====== Networking - DNS - Unbound - Authority Zones ======
auth-zone:
name: "."
primary: 199.9.14.201 # b.root-servers.net
primary: 192.33.4.12 # c.root-servers.net
primary: 199.7.91.13 # d.root-servers.net
primary: 192.5.5.241 # f.root-servers.net
primary: 192.112.36.4 # g.root-servers.net
primary: 193.0.14.129 # k.root-servers.net
primary: 192.0.47.132 # xfr.cjr.dns.icann.org
primary: 192.0.32.132 # xfr.lax.dns.icann.org
primary: 2001:500:200::b # b.root-servers.net
primary: 2001:500:2::c # c.root-servers.net
primary: 2001:500:2d::d # d.root-servers.net
primary: 2001:500:2f::f # f.root-servers.net
primary: 2001:500:12::d0d # g.root-servers.net
primary: 2001:7fd::1 # k.root-servers.net
primary: 2620:0:2830:202::132 # xfr.cjr.dns.icann.org
primary: 2620:0:2d0:202::132 # xfr.lax.dns.icann.org
fallback-enabled: yes
for-downstream: no
for-upstream: yes
auth-zone:
name: "example.org"
for-downstream: yes
for-upstream: yes
zonefile: "example.org.zone"
**NOTE:** The data for these zones is kept locally, from a file or downloaded.
The data can be served to downstream clients, or used instead of the upstream (which saves a lookup to the upstream).
The first example has a copy of the root for local usage.
The second serves example.org authoritatively.
* **name "."** covers **all** queries.
* **primary:** fetches with AXFR and IXFR, or url to zonefile.
* **fallback-enabled:** has default no. If enabled, unbound falls back to querying the internet as a resolver for this zone when lookups fail.
* **for-downstream:** has default yes. If enabled, unbound serves authority responses to downstream clients for this zone.
* **for-upstream:** has default yes. If enabled, unbound fetches data from this data collection for answering recursion queries.
* **zonefile:** reads from file (and writes to it if you also download it).