unbound sample config for RFC7706
nusenu
nusenu-lists at riseup.net
Fri Nov 30 13:23:00 UTC 2018
ѽ҉ᶬḳ℠ via Unbound-users:
> On 30.11.2018 11:59, nusenu wrote:
>> I did send an example unbound config for review to the DNSOP mailing list:
>> https://mailarchive.ietf.org/arch/msg/dnsop/KLJFVjgALzvjZY0F0aZjFhE60LQ
>>
Let's paste the sample config from above URL for convenience:
> auth-zone:
> name: "."
> master: "b.root-servers.net"
> master: "c.root-servers.net"
> master: "d.root-servers.net"
> master: "f.root-servers.net"
> master: "g.root-servers.net"
> master: "k.root-servers.net"
> fallback-enabled: yes
> for-downstream: no
> for-upstream: yes
> zonefile: "root.zone"
> The sample is using URL instead of ip addresses and thus have to be resolved
> first. Should not the relevant ip being stated instead?
This sample uses unbounds "master" directive with hostnames instead of IP addresses
with the following motivation/reasoning:
- it is unlikely that operators will update that config sample once they added it
- root server hostnames are expected to change less often (ever?) than their IP addresses
- unbound ships builtin hints data
Open question:
If a lot of operators deploy above sample, will b.root-servers.net have to handle most requests
or will unbound choose a random/the fastest server? (we should avoid putting all the load on one)
btw:
Unbound also supports zone transfer with the "url" config directive.
Using "url" you could fetch it from:
https://www.internic.net/domain/named.root
https://mailarchive.ietf.org/arch/msg/dnsop/2lp4TTS59RxkgEuN80VQrUPl9C8
--
https://twitter.com/nusenu_
https://mastodon.social/@nusenu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20181130/702a8888/attachment.bin>
More information about the Unbound-users
mailing list