Complete DNS fake root setup example

Mukund Sivaraman muks at
Wed Jan 20 17:30:34 UTC 2016

Hi John

On Wed, Jan 20, 2016 at 05:12:44PM +0000, MURTARI, JOHN wrote:
> Folks,
>                 Had to do some testing where we wanted our own
>                 insulated fake root environment. We wanted to start
>                 from simulated root name servers.  I was surprised I
>                 couldn't find a complete example even after some
>                 extensive searches.
>                 The concepts are easy, but the devil is in the
>                 details.  We had done this before, but no one ever
>                 kept notes so I figured by posting it on the list it
>                 will eventually find its way into Google.  Here are
>                 the setup instructions below, name & ip address have
>                 been changed to protect the innocent!  Your
>                 comments/suggestions are welcome!

The key parts are the root hints and the trust anchors. You can see
several such fake root configurations in the BIND 9 system tests (look
in bin/tests/system), e.g., the resolver system test.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <>

More information about the bind-users mailing list