unbound sample config for RFC7706

nusenu nusenu-lists at riseup.net
Fri Nov 30 10:59:00 UTC 2018

ѽ҉ᶬḳ℠ via Unbound-users:
> With hyperlocal (RFC7706) requiring the root zone DNS server ip addresses listed 

please don't use the term "hyperlocal" (reasoning: Paul Hoffman - RFC7706bis author -
asked for not using it in the RFC7706 context at the last IETF103 DNSOP see the Q&A section of his
presentation https://www.youtube.com/watch?v=g0Sz7gziUW0&feature=youtu.be&t=5015 )

> as master in auth-zone and since this information is already provided (and 
> automatically updated) in root-hints would it not make sense to utilise it for 
> RFC7706 in auth-zone, something like?:
>> auth-zone:
>>     name: .
>>     master: path/to/root-hints

not all root servers allow zone transfers so you don't 
want to list them all as masters.

I did send an example unbound config for review to the DNSOP mailing list:



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20181130/5433fb80/attachment.bin>

More information about the Unbound-users mailing list