Local Slave copy of root zone
Tony Finch
dot at dotat.at
Wed Aug 15 16:41:03 UTC 2018
Bob McDonald <bmcdonaldjr at gmail.com> wrote:
> I've recently been investigating having a local slave copy of the root zone
> on a caching/forwarder type server.
I do this on my toy server for various strange reasons, and although it
has worked OK I'm not confident it's really solid enough for production.
If you are running BIND 9.12 then its RFC 8198 implementation removes a
lot of the benefits of having a local root (and it also works for the arpa
zones).
BIND 9.14 will have an improved local root implementation (called a
"mirror" zone) which validates the zone so you don't blindly serve bogus
data. The feature is available now in the 9.13 dev branch; I have not
tried mirroring the arpa zones - the docs suggest that isn't a supported
config for mirror zones.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
democracy, participation, and the co-operative principle
More information about the bind-users
mailing list