Adding root servers as local secondary zone to local caching server
Chriztoffer Hansen
ch at ntrv.dk
Fri May 21 14:33:57 UTC 2021
On Fri, 21 May 2021 at 15:27, Charles Sharp via Unbound-users
<unbound-users at lists.nlnetlabs.nl> wrote:
> > wait a bit for the zone transfers to take place and then have a look
> > at the zones, using such a config your DNS will basically act as a
> > "slave root" DNS that is, will keep a copy of the forward and
> > reverse root zones
>
> So... will this actually work as it appears, and if so, is it a good idea?
>
> Also - is it possible to do the same thing in Unbound, and if so, how?
Sure it is possible!
What you are asking is AXFR transfer of the root zone file. A select
number of the root servers support AXFR zone transfer with your local
DNS server setup with a read-only copy (stub node).
https://github.com/NLnetLabs/unbound/blob/master/doc/example.conf.in#L1002-L1031
https://www.isc.org/docs/Apricot2017.pdf
https://datatracker.ietf.org/doc/html/rfc7706#appendix-B
https://datatracker.ietf.org/doc/html/rfc8806#appendix-B
Another way to go about it is by downloading the root.hints file from
internic.net using a local cron job instead of AXFR zone transfer.
https://www.internic.net/domain/named.cache
https://wiki.archlinux.org/title/Unbound#Root_hints
--
Chriztoffer
More information about the Unbound-users
mailing list