Complete DNS fake root setup example
Mukund Sivaraman
muks at isc.org
Wed Jan 20 17:30:34 UTC 2016
Hi John
On Wed, Jan 20, 2016 at 05:12:44PM +0000, MURTARI, JOHN wrote:
> Folks,
> Had to do some testing where we wanted our own
> insulated fake root environment. We wanted to start
> from simulated root name servers. I was surprised I
> couldn't find a complete example even after some
> extensive searches.
>
> The concepts are easy, but the devil is in the
> details. We had done this before, but no one ever
> kept notes so I figured by posting it on the list it
> will eventually find its way into Google. Here are
> the setup instructions below, name & ip address have
> been changed to protect the innocent! Your
> comments/suggestions are welcome!
The key parts are the root hints and the trust anchors. You can see
several such fake root configurations in the BIND 9 system tests (look
in bin/tests/system), e.g., the resolver system test.
Mukund
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160120/7aed6d2f/attachment.bin>
More information about the bind-users
mailing list