File formats:

Also available: XML file for editing

 

Status:

INFORMATIONAL

Obsoletes:

RFC 7706

Authors:

W. Kumari
P. Hoffman

Stream:

IETF

Source:

dnsop (ops)

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  10.17487/RFC8806

Discuss this RFC: Send questions or comments to the mailing list [email protected]

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 8806

Abstract

Some DNS recursive resolvers have longer-than-desired round-trip times to the closest DNS root server; those resolvers may have difficulty getting responses from the root servers, such as during a network attack. Some DNS recursive resolver operators want to prevent snooping by third parties of requests sent to DNS root servers. In both cases, resolvers can greatly decrease the round-trip time and prevent observation of requests by serving a copy of the full root zone on the same server, such as on a loopback address or in the resolver software. This document shows how to start and maintain such a copy of the root zone that does not cause problems for other users of the DNS, at the cost of adding some operational fragility for the operator.

This document obsoletes RFC 7706.

For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.