Technical Summary:
This document shows how to start and maintain a local copy of the root
zone that reduces round-trip times for certain queries, reduces the risk
of third-party observation of DNS queries and responses, and does not
cause problems for other users of the DNS, at the cost of adding some
operational fragility for the operator. It updates RFC 7706 with
additional operator experience in using the described techniques.
Working Group Summary:
The original RFC 7706 was published in 2015 as guidance to resolver
operators to help them provide local resolution of lookups in the root
zone, which has become increasingly popular as a resiliency mechanism for
DNS operations, but which can also lead to new failures that might be
difficult to troubleshoot. The technique was largely undocumented at the
time. The WG expected that a -bis document would be useful with more
experience, and has been correct in this assessment, so insight from that
further experience is presented here. The WG has thoroughly discussed the
document and both authors have been responsive and accurate in their work
on it.
Document Quality:
The document is based on RFC 7706 and clearly states the premise for
going beyond it-- 7706 specified one mechanism, local root server on
loopback, for the local root cache; 7706bis discusses others, including
operational requirements for configuration to provide the desired service
and avoid the pitfalls.
Personnel:
Shepherd: Suzanne Woolf
AD: Barry Leiba