Local Slave copy of root zone

Tony Finch dot at dotat.at
Wed Aug 15 16:41:03 UTC 2018

Bob McDonald <bmcdonaldjr at gmail.com> wrote:

> I've recently been investigating having a local slave copy of the root zone
> on a caching/forwarder type server.

I do this on my toy server for various strange reasons, and although it
has worked OK I'm not confident it's really solid enough for production.

If you are running BIND 9.12 then its RFC 8198 implementation removes a
lot of the benefits of having a local root (and it also works for the arpa

BIND 9.14 will have an improved local root implementation (called a
"mirror" zone) which validates the zone so you don't blindly serve bogus
data. The feature is available now in the 9.13 dev branch; I have not
tried mirroring the arpa zones - the docs suggest that isn't a supported
config for mirror zones.

f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
democracy, participation, and the co-operative principle

More information about the bind-users mailing list