Warren Kumari <[email protected]> wrote: > > Draft: http://tools.ietf.org/html/draft-wkumari-dnsop-dist-root-00
What I do on my toy server at the moment is similar but different, based on a suggestion from Mark Andrews: https://lists.dns-oarc.net/pipermail/dns-operations/2013-November/011158.html The idea is to have an authoritative view with a local copy of the root zone, and a recursive view which validates as normal but queries the auth view instead of the usual servers. The downside compared to your proposal is the lack of any way (other than operator intervention) to recover from a bogus zone transfer. view rec { match-recursive-only yes; zone "." { type static-stub; server-addresses { ::1; }; }; }; view auth { recursion no; allow-recursion { none; }; zone "." { type slave; masters { 2001:500:2f::f; 192.5.5.241; }; }; }; Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ Plymouth, Northwest Biscay: Northeasterly 4 or 5. Slight or moderate. Fair. Good. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
