auth-zone: name: "." primary: 199.9.14.201 # b.root-servers.net primary: 192.33.4.12 # c.root-servers.net primary: 199.7.91.13 # d.root-servers.net primary: 192.5.5.241 # f.root-servers.net primary: 192.112.36.4 # g.root-servers.net primary: 193.0.14.129 # k.root-servers.net primary: 192.0.47.132 # xfr.cjr.dns.icann.org primary: 192.0.32.132 # xfr.lax.dns.icann.org primary: 2001:500:200::b # b.root-servers.net primary: 2001:500:2::c # c.root-servers.net primary: 2001:500:2d::d # d.root-servers.net primary: 2001:500:2f::f # f.root-servers.net primary: 2001:500:12::d0d # g.root-servers.net primary: 2001:7fd::1 # k.root-servers.net primary: 2620:0:2830:202::132 # xfr.cjr.dns.icann.org primary: 2620:0:2d0:202::132 # xfr.lax.dns.icann.org fallback-enabled: yes for-downstream: no for-upstream: yes auth-zone: name: "example.org" for-downstream: yes for-upstream: yes zonefile: "example.org.zone"
NOTE: The data for these zones is kept locally, from a file or downloaded.
The data can be served to downstream clients, or used instead of the upstream (which saves a lookup to the upstream).
The first example has a copy of the root for local usage.
The second serves example.org authoritatively.