On Thu, Aug 23, 2012 at 11:14:57AM +0200, Leen Besselink wrote: > On Wed, Aug 22, 2012 at 09:20:08PM -0700, Bry8 Star wrote: > > Hi, > > Hi, > > > There are many other Root servers other than ICANN Root servers. For > > example: CesidianRoot (http://www.cesidianroot.net/), OpenNIC > > (http://www.opennicproject.org/), New Nations (New-Nations.net), > > Namecoin DNS (DotBIT project, bit DNS) (http://dot-bit.org), 42 > > (http://42registry.org/), OVH (http://ovh.co.uk/), i-DNS (MultiLingual > > DNS) (i-dns.net), Public-Root ( http://public-root.com), UnifiedRoot > > (unifiedroot.com), etc. > > > > How can i integrate all into one Unbound or into a central Unbound ? to > > use their all TLDs, which are not found in default ICANN/IANA root servers. > > > > That is gonna be an interresting journey to get that working if you want > DNSSEC. > > Extra root servers, especially with DNSSEC, seems kind of unlikely to me. > > As the ICANN root is signed, you can't really add other data to a signed zone > at the same level as far as I know. > > Extra TLD's should be possible. > > You'll need a stub-zone and (auto-)trust-anchor for each TLD that supports > DNSSEC. > > However a validating resolver on a desktop/laptop/mobile device which does not > have that installed would reject the data. >
I should probably add: As the above is the case, I wouldn't be surprised that this won't work in 5 or 10 years. It might be that by then a significant number of hosts will have a DNSSEC-validator and enabled by default. If you run an alternative TLD, it would be a good idea in the long run to look at registering your TLD at ICANN. The other alternative is browser- or OS-addons which handle the alternative TLDs, but as more and more different devices get Internet enabled. It might need to be created for many platforms. > Not many of those around though. Not yet anyway, but Chrome already has a > DNSSEC-validator, > they are adding a DNS-resolver and they have a way of updating the root key. > > The solution for not having to create such a large configuration file might > be that someone, probably the alternative root or TLD operators, could create > a DLV-registery. > > That might help. > > But I'm not expert on DLV. > > > Thanks for your all help. > > ~ Bry8Star. > _______________________________________________ > Unbound-users mailing list > [email protected] > http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
