Adding root servers as local secondary zone to local caching server

Mark Abram marek.w.abram at gmail.com
Thu Sep 2 21:01:36 UTC 2021 

      
This is an interesting thread. If I understand it correctly, with the following changes to unbound.conf
  
​
  
​auth-zone:
  
  
 name:     "."
  
 primary: 198.41.0.4     # a.root-servers.net
  
 primary: 199.9.14.201     # b.root-servers.net
  
 primary: 192.33.4.12     # c.root-servers.net
  
 primary: 199.7.91.13     # d.root-servers.net
  
 primary: 192.203.230.10     # e.root-servers.net
  
 primary: 192.5.5.241     # f.root-servers.net
  
 primary: 192.112.36.4     # g.root-servers.net
  
 primary: 198.97.190.53     # h.root-servers.net
  
 primary: 192.36.148.17     # i.root-servers.net
  
 primary: 192.58.128.30     # j.root-servers.net
  
 primary: 193.0.14.129     # k.root-servers.net
  
 primary: 199.7.83.42     # l.root-servers.net
  
 primary: 202.12.27.33     # m.root-servers.net
  
 primary: 192.0.47.132     # xfr.cjr.dns.icann.org
  
 primary: 192.0.32.132     # xfr.lax.dns.icann.org
  
 fallback-enabled: yes
  
 for-downstream: no
  
 for-upstream: yes
  
  
​
  
  
and commenting out the root-hints, Unbound can cache the root servers in memory and perform   AXFR transfer for the root zone.
  
​
  
​#root-hints: "/opt/var/lib/unbound/root.hints"
  
  
On Sep 2 2021, at 8:18 AM, Chriztoffer Hansen via Unbound-users  <unbound-users at lists.nlnetlabs.nl>  wrote:
  
>   
>   
> On Thu, 2 Sept 2021 at 15:27, Charles Sharp via Unbound-users
>   
> <unbound-users at lists.nlnetlabs.nl>  wrote:
>   
> >  Do most of you use the root hints or forwarders?
>   
>   
> Tried both. Now using forwarders.
>   
>   
> >  I currently use the following, in order:
>   
> >
>   
> >  1.1.1.1
>   
> >  9.9.9.9
>   
> >  8.8.8.8
>   
>   
> No IPv6? Or not on a dual-stacked endpoint?
>   
>   
> Joke questions aside, my own upstream is reasonably well-connected.
>   
> Has had configured the local dns forwarder to use root hints in the
>   
> past. Compared to using the "big cdn forwarders" the user experience
>   
> *perceived* is 99 % non-existent if the avg. lookup time is low.
>   
>   
> If configuring the local resolver to cache all lookups for a reasonbly
>   
> minimum amount of time (e.g. 5 - 60 min). Only the user doing the
>   
> lookup when the cache entry is cold will (maybe) notice a delay if the
>   
> lookup is "slow".
>   
>   
> Side-note: Depending on your choice of local resolver software. Some
>   
> implementations will ask the configured forwarders one at a time (i.e.
>   
> try entry 1, try 2 if 1 fail, try 3 if 2 fail, etc.).
>   
> Others (e.g. dnsmasq) defaults to ask _all_ configured forwarders
>   
> simultaniously.
>   
> Others will "regularly" test all configured forwarders to measure the
>   
> response time and only use the fastest forwarder.
>   
>   
     
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20210902/5e7cc238/attachment-0001.htm>

More information about the Unbound-users mailing list