Maintained by: NLnet Labs

[Unbound-users] How to use Alternative Other Root DNS server with DNSSEC validation

Bry8 Star
Tue Aug 28 23:29:43 CEST 2012


Great, further tests has given some successful results: some
good/improvement & few bad/unsolved:

Below config file worked on WinXP :-)
to resolve such TLDs: '42', 'geek' (1 TLD of OpenNIC), 'ita' (1 TLD of
CesidianRoot), 'ovh', 'xn--e1apq' (1 TLD of i-DNS.net).

But could not resolve 'bit', 'ti' (1 TLD of New-Nations.net) :-(

# BEGIN of service.conf / unbound.conf file
# Last Modified 2012-08-27 23:05
# Copyright (C) 2012 Bry8Star. (bry8 star a.t ya hoo d.o.t c om)
server:
verbosity: 3
statistics-interval: 0
statistics-cumulative: "no"
extended-statistics: "no"
num-threads: 2
interface: 127.0.0.1
interface: 192.168.0.10
interface: ::1
interface-automatic: "no"
port: 53
outgoing-interface: 192.168.0.10
outgoing-range: 400
outgoing-port-permit: 52000-56096
outgoing-port-avoid:
"22,25,26,37,53,54,55,67,68,69,80,110,123,135,137,138,139,143,443,445,465,500,587,843,990,912,993,995,1025,1863,1935,2082,2083,2096,2400,4242,4400,4421,4444,4445,4480,4500,4569,5038,5050,5060,5061,5062,5063,5064,5065,5198,5199,5200,5222,5555,5800,5801,5900,5901,6666,6667,6668,6669,7000,7001,7002,7003,7004,7005,7006,7658,7659,7660,7777,8050,8052,8054,8056,8058,8060,8080,8110,8118,8120,8123,8125,8143,8210,8225,8243,8998,9001,9022,9030,9050,9051,9052,9053,9054,9055,9056,9057,9058,9059,9060,9080,10000,15000,15001,15002,15003,15004,16001,16999,20000,20001,25000,26999,30600,31000,32000,36999,50300"
outgoing-num-tcp: 8
incoming-num-tcp: 8
so-rcvbuf: 8m
so-sndbuf: 8m
edns-buffer-size: 4096
msg-buffer-size: 65552
msg-cache-size: 24m
msg-cache-slabs: 4
num-queries-per-thread: 200
jostle-timeout: 200
rrset-cache-size: 48m
rrset-cache-slabs: 4
cache-min-ttl: 0
cache-max-ttl: 21600
infra-host-ttl: 900
infra-cache-slabs: 4
infra-cache-numhosts: 10000
do-ip4: "yes"
do-ip6: "no" # for now
do-udp: "yes"
do-tcp: "yes"
tcp-upstream: "no"
do-daemonize: "yes"
access-control: 0.0.0.0/0 refuse
access-control: ::0/0 refuse
access-control: 127.0.0.0/8 allow
access-control: 192.168.0.10/24 allow
access-control: ::1 allow
logfile: "C:\Program Files\Unbound\unbound.log"
use-syslog: "no"
log-time-ascii: "yes"
log-queries: "no"
root-hints: "C:\Program Files\Unbound\named.cache"
hide-identity: "yes"
hide-version: "yes"
identity: "DNS"
version: "1.0.0"
target-fetch-policy: "3 2 1 1 1 1"
harden-short-bufsize: "no"
harden-large-queries: "no"
harden-glue: "yes"
harden-dnssec-stripped: "yes"
harden-below-nxdomain: "no"
harden-referral-path: "no"
use-caps-for-id: "no"
unwanted-reply-threshold: 1000
prefetch: "yes"
prefetch-key: "yes"
rrset-roundrobin: "yes"
minimal-responses: "no"
module-config: "validator iterator"
dlv-anchor-file: "C:\Program Files\Unbound\dlv.isc.org.key"
# Downloaded from http://ftp.isc.org/www/dlv/dlv.isc.org.key
# DLV, DNS Lookaside Validation, for the root
auto-trust-anchor-file: "C:\Program Files\Unbound\root.key"
#trust-anchor-file: "<filename>"
# File with trusted keys for validation. Specify more
# than one file with several entries, one file per entry.
# Standard DNS Zone file format, with DS, DNSKEY entries.
#trusted-keys-file: "<filename>"
# File with trusted keys for validation. Specify more
# than one file with several entries, one file per entry.
# Like trust-anchor-file, but in BIND-9 format.
domain-insecure: "42"
domain-insecure: "ovh"
domain-insecure: "bit"
domain-insecure: "ita"
domain-insecure: "geek"
domain-insecure: "glue"
domain-insecure: "xn--e1apq"
# Other domain-insecure TLDs
# which are inside other AltRootDNS
# and does not have DNSSEC record, key yet
val-bogus-ttl: 60
val-sig-skew-max: 86400
val-clean-additional: "yes"
val-permissive-mode: "no"
ignore-cd-flag: "yes"
val-log-level: 2
#val-nsec3-keysize-iterations: "1024 150 2048 500 4096 2500"
key-cache-size: 24m
key-cache-slabs: 4
neg-cache-size: 4m
# Blocking below TLDs
local-zone: "onion." refuse # disallow via public route
local-zone: "i2p." refuse # suppose to go via proxy route
remote-control:
control-enable: "no"
stub-zone:
 name: "42" # http://42registry.org/
 stub-host: a.42tld-servers.net. # name / DNS Srvr
 stub-host: b.42tld-servers.net.
 stub-host: c.42tld-servers.net.
 stub-host: d.42tld-servers.net.
 # GeekNode OpenResolvers:
 stub-addr: 81.93.248.69
 stub-addr: 81.93.248.68
 stub-addr: 91.194.60.196
 stub-addr: 193.17.192.53
 # Psilo.fr resolvers:
 stub-addr: 109.235.51.12
 stub-addr: 85.17.236.67
 # test above with "search.42" , "nic.42"
stub-zone:
 name: "ovh" # http://ovh.co.uk/
 stub-addr: 213.251.128.133 # name / DNS Srvr
 stub-addr: 213.251.188.133
stub-zone:
 name: "bit" # http://dot-bit.org , NameCoin
 stub-host: ns.dot-bit.bit. # name / DNS Srvr
 stub-addr: 178.32.31.41 # ns.dot-bit.bit
 stub-addr: 108.174.61.249
 stub-addr: 78.47.86.43
 stub-addr: 96.127.133.37
 stub-addr: 69.194.226.23
 stub-addr: 194.71.109.237
 stub-addr: 2001:41d0:2:a5d9::101 # ns.dot-bit.bit
 # test above with "dot-bit.bit"
# New-Nations.net has 6 TLDs: (now showing only 1 below)
stub-zone:
 name: "ti"
 stub-host: ns1.new-nations.ti.
 stub-host: ns2.new-nations.ti.
 stub-addr: 88.84.130.20   # ns1.New-Nations.net  West Asia
 stub-addr: 194.50.176.206 # ns2.New-Nations.net  West Asia
# OpenNIC : http://www.opennicproject.org/ :
# 14 TLDs: .geek, .free, .bbs, .parody, .oss,
# .indy, .fur, .ing, .micro, .dyn, .neo,
# .pirate, gopher and null.
# Showing only 2 out of 14 TLD below:
stub-zone:
 name: "geek"
 stub-host: ns2.opennic.glue.
 stub-host: ns3.opennic.glue.
 stub-host: ns4.opennic.glue.
 stub-host: ns5.opennic.glue.
 stub-host: ns6.opennic.glue.
 stub-host: ns7.opennic.glue.
 stub-host: ns8.opennic.glue.
 stub-host: ns21.opennic.glue.
stub-zone:
 name: "glue"
 stub-host: ns2.opennic.glue.
 stub-host: ns3.opennic.glue.
 stub-host: ns4.opennic.glue.
 stub-host: ns5.opennic.glue.
 stub-host: ns6.opennic.glue.
 stub-host: ns7.opennic.glue.
 stub-host: ns8.opennic.glue.
 stub-host: ns21.opennic.glue.
 # test above with "grep.geek"
# CesidianRoot :  http://www.cesidianroot.net/
# Cesidian Root proper has 84 TLDs,
# Showing only 1 out 84 TLDs
stub-zone: # http://www2.world-dns.net/
 name: "ita"
 stub-host: ns1.cesidio.net.
 stub-host: ns4.cesidio.net.
 stub-host: ns9.cesidian.info.
 # test above with "governo.ita"
# i-DNS.net has many multi-linugual supported TLDs
# Showing only 1 of the TLD below:
stub-zone: # (Russian, Punycode form, .нет or .net)
 name: "xn--e1apq"
 stub-host: nsa.i-dns.net.
 stub-host: nsb.i-dns.net.
 stub-host: nsc.i-dns.net.
 stub-host: nsd.i-dns.net.
 stub-addr: 64.62.142.131
 stub-addr: 195.161.113.189
 stub-addr: 211.169.245.170
 stub-addr: 120.50.44.141
# TLD '42':
forward-zone:
 name: "a.42tld-servers.net"
 forward-addr: 91.191.147.246
forward-zone:
 name: "b.42tld-servers.net"
 forward-addr: 91.191.147.243
forward-zone:
 name: "c.42tld-servers.net"
 forward-addr: 79.143.244.68
 forward-addr: 2a01:678:fff:42:42::
forward-zone:
 name: "d.42tld-servers.net"
 forward-addr: 83.169.77.117
# TLD 'bit':
forward-zone:
 name: "ns.dot-bit.bit"
 forward-addr: 178.32.31.41
 forward-addr: 2001:41d0:2:a5d9::101
# New-Nations.net TLD:
forward-zone:
 name: "ns1.new-nations.ti"
 forward-addr: 88.84.130.20
forward-zone:
 name: "ns2.new-nations.ti"
 forward-addr: 194.50.176.206
# CesidianRoot TLDs:
forward-zone:
 name: "ns1.cesidio.net"
 forward-addr: 78.47.115.193
forward-zone:
 name: "ns4.cesidio.net"
 forward-addr: 78.47.115.196
forward-zone:
 name: "ns9.cesidian.info"
 forward-addr: 84.200.208.231
 forward-addr: 2001:1608:12:0:7862:ab14:ef56:102
# i-DNS.net TLDs:
forward-zone:
 name: "nsa.i-dns.net"
 forward-addr: 64.62.142.131
forward-zone:
 name: "nsb.i-dns.net"
 forward-addr: 195.161.113.189
forward-zone:
 name: "nsc.i-dns.net"
 forward-addr: 211.169.245.170
forward-zone:
 name: "nsd.i-dns.net"
 forward-addr: 120.50.44.141
# OpenNIC TLDs:
forward-zone:
 name: "ns2.opennic.glue"
 forward-addr: 216.87.84.210
 forward-addr: 2001:470:8388:10:0:100:53:10
forward-zone:
 name: "ns21.opennic.glue"
 forward-addr: 202.83.95.229
forward-zone:
 name: "ns3.opennic.glue"
 forward-addr: 199.30.58.57
 forward-addr: 2001:470:8ca1::53
forward-zone:
 name: "ns4.opennic.glue"
 forward-addr: 84.200.228.200
forward-zone:
 name: "ns5.opennic.glue"
 forward-addr: 128.177.28.254
forward-zone:
 name: "ns6.opennic.glue"
 forward-addr: 207.192.71.13
 forward-addr: 2002:cfc0:470d::1
forward-zone:
 name: "ns7.opennic.glue"
 forward-addr: 66.244.95.11
 forward-addr: 2001:470:1f10:c6::11
forward-zone:
 name: "ns8.opennic.glue"
 forward-addr: 178.63.116.152
 forward-addr: 2a01:4f8:110:6221::999
# Default Root Zone TLDs:
# forward-zone:
#  name: "."
#  forward-addr: i.p.adrs.1 # My ISP # Recursive/Caching
#  forward-addr: i.p.adrs.2 # My ISP # Recursive/Caching
# END of service.conf / unbound.conf file

Can anyone help me further to fix mentioned problems in above ?

Thanks in advance,

Bry8Star.



On 8/23/2012 10:47 PM, Bry8 Star wrote:
> Here is my config file, please see what is wrong:
> 
> # BEGIN of service.conf / unbound.conf file
> server:
> verbosity: 3
> statistics-interval: 0
> statistics-cumulative: "no"
> extended-statistics: "no"
> num-threads: 2
> interface: 127.0.0.1
> interface: 192.168.0.10
> interface: ::1
> interface-automatic: "no"
> port: 53
> outgoing-interface: 192.168.0.10
> outgoing-range: 400
> outgoing-port-permit: 52000-56096
> outgoing-port-avoid:
> "22,25,26,37,53,54,55,67,68,69,80,110,123,135,137,138,139,143,443,445,465,500,587,843,990,912,993,995,1025,1863,1935,2082,2083,2096,2400,4242,4400,4421,4444,4445,4480,4500,4569,5038,5050,5060,5061,5062,5063,5064,5065,5198,5199,5200,5222,5555,5800,5801,5900,5901,6666,6667,6668,6669,7000,7001,7002,7003,7004,7005,7006,7658,7659,7660,7777,8050,8052,8054,8056,8058,8060,8080,8110,8118,8120,8123,8125,8143,8210,8225,8243,8998,9001,9022,9030,9050,9051,9052,9053,9054,9055,9056,9057,9058,9059,9060,9080,10000,15000,15001,15002,15003,15004,16001,16999,20000,20001,25000,26999,30600,31000,32000,36999,50300"
> outgoing-num-tcp: 10
> incoming-num-tcp: 10
> so-rcvbuf: 8m
> so-sndbuf: 8m
> edns-buffer-size: 4096
> msg-buffer-size: 65552
> msg-cache-size: 24m
> msg-cache-slabs: 4
> num-queries-per-thread: 200
> jostle-timeout: 200
> rrset-cache-size: 48m
> rrset-cache-slabs: 4
> cache-min-ttl: 0
> cache-max-ttl: 21600
> infra-host-ttl: 900
> infra-cache-slabs: 4
> infra-cache-numhosts: 10000
> do-ip4: "yes"
> do-ip6: "no" # for now
> do-udp: "yes"
> do-tcp: "yes"
> tcp-upstream: "no"
> do-daemonize: "yes"
> access-control: 0.0.0.0/0 refuse
> access-control: ::0/0 refuse
> access-control: 127.0.0.0/8 allow
> access-control: 192.168.0.10/24 allow
> access-control: ::1 allow
> logfile: "C:\Program Files\Unbound\unbound.log"
> use-syslog: "no"
> log-time-ascii: "yes"
> log-queries: "no"
> root-hints: "C:\Program Files\Unbound\named.cache"
> hide-identity: "yes"
> hide-version: "yes"
> identity: "DNS"
> version: "1.0.0"
> target-fetch-policy: "3 2 1 1 1 1"
> harden-short-bufsize: "no"
> harden-large-queries: "no"
> harden-glue: "yes"
> harden-dnssec-stripped: "yes"
> harden-below-nxdomain: "no"
> harden-referral-path: "no"
> use-caps-for-id: "no"
> unwanted-reply-threshold: 1000
> prefetch: "yes"
> prefetch-key: "yes"
> rrset-roundrobin: "yes"
> minimal-responses: "no"
> module-config: "validator iterator"
> dlv-anchor-file: "C:\Program Files\Unbound\dlv.isc.org.key"
> # Downloaded from http://ftp.isc.org/www/dlv/dlv.isc.org.key
> # DLV, DNS Lookaside Validation, for the root
> auto-trust-anchor-file: "C:\Program Files\Unbound\root.key"
> #trust-anchor-file: "<filename>"
> # File with trusted keys for validation. Specify more
> # than one file with several entries, one file per entry.
> # Standard DNS Zone file format, with DS, DNSKEY entries.
> #trusted-keys-file: "<filename>"
> # File with trusted keys for validation. Specify more
> # than one file with several entries, one file per entry.
> # Like trust-anchor-file, but in BIND-9 format.
> domain-insecure: "42"
> domain-insecure: "ovh"
> domain-insecure: "bit"
> domain-insecure: "ita"
> domain-insecure: "geek"
> # other TLDs that are inside other AltRootDNS
> val-bogus-ttl: 60
> val-sig-skew-max: 86400
> val-clean-additional: "yes"
> val-permissive-mode: "no"
> ignore-cd-flag: "yes"
> val-log-level: 2
> #val-nsec3-keysize-iterations: "1024 150 2048 500 4096 2500"
> key-cache-size: 24m
> key-cache-slabs: 4
> neg-cache-size: 4m
> local-zone: "onion." refuse # disallow via public route
> local-zone: "i2p." refuse # suppose to go via proxy route
> remote-control:
> control-enable: "no"
> stub-zone:
>  name: "42" # http://42registry.org/
>  stub-addr: 91.191.147.246 # name / DNS Srvr
>  stub-addr: 91.191.147.243
>  stub-addr: 79.143.244.68
>  # test with "search.42"
> stub-zone:
>  name: "ovh" # http://ovh.co.uk/
>  stub-addr: 213.251.128.133 # name / DNS Srvr
>  stub-addr: 213.251.188.133
> stub-zone:
>  name: "bit" # http://dot-bit.org
>  stub-addr: 178.32.31.41  # name / DNS Srvr
>  stub-addr: 108.174.61.249
>  stub-addr: 78.47.86.43
>  stub-addr: 96.127.133.37
>  stub-addr: 69.194.226.23
>  stub-addr: 194.71.109.237
>  # test with "dot-bit.bit"
> # OpenNIC : http://www.opennicproject.org/ :
> # TLDs: .geek, .free, .bbs, .parody, .oss,
> # .indy, .fur, .ing, .micro, .dyn, .neo,
> # .pirate, gopher and null.
> stub-zone:
>  name: "opennicproj-rtDnsSrvr-randNum01.com"
>  stub-addr: 66.244.95.20 # name / DNS Srvr
>  stub-addr: 74.207.247.4
>  stub-addr: 216.87.84.211
>  stub-addr: 66.90.81.200
>  stub-addr: 94.23.246.31
>  stub-addr: 95.142.171.235
>  stub-addr: 82.237.169.10
>  stub-addr: 202.83.95.227
>  stub-addr: 58.6.115.42
>  stub-prime: no
>  stub-first: no
> stub-zone:
>  name: "geek"
>  stub-host: "ns.opennicproj-rtDnsSrvr-randNum01.com"
> # test with "grep.geek"
> # ... around 14 OpenNIC TLDs
> # CesidianRoot :  http://www.cesidianroot.net/
> # Cesidian Root proper (84 TLDs), they also resolve
> # other Alt Root DNS's TLDs
> stub-zone: # http://www2.world-dns.net/
>  name: "cesidianroot-dnsSrvr-randNum02.net"
>  stub-addr: 178.254.3.55  # name/DNS server
>  stub-addr: 50.77.217.162
>  stub-addr: 199.193.252.198
>  stub-addr: 78.47.115.194
>  stub-addr: 78.47.115.197
>  stub-addr: 122.155.6.181
>  stub-addr: 182.163.74.213
>  stub-addr: 116.90.134.19
>  stub-addr: 200.58.125.62
>  stub-addr: 196.41.137.142
> stub-zone:
>  name: "ita"
>  stub-host: "ns.cesidianroot-dnsSrvr-randNum02.net"
> # test with "governo.ita"
> # ... around 84 CesidinaRoot TLDs
> forward-zone:
>  name: "."
>  forward-addr: i.p.adrs.1 # AT&T ISP # Recursive/Caching
>  forward-addr: i.p.adrs.2 # AT&T ISP # Recursive/Caching
> # END of service.conf / unbound.conf file
> 
> i can at least (inconsistently) do ping or nslookup or dig on test sites
> in 42, ovh, bit TLDs,
> but, could not do so for test sites in TLDs like geek, ita.
> 
> Thanks for your help in advance,
> Bry8Star.
> 
> 
> 
> On 8/22/2012 9:20 PM, Bry8 Star wrote:
>> Hi,
>> There are many other Root servers other than ICANN Root servers. For
>> example: CesidianRoot (http://www.cesidianroot.net/), OpenNIC
>> (http://www.opennicproject.org/), New Nations (New-Nations.net),
>> Namecoin DNS (DotBIT project, bit DNS) (http://dot-bit.org),  42
>> (http://42registry.org/), OVH (http://ovh.co.uk/), i-DNS (MultiLingual
>> DNS) (i-dns.net), Public-Root ( http://public-root.com), UnifiedRoot
>> (unifiedroot.com), etc.
>>
>> How can i integrate all into one Unbound or into a central Unbound ? to
>> use their all TLDs, which are not found in default ICANN/IANA root servers.
>>
>> For example, i had to add these in unbound.conf/service.conf for '42' TLD:
>>
>> domain-insecure: "42"
>> stub-zone:
>>  name: "42"
>>   stub-addr: 91.191.147.246 # 42Registry a.42tld-servers.net europe
>>   stub-addr: 91.191.147.243 # 42Registry b.42tld-servers.net europe
>>   stub-addr: 79.143.244.68  # 42Registry c.42tld-servers.net europe
>>
>> now with the above 6 lines, i could not ping or browse the website at
>> "search.42" :( but 'dig', 'nslookup' does resolve/show successfully ns,
>> a , etc records.
>> i tried "dig 42. any +dnssec", but flag does not show 'ad' bit, only
>> shows 'qr rd ra'. answer does show 'SOA' with "a.42tld-servers.net.
>> tech.42registry.org.", and 4 'NS' shows "a/b/c/d.42tld-servers.net.".
>>
>> so what is/are wrong ?
>> if 42 TLD supports/has DNSSEC components, then how can i use them ? or
>> how to enable DNSSEC for 42 TLD ?
>>
>> Similar like above, i added domain-insecure and stub-zone for .bit TLD
>> in 'unbound.conf' / 'service.conf' file. The 'ping', 'nslookup', 'dig'
>> etc worked on the http://dot-bit.bit/ site/host/domain. :)
>>
>> The CesidianRoot proper, root dns server/system, has at least 84 TLDs of
>> their own. And they can also resolve other TLDs from other root dns
>> servers.
>> i added all of them (cesidianRoot and other root's TLDs) in this way,
>> i'm showing only few TLD example instead of all 84 TLDs here:
>>
>> domain-insecure: "5wc"
>> domain-insecure: "cesidio"
>> domain-insecure: "linna"
>> domain-insecure: "free"
>> ...
>> stub-zone:
>>  name: "cesidianroot-dnsSrv-randNum1.net"
>>   stub-addr: 178.254.3.55    # Master CesidianRoot.net Root Server
>>   stub-addr: 50.77.217.162   # CesidianRoot.net North America
>>   stub-addr: 199.193.252.198 # CesidianRoot.net North America
>>   stub-addr: 78.47.115.194   # CesidianRoot.net Europe
>>   stub-addr: 78.47.115.197   # CesidianRoot.net Europe
>>   stub-addr: 122.155.6.181   # CesidianRoot.net South-East Asia
>>   stub-addr: 182.163.74.213  # CesidianRoot.net South-East Asia
>>   stub-addr: 116.90.134.19   # CesidianRoot.net Australia & Ocenia
>>   stub-addr: 200.58.125.62   # CesidianRoot.net South America
>>   stub-addr: 196.41.137.142  # CesidianRoot.net Sub-Saharan Africa
>> stub-zone:
>>  name: "5wc"
>>   stub-host: "ns.cesidianroot-dnsSrv-randNum1.net"
>> stub-zone:
>>  name: "cesidio"
>>   stub-host: "ns.cesidianroot-dnsSrv-randNum1.net"
>> stub-zone:
>>  name: "linna"
>>   stub-host: "ns.cesidianroot-dnsSrv-randNum1.net"
>> stub-zone:
>>  name: "free"
>>   stub-host: "ns.cesidianroot-dnsSrv-randNum1.net"
>> ...
>>
>> but when i tried to do ping/nslookup/dig on any TLD randomly from
>> CesidianRoot, then none of the tool worked. ! :( :-(
>>
>> What is/are wrong ? i used this "cesidianroot-dnsSrv-randNum1.net"
>> domain-name because such does not exist in real-life. do i need to
>> define/declare 'ns' & 'cesidianroot-dnsSrv-randNum1.net' which are used
>> in stub-host : "ns.cesidianroot-dnsSrv-randNum1.net" line ?
>>
>> And please help me to have a solution, where i dont have to use those 10
>> stub-addr dns server of CesidianRoot for all of those 84 TLDs for 84
>> times, then it will become at least 11 x 84 lines of codes ! how can i
>> reduce line numbers ?
>>
>> if cesidianroot TLDs supports/has DNSSEC components/records, then how
>> can i use them or how to enable DNSSEC for CesidianRoot ?
>>
>> CesidianRoot can also resolve TLDs authoritatively maintained by
>> New-Nations.net root system, and i-DNS.net Root system. All of those
>> TLDs are currently using 'ns.cesidianroot-dnsSrv-randNum1.net' as
>> stub-host currently in 'service.conf' / 'unbound.conf' file. Since
>> CesidinaRoot is not SOA / AA / DS of New-Nations.net & i-DNS.net TLDs,
>> am i suppose to change the stub-host of those TLDs from
>> 'ns.cesidianroot-dnsSrv-randNum1.net' into
>> 'ns.new-nations-net-dnsSrv-randNum1.net' /
>> 'ns.i-dns-net-dnsSrv-randNum1.net' ?
>>
>> if i could use CesidianRoot with DNSSEC via unbound (along with the
>> default ICANN provided TLDs), then i could apply similar method/approach
>> for other root dns server, which are similar.
>>
>> by the way, your irc channel #unbound in irc.freenode.net is very
>> in-active, and some users who did post some messages, instead of helping
>> out, they question the 'question' ! or question the 'user' who is
>> posting the question or asking for help ! instead of asking more about
>> the problem itself, and what can be done to solve it ! very unfriendly
>> attitudes. Most likely these users does not like to help others, or
>> grumpy, or busy with something else, or expecting something else from users.
>>
>> in website, please add sha1, sha256 hash/checksum of windows binary
>> files, thanks.
>>
>> Thanks for your all help.
>> ~ Bry8Star.
>> _______________________________________________
>> Unbound-users mailing list
>> Unbound-users at unbound.net
>> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users