> This sounded good until "Note that using this configuration will cause the > recursive resolver to fail if the local root zone server fails." Could I > use "forward first" instead of "static-stub" so that it would fall back to > the normal root servers if the local root server could not get zone > transfers or had some other error?
In the case of BIND, the sample configuration has the root server built in to the recursive server (it's a separate view, but not a separate process), so if the root server dies, then the recursive server is also dead. A simple nanny script can restart it if this happens. This might be a larger concern with the sample NSD/Unbound configuration, in which there are two separate server processes that don't necessarily share fates. However, it may be possible to set up the stub zone in Unbound so that it tries localhost first, and fails over to traditional root servers if that doesn't work. (I know you can list multiple server addresses, but I don't know whether Unbound favors the first one or round-robins the lot of them.) -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
