root-hints as master for RFC7706

Anand Buddhdev anandb at
Fri Nov 30 10:50:24 UTC 2018

On 30/11/2018 11:37, ѽ҉ᶬḳ℠ via Unbound-users wrote:

> With hyperlocal (RFC7706) requiring the root zone DNS server ip addresses listed 
> as master in auth-zone and since this information is already provided (and 
> automatically updated) in root-hints would it not make sense to utilise it for 
> RFC7706 in auth-zone, something like?:
>> auth-zone:
>>     name: .
>>     master: path/to/root-hints
> This way whenever an ip in root-hints gets updated it is available for RFC7706 
> too. Of course I do not know whether parsing those ip from root-hint is feasible 
> and how much it would bloat the code and the ratio/cost of coding/testing effort 
> vs. actual user benefit/advantage.

No, this is a bad idea, for several reasons:

1. Not all the root servers provide zone transfer. It would be pointless
for unbound to add them to the list of masters, when XFR from several of
them will just fail continuously.

2. Even if this were implemented, it would only be useful for the root
zone. However, the "auth-zone" feature can work for any zone at any
level in the DNS tree. Therefore, adding code to look at the hints for
just the root zone is a very special case, and does not deserve the
extra code.


More information about the Unbound-users mailing list