%% You should probably cite rfc8806 instead of this I-D. @techreport{ietf-dnsop-7706bis-02, number = {draft-ietf-dnsop-7706bis-02}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-dnsop-7706bis/02/}, author = {Warren "Ace" Kumari and Paul E. Hoffman}, title = {{Running a Root Server Local to a Resolver}}, pagetotal = 13, year = 2019, month = jan, day = 25, abstract = {Some DNS recursive resolvers have longer-than-desired round-trip times to the closest DNS root server. Some DNS recursive resolver operators want to prevent snooping of requests sent to DNS root servers by third parties. Such resolvers can greatly decrease the round-trip time and prevent observation of requests by running a copy of the full root zone on the same server, such as on a loopback address. This document shows how to start and maintain such a copy of the root zone that does not pose a threat to other users of the DNS, at the cost of adding some operational fragility for the operator. This draft will update RFC 7706. See Section 1.1 for a list of topics that will be added in the update. {[} Ed note: Text inside square brackets ({[}{]}) is additional background information, answers to freqently asked questions, general musings, etc. They will be removed before publication.{]} {[} This document is being collaborated on in Github at: https://github.com/wkumari/draft-kh-dnsop-7706bis. The most recent version of the document, open issues, and so on should all be available there. The authors gratefully accept pull requests. {]}}, }