How about adding:
modules.load('prefill')
prefill.config({
['.'] = {
url = 'https://www.internic.net/domain/root.zone',
ca_file = '/etc/ssl/certs/ca-certificates.crt',
interval = 86400 -- seconds
}
})
edit
corrected the path of the ca_file.
from ca_file = '/etc/pki/tls/certs/ca-bundle.crt',
to ca_file = '/etc/ssl/certs/ca-certificates.crt',
/edit
reference for prefill here.
reference for ca-file here.
the equivalent in unbound (you need the compiled version) is:
auth-zone:
name: "."
master: i.root-servers.net
master: f.root-servers.net
master: j.root-servers.net
master: k.root-servers.net
fallback-enabled: yes
for-downstream: no
for-upstream: yes
zonefile: "/root.zone"
Knot-resolver stores the data in the cache, whereas unbound stores the data in a file.
My goal is to run unboud (compiled version) and knot-resolver, both serving pihole-FTL (already works on my test pi).
pihole-FTL will than decide, based on the built in algorithm, witch resolver is the fastest and use it for a while. If unbound OR knot-resolver gets into trouble (doesn't work anymore), pihole-FTL will use the other available resolver.
To achieve this, I simply removed all server entries from /etc/dnsmasq.d/01-pihole.conf and added /etc/dnsmasq.d/04-servers.conf, content:
# unbound
server=127.10.10.2#5552
server=fdaa:bbcc:ddee:2::5552#5552
# knot-resolver
server=127.10.10.5#5555
server=fdaa:bbcc:ddee:2::5555#5555
I assume you got some of the configuration changes you made here. If you have a better information source, please let us know.