Hi Daniel, > On Sep 5, 2019, at 16:23, Guevara, Daniel via Unbound-users > <[email protected]> wrote: > > Rather than putting rules for all 26 root servers (both udp and tcp on port > 53), it was easier for me to test by allowing all outbound (0.0.0.0/0) on > port 53.
A minor correction; 13 root servers but 26 root server addresses (each currently has one IPv4 and one IPv6 address). Note also that the root servers are not the only things you need to be able to reach if you want your nameserver to operate with full recursive lookups and you want to be able to resolve things outside the root, arpa and root-servers.net zones. Joe
