RFC 8806 - Running a Root Server Local to a Resolver
Abstract
Some DNS recursive resolvers have longer-than-desired round-trip
times to the closest DNS root server; those resolvers may have
difficulty getting responses from the root servers, such as during a
network attack. Some DNS recursive resolver operators want to
prevent snooping by third parties of requests sent to DNS root
servers. In both cases, resolvers can greatly decrease the round-
trip time and prevent observation of requests by serving a copy of
the full root zone on the same server, such as on a loopback address
or in the resolver software. This document shows how to start and
maintain such a copy of the root zone that does not cause problems
for other users of the DNS, at the cost of adding some operational
fragility for the operator.
This document obsoletes RFC 7706.