11.2018 11:50, Anand Buddhdev via Unbound-users wrote:<br>
<blockquote type="cite"
cite="mid:bc12db19-c4c6-40db-1bbf-e015b5b8984d@ripe.net">
<pre class="moz-quote-pre" wrap="">On 30/11/2018 11:37, ѽ҉ᶬḳ℠ via Unbound-users wrote:
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">With hyperlocal (RFC7706) requiring the root zone DNS server ip addresses listed
as master in auth-zone and since this information is already provided (and
automatically updated) in root-hints would it not make sense to utilise it for
RFC7706 in auth-zone, something like?:
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">auth-zone:
name: .
master: path/to/root-hints
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
This way whenever an ip in root-hints gets updated it is available for RFC7706
too. Of course I do not know whether parsing those ip from root-hint is feasible
and how much it would bloat the code and the ratio/cost of coding/testing effort
vs. actual user benefit/advantage.
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
No, this is a bad idea, for several reasons:
1. Not all the root servers provide zone transfer. It would be pointless
for unbound to add them to the list of masters, when XFR from several of
them will just fail continuously.</pre>
</blockquote>
<br>
To my understanding (<a class="moz-txt-link-freetext" href="http://www.dns.icann.org/services/axfr/">http://www.dns.icann.org/services/axfr/</a>) all
servers do permit zone transfer except l.root-servers.net <br>
Thus continuous fail from several does not seem likely.<br>
<br>
</body>
</html>