RFC 8806

Running a Root Server Local to a Resolver, June 2020

File formats:

icon for HTML icon for text file icon for v3pdf icon for XML
Status:
INFORMATIONAL
Obsoletes:
RFC 7706
Authors:
W. Kumari
P. Hoffman
Stream:
IETF
Source:
dnsop (ops)

Cite this RFC: TXT  |  XML

DOI:  10.17487/RFC8806

Discuss this RFC: Send questions or comments to dnsop@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

Some DNS recursive resolvers have longer-than-desired round-trip times to the closest DNS root server; those resolvers may have difficulty getting responses from the root servers, such as during a network attack. Some DNS recursive resolver operators want to prevent snooping by third parties of requests sent to DNS root servers. In both cases, resolvers can greatly decrease the round-trip time and prevent observation of requests by serving a copy of the full root zone on the same server, such as on a loopback address or in the resolver software. This document shows how to start and maintain such a copy of the root zone that does not cause problems for other users of the DNS, at the cost of adding some operational fragility for the operator.

This document obsoletes RFC 7706.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Download PDF Reader