ѽ҉ᶬḳ℠ via Unbound-users: > On 30.11.2018 11:59, nusenu wrote: >> I did send an example unbound config for review to the DNSOP mailing list: >> https://mailarchive.ietf.org/arch/msg/dnsop/KLJFVjgALzvjZY0F0aZjFhE60LQ >>
Let's paste the sample config from above URL for convenience: > auth-zone: > name: "." > master: "b.root-servers.net" > master: "c.root-servers.net" > master: "d.root-servers.net" > master: "f.root-servers.net" > master: "g.root-servers.net" > master: "k.root-servers.net" > fallback-enabled: yes > for-downstream: no > for-upstream: yes > zonefile: "root.zone" > The sample is using URL instead of ip addresses and thus have to be resolved > first. Should not the relevant ip being stated instead? This sample uses unbounds "master" directive with hostnames instead of IP addresses with the following motivation/reasoning: - it is unlikely that operators will update that config sample once they added it - root server hostnames are expected to change less often (ever?) than their IP addresses - unbound ships builtin hints data Open question: If a lot of operators deploy above sample, will b.root-servers.net have to handle most requests or will unbound choose a random/the fastest server? (we should avoid putting all the load on one) btw: Unbound also supports zone transfer with the "url" config directive. Using "url" you could fetch it from: https://www.internic.net/domain/named.root https://mailarchive.ietf.org/arch/msg/dnsop/2lp4TTS59RxkgEuN80VQrUPl9C8 -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu
signature.asc
Description: OpenPGP digital signature
