On Wed, Aug 22, 2012 at 09:20:08PM -0700, Bry8 Star wrote: > Hi, Hi, > There are many other Root servers other than ICANN Root servers. For > example: CesidianRoot (http://www.cesidianroot.net/), OpenNIC > (http://www.opennicproject.org/), New Nations (New-Nations.net), > Namecoin DNS (DotBIT project, bit DNS) (http://dot-bit.org), 42 > (http://42registry.org/), OVH (http://ovh.co.uk/), i-DNS (MultiLingual > DNS) (i-dns.net), Public-Root ( http://public-root.com), UnifiedRoot > (unifiedroot.com), etc. > > How can i integrate all into one Unbound or into a central Unbound ? to > use their all TLDs, which are not found in default ICANN/IANA root servers. > That is gonna be an interresting journey to get that working if you want DNSSEC. Extra root servers, especially with DNSSEC, seems kind of unlikely to me. As the ICANN root is signed, you can't really add other data to a signed zone at the same level as far as I know. Extra TLD's should be possible. You'll need a stub-zone and (auto-)trust-anchor for each TLD that supports DNSSEC. However a validating resolver on a desktop/laptop/mobile device which does not have that installed would reject the data. Not many of those around though. Not yet anyway, but Chrome already has a DNSSEC-validator, they are adding a DNS-resolver and they have a way of updating the root key. The solution for not having to create such a large configuration file might be that someone, probably the alternative root or TLD operators, could create a DLV-registery. That might help. But I'm not expert on DLV. > Thanks for your all help. > ~ Bry8Star.