Bob McDonald <bmcdonal...@gmail.com> wrote: > I've recently been investigating having a local slave copy of the root zone > on a caching/forwarder type server.
I do this on my toy server for various strange reasons, and although it has worked OK I'm not confident it's really solid enough for production. If you are running BIND 9.12 then its RFC 8198 implementation removes a lot of the benefits of having a local root (and it also works for the arpa zones). BIND 9.14 will have an improved local root implementation (called a "mirror" zone) which validates the zone so you don't blindly serve bogus data. The feature is available now in the 9.13 dev branch; I have not tried mirroring the arpa zones - the docs suggest that isn't a supported config for mirror zones. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ democracy, participation, and the co-operative principle _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
