31 Oct
2025
31 Oct
'25
7:03 a.m.
[ Quoting <ray@isc.org> in "[dns-wg] Re: More Than 70% of DNS R..." ]
The BIND instructions are in RFC 8806, as are those for some other resolvers that support this.
There are caveats:
- allowing AXFR of the root is something that some root operators do, but it is not a formal service offering. Any (or all) of them could withdraw it at any point.
- you'll want to have really good monitoring in place to make sure your transfers are succeeding
- without NOTIFY you might miss urgent root zone updates, e.g. in the case of an urgent TLD key roll
- you might also want to use ZONEMD to check that the zone is correct.
There is the localroot project: https://localroot.isi.edu/about/ /Miek