Skip to main content

Appendix B. Example Configurations of Common Implementations

This section shows fragments of configurations for some popular recursive server software that is believed to correctly implement the requirements given in this document. The examples have been updated since the publication of [RFC7706].

The IPv4 and IPv6 addresses in this section were checked in March 2020 by testing for AXFR over TCP from each address for the known single-letter names in the root-servers.net zone.

B.1. Example Configuration: BIND 9.12

BIND 9.12 acts both as a recursive resolver and an authoritative server. Because of this, there is "fate-sharing" between the two servers in the following configuration. That is, if the root server dies, it is likely that all of BIND is dead.

B.2. Example Configuration: Unbound 1.8

Similar to BIND, Unbound, starting with version 1.8, can act both as a recursive resolver and an authoritative server.

B.3. Example Configuration: BIND 9.14

BIND 9.14 can set up a local mirror of the root zone with a small configuration option. The simple "type mirror" configuration for the root zone works for the root zone because a default list of primary servers for the IANA root zone is built into BIND 9.14.

See the documentation for BIND 9.14 for more detail about how to use this simplified configuration.

B.4. Example Configuration: Unbound 1.9

Recent versions of Unbound have an "auth-zone" feature that allows local mirroring of the root zone.

Configuration looks as follows:

auth-zone:
    name: "."
    master: "b.root-servers.net"
    master: "c.root-servers.net"
    master: "d.root-servers.net"
    master: "f.root-servers.net"
    master: "g.root-servers.net"
    master: "k.root-servers.net"
    fallback-enabled: yes
    for-downstream: no
    for-upstream: yes
    zonefile: "root.zone"

B.5. Example Configuration: Knot Resolver

Knot Resolver uses its "prefill" module to load the root zone information. This is described at https://knot-resolver.readthedocs.io/en/v5.0.1/modules-rfc7706.html.

B.6. Example Configuration: Microsoft Windows Server 2012

Windows Server 2012 contains a DNS server in the "DNS Manager" component. When activated, that component acts as a recursive server. The DNS Manager can also act as an authoritative server. Using this configuration, queries for information in the root zone are returned with the Authoritative Answer (AA) bit set.

Last updated on