Hyperlocal: Is it meaningful to hold a local copy of the root zone?


Not if you are visiting the same page multiple times - often enough browsers like Firefox send dozens of queries even when visitng a page only once while it is loading the multiple contents that are there on modern webpages.

Furthermore, Pi-hole (as a DNS frontend) caches only exact hits (like whatever.domain.com). Unbound (as DNS backend / recursive resolver) will also cache the answers for domain.com and (quite importantly) com.

You mentioned pre-fetching. This is also very useful and will help with the overall latency of your system.

Conclusion: Both caches have their place: Exact matches are quickly answered by Pi-hole itself. Partial matches shorten the DNS path, unbound has to traverse if it holds parts of this path (e.g. domain.com) already in its cache. If Pi-hole’s cache wouldn’t be there, everything would always have to be passed to unbound (just another step in the chain causing some unnecessary delay). If unbounds cache wouldn’t be there, unknown domains would have to be walked every time starting from the root zone down to the node you requested.


Now in Unbound 1.9.0

  • List example config for root zone copy locally hosted with auth-zone as suggested from draft-ietf-dnsop-7706-bis-02. But with updated B root address.