Feature #16702
open
Localroot
0%
Description
https://nanog.org/events/nanog-96/content/5731/
https://localroot.isi.edu/about/
This is "experimental", but seems to work fine in unbound on pfsense 2.8.1 / 25.11.1
To activate and test just, add the following to the DNS Resolver -> Custom options
auth-zone: name: "." url: "https://www.internic.net/domain/root.zone" fallback-enabled: yes for-downstream: no for-upstream: yes zonefile: "root.zone"
This basicly "mirrors" the entire root zone locally (including DNSSEC/ZONEMD signatures/checksums), improving latency etc...
This is better explained in the links above (note that the localroot.isi.edu hasn't been updated yet, so afaik, only the slides/video of the nanog-96 talk, contain currently relevant info and the correct unbound config).
My suggestion is, to either add this as a note somewhere in the DNS Resolver documentation,
or add some kind of checkbox (for testing/experimental) that add's the config section.
Updated by Bart Schapendonk 1 day ago
From https://nanog.org/events/nanog-96/content/5731/
Abstract
The ability to hold a copy of the root zone in your DNS resolver has been available for years. Why are your resolvers still sending queries to the root server system? With a local copy in place, your DNS infrastructure will be more robust, more secure, and more private. In this talk I'll give a quick recap of the state of LocalRoot technologies available and how easy it is to turn them on.