From 9fc2cbe4b106618d44fe2e37f5b41ed675980d03 Mon Sep 17 00:00:00 2001
From: mibere <mibere@users.noreply.github.com>
Date: Wed, 4 Dec 2019 19:24:44 +0100
Subject: [PATCH] Local copy of the DNS root zone (hyperlocal)

Solves #38
---
 unbound.sh | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/unbound.sh b/unbound.sh
index a33b996..a50b21e 100755
--- a/unbound.sh
+++ b/unbound.sh
@@ -66,6 +66,7 @@ server:
   serve-expired: yes
   access-control: 0.0.0.0/0 allow
   access-control: ::0/0 allow
+  tls-cert-bundle: "/etc/ssl/certs/ca-certificates.crt"
 
   local-zone: "belkin." static
   local-zone: "corp." static
@@ -84,6 +85,14 @@ server:
 remote-control:
   control-enable: yes
   control-interface: 127.0.0.1
+
+auth-zone:
+  name: "."
+  url: "https://www.internic.net/domain/root.zone"
+  fallback-enabled: yes
+  for-downstream: no
+  for-upstream: yes
+  zonefile: "var/root.zone"
 EOT
 
 mkdir -p /opt/unbound/etc/unbound/dev &&