Unbound stop root server lookup

Jan Komissar (jkomissa) jkomissa at cisco.com
Thu Sep 5 19:35:31 UTC 2019

Hi Daniel,

Since your forward-zone is configured correctly, it should work fine as long as you have access to the forward servers. I am not sure what you mean by allowing all outbound traffic on port 53 or not. You need to be able to send traffic to port 53 on the OpenDNS servers for this to work. I run with a forward-zone for "." all the time and have no problems with the default root servers.

Regarding root-hints: The reason they are called hints is that as long as you can get to any one of them, that one will tell you where the others are. In other words, having one is the same as having all, as long as that one is valid.

Good luck,


On 9/5/19, 3:13 PM, "Unbound-users on behalf of Guevara, Daniel via Unbound-users" <unbound-users-bounces at nlnetlabs.nl on behalf of unbound-users at nlnetlabs.nl> wrote:

    Hoping someone can help me understand the root.hints functionality. 
    From my previous email:
    "I was under the impression that I could create a custom root.hints. For example the one you linked has 13 root servers. I tried configuring it with only one of those root servers, allowing outbound access to that server, yet the startup time is still not as quick as when I allow all outbound access. This leads me to believe that it is still trying root servers I did not define? (This was only a test and I am not proposing to only use one root server)"
    Is there a way to do root server lookup on only the server specified (if it cannot be disabled completely)?

More information about the Unbound-users mailing list