Running a Root Server Local to a Resolver, June 2020
- File formats:
- RFC 7706
- W. Kumari
- dnsop (ops)
Discuss this RFC: Send questions or comments to firstname.lastname@example.org
Some DNS recursive resolvers have longer-than-desired round-trip times to the closest DNS root server; those resolvers may have difficulty getting responses from the root servers, such as during a network attack. Some DNS recursive resolver operators want to prevent snooping by third parties of requests sent to DNS root servers. In both cases, resolvers can greatly decrease the round-trip time and prevent observation of requests by serving a copy of the full root zone on the same server, such as on a loopback address or in the resolver software. This document shows how to start and maintain such a copy of the root zone that does not cause problems for other users of the DNS, at the cost of adding some operational fragility for the operator.
This document obsoletes RFC 7706.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 4844.