51284652e34d1cf3b13db91b41e2048f0df33210
services/dns/Recursive-DNS-resolver.md
| ... | ... | @@ -30,4 +30,33 @@ stub-zone: |
| 30 | 30 | stub-prime: yes |
| 31 | 31 | stub-addr: 172.22.119.160 |
| 32 | 32 | stub-addr: 172.22.119.163 |
| 33 | -``` |
|
| ... | ... | \ No newline at end of file |
| 0 | +``` |
|
| 1 | + |
|
| 2 | +### Unbound with root-hints |
|
| 3 | +Alternatively you can put dn42 root servers in the root-hints file for recursive resolving. |
|
| 4 | + |
|
| 5 | +``` |
|
| 6 | +# /etc/unbound/unbound.conf.d/dn42.conf |
|
| 7 | +server: |
|
| 8 | + # DNSSEC validation will fail |
|
| 9 | + val-permissive-mode: yes |
|
| 10 | + # recursive queries for everyone |
|
| 11 | + access-control: 0.0.0.0/0 allow |
|
| 12 | + # dn42 root servers |
|
| 13 | + root-hints: /etc/unbound/dn42.hints |
|
| 14 | + |
|
| 15 | +remote-control: |
|
| 16 | + control-enable: no |
|
| 17 | +``` |
|
| 18 | + |
|
| 19 | +The `/etc/unbound/dn42.hints` file: |
|
| 20 | +``` |
|
| 21 | +. NS a.root-servers.dn42. |
|
| 22 | +a.root-servers.dn42. 3600000 A 172.22.177.6 |
|
| 23 | +. NS m.root-servers.dn42. |
|
| 24 | +m.root-servers.dn42. 3600000 A 172.23.67.67 |
|
| 25 | +. NS t.root-servers.dn42. |
|
| 26 | +t.root-servers.dn42. 3600000 A 172.22.102.141 |
|
| 27 | +. NS x.root-servers.dn42. |
|
| 28 | +x.root-servers.dn42. 3600000 A 172.22.141.1 |
|
| 29 | +``` |