Hi Paul,
Apologies for being late to the party.
> I have seen messages in the past few months about some vendors adding 7706,
> or 7706-like, support to recent versions of their resolvers. It would be
> grand if those of you who have shipping implementations of this could send
> the configuration steps to the list so we can add them to the appendix.
BIND 9.14, i.e. the upcoming stable BIND release, will ship with a
feature called mirror zones which facilitates setting up a local,
DNSSEC-validated copy of the root zone.
As of the currently available BIND 9.13.6 development release, a default
list of primary servers for the IANA root zone is built into named and
thus its mirroring can be enabled using the following configuration
snippet:
zone "." {
type mirror;
};
(The above snippet is intended to be used instead of the example BIND
configuration provided in Appendix B to RFC 7706, not in addition to
it.)
Chapter 5 of the BIND 9 ARM discusses how mirror zones work in more
detail:
https://bind.isc.org/doc/arm/9.13/Bv9ARM.ch05.html#zone_types
Please let me know if anything above is unclear.
--
Best regards,
Michał Kępień
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
