Adding root servers as local secondary zone to local caching server

Charles Sharp charles at cocosolutions.com
Wed Sep 1 14:44:51 UTC 2021


Thanks Chriztoffer!

Sorry, got busy and just now coming back to this...

So, one thing you didn't answer was - is this even a good idea?

It sounds great in theory, but sometimes reality works out very differently.

I'm specifically wondering about performance and resource usage.

E.g., would Unbound need the entire zone to be fully loaded into RAM? If
so, how much RAM would be needed?

Thanks again for the links for how to do this!

Charles


On 5/21/2021 10:33 AM, Chriztoffer Hansen wrote
> On Fri, 21 May 2021 at 15:27, Charles Sharp via Unbound-users
> <unbound-users at lists.nlnetlabs.nl> wrote:
>>> wait a bit for the zone transfers to take place and then have a look
>>> at the zones, using such a config your DNS will basically act as a
>>> "slave root" DNS that is, will keep a copy of the forward and
>>> reverse root zones
>> So... will this actually work as it appears, and if so, is it a good idea?
>>
>> Also - is it possible to do the same thing in Unbound, and if so, how?
> Sure it is possible!
>
> What you are asking is AXFR transfer of the root zone file. A select
> number of the root servers support AXFR zone transfer with your local
> DNS server setup with a read-only copy (stub node).
>
> https://github.com/NLnetLabs/unbound/blob/master/doc/example.conf.in#L1002-L1031
> https://www.isc.org/docs/Apricot2017.pdf
> https://datatracker.ietf.org/doc/html/rfc7706#appendix-B
> https://datatracker.ietf.org/doc/html/rfc8806#appendix-B
>
> Another way to go about it is by downloading the root.hints file from
> internic.net using a local cron job instead of AXFR zone transfer.
>
> https://www.internic.net/domain/named.cache
> https://wiki.archlinux.org/title/Unbound#Root_hints
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20210901/07601f47/attachment.htm>


More information about the Unbound-users mailing list