Local copy of the DNS root zone (hyperlocal)
Closed this issue · 2 comments
mibere commented
Hi Frank,
what's your opinion about adding a local copy of the DNS root zone (hyperlocal) by default?
I think it could be done by adding this to /opt/unbound/etc/unbound/unbound.conf via unbound.sh
server:
...
tls-cert-bundle: "/etc/ssl/certs/ca-certificates.crt"
auth-zone:
name: "."
url: "https://www.internic.net/domain/root.zone"
fallback-enabled: yes
for-downstream: no
for-upstream: yes
zonefile: "var/root.zone"
jedisct1 commented
Why not!
I'm not convinced that it is going to make a big difference besides for the first query to a root zone, but it's simple enough, so why not!
mibere commented
I'll do a PR. Just tried it on my server and the file /opt/unbound/etc/unbound/var/root.zone exists after restarting the container.
-rw-r--r-- 1 _unbound _unbound 2205055 Dec 4 18:01 /opt/unbound/etc/unbound/var/root.zone