Open documentation

{{>toc}}

h1. DNS

h2. Localroot

The purpose is to not send to the root servers all our queries. Instead have a local copy of the root and rely on it.

h3. Implementation

What do you need regarding the configuration of your resolver.

h4. Unbound

In short you need this ( _tested with unbound  1.22.0 under debian 13_ )

<pre><code class="diff">

diff --git a/unbound/unbound.conf.d/local-root-unbound.conf b/unbound/unbound.conf.d/local-root-unbound.conf

new file mode 100644

index 0000000..3f25610

--- /dev/null

+++ b/unbound/unbound.conf.d/local-root-unbound.conf

@@ -0,0 +1,7 @@

+auth-zone:

+       name: "."

+       url: "https://www.internic.net/domain/root.zone"

+       fallback-enabled: yes

+       for-downstream: no

+       for-upstream: yes

+       zonefile: "/var/lib/unbound/root.zone"

diff --git a/unbound/unbound.conf.d/local-unbound.conf b/unbound/unbound.conf.d/local-unbound.conf

index 4774858..a8ec373 100644

--- a/unbound/unbound.conf.d/local-unbound.conf

+++ b/unbound/unbound.conf.d/local-unbound.conf

@@ -465,7 +465,7 @@ server:

        # do-not-query-localhost: yes

        # if yes, perform prefetching of almost expired message cache entries.

-       # prefetch: no

+       prefetch: yes

        # if yes, perform key lookups adjacent to normal lookups.

        # prefetch-key: no

</code></pre>

In summary :

* switch _prefetch_ to @yes@

* include an _auth-zone_ section . In my case I prefer to use another file

h3. References

h4. RFCs

* "8806":https://datatracker.ietf.org/doc/html/rfc8806

h4. Misc

* https://youtu.be/xog1Uerjq8g?si=Js51oOXtzypOLG6D

* https://localroot.isi.edu/