Einrichten eines lokalen DNS-Resolvers mit Unbound unter Arch Linux
Mit Hilfe von Unbound kann ist ein validierender, rekursiver, cachender DNS-Resolver realisiert werden. Bei der Entwicklung, die in erster Linie von NLnet Labs erfolgt, wurde grosser Wert auf Schnelligkeit und Schlankheit und Sicherheit gelegt. Hierzu konzentriert sich Unbound auf den Schutz der Privatsphäre und die Sicherheit rund um das Domain Name System, jedoch beim Bereitstellen des Dienstes keineswegs Einschränkungen beim Funktionsumfang, bei Leistung oder Geschwindigkeit zu machen.
Herausforderung / Aufgabenstellung
Betrachten wir kurz die grundlegende Infrastruktur, mit der wir uns nun hier befassen wollen. Im vorigen Einrichten eines DNS-Daemons auf Basis von ISC Bind unter Arch Linux hatten wir bereits unseren DNS-Server erfolgreich aufgesetzt, der DNS-Anfragen lediglich auf den beiden localhost-Adressen 127.0.0.1 und ::1 beantworten kann. Im nun zweiten Schritt wollen wir für die workload der Clients aus den einzelnen Zonen einen unbound-Resolver aufsetzen.
Die nachfolgende Übersicht gestattet einen Überblick über die Infrastruktur, mit der wir uns anschließend befassen wollen.
Der DNS-Resolver unbound soll Fragen nach Adressen aus dem WWW eigenständig abarbeiten. Anfragen an die eigenen Domains und Zonen hingegen sollen an den „hidden master“,also unseren ISC Bind weiterreichen. Unser DNS-Resolver unbound wird dabei DNSSec gesicherte Antworten ausliefern, bei denen das ad-Flag gesetzt ist.
DNSSEC
Nun könnte man durchaus fragen, warum man denn vor den ISC Bind Server noch unbedingt einen unbound-Resolver sich ans Bein binden möchte. Werfen wir dazu kurz einen Blick auf eine Anfrage an unseren ISC Bind Namserver, wen wir im Kapitel Orchestrierung - Installation und Konfiguration des BIND9 inkl. der Zonen-Datei-Pflege mit Hilfe von Ansible aufgesetzt hatten.
Als ersten fragen wir nach dem AAAA-Record eines unserer Hosts und nutzen dabei die Option +dnssec:
# dig @::1 AAAA zerberus.nausch.org +dnssec
; <<>> DiG 9.20.18 <<>> @::1 AAAA zerberus.nausch.org +dnssec ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24233 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 5 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ; COOKIE: da549b6bb36e0109010000006978ed5d309da6924efba5dd (good) ;; QUESTION SECTION: ;zerberus.nausch.org. IN AAAA ;; ANSWER SECTION: zerberus.nausch.org. 3600 IN AAAA fd00::3:10:0:0:9a37 zerberus.nausch.org. 3600 IN RRSIG AAAA 13 3 3600 20260206134310 20260123131754 51016 nausch.org. 3j+thdBQ945lvaYhKV7+Dljm2XIMV9aIdCJeYnyk3qE+9iG2ap3YlplF eLpqlE7Qd19t3Zb3tiT60qr4zwiLtQ== ;; AUTHORITY SECTION: nausch.org. 3600 IN NS ns1.nausch.org. nausch.org. 3600 IN RRSIG NS 13 2 3600 20260206100216 20260123131754 51016 nausch.org. 4m4o1JFHE8mJMhKq+oN53tI/mM79zHo4d/8M60ac7VmLduxlwgRaTSYa 0R67uVQJhhO4lL0CZNWORLnlXKU7iw== ;; ADDITIONAL SECTION: ns1.nausch.org. 3600 IN AAAA fd00::3:10:0:0:110 ns1.nausch.org. 3600 IN A 10.0.0.110 ns1.nausch.org. 3600 IN RRSIG A 13 3 3600 20260206025452 20260123131754 51016 nausch.org. nope0syW3S4rSB4txOMgkZRHsdRhwxqzAWZRqZF5O5u0oAHK9H+bNuwh 80yvH6443bPx7LP+B8Nj3ftP5IsL/Q== ns1.nausch.org. 3600 IN RRSIG AAAA 13 3 3600 20260206025452 20260123131754 51016 nausch.org. 5gwNtzrGINCHIIpYcEOr9h8m9LrqnC3QkSdKzavKRWSD6RU/61SVQWqI u1yhot48pjI1OQxEiMH4g3yO2TelBw== ;; Query time: 0 msec ;; SERVER: ::1#53(::1) (UDP) ;; WHEN: Tue Jan 27 17:52:45 CET 2026 ;; MSG SIZE rcvd: 590
Bei der Antwort sehen wir, dass die Flags qr aa rd ra gesetzt sind. Diese Flags haben folgende Bedeutungen:
- AA = Authoritative Answer (die Anfrage wird autoritativ beantwortet, also aus einer lokalen Zonendatei, beantwortet. Eine Überprüfung der eignen Antwort des autoritativer DNS-Server ist somit nicht nötig, dementsprechend ist auch das
ad-Flag nicht gesetzt, da der Server sich selbst das nötige Vertrauen schenkt.) - TC = Truncation
- RD = Recursion Desired (in einer Abfrage festgelegt und in die Antwort kopiert, wenn Rekursion unterstützt wird)
- RA = Recursion Available (wenn festgelegt, bedeutet dies, dass rekursive Abfragen unterstützt werden)
- AD = Authenticated Data (nur für DNSSEC; gibt an, dass die Daten authentifiziert wurden)
- CD = Checking Disabled (nur DNSSEC; deaktiviert die Überprüfung auf dem empfangenden Server)
Da wir später immer validierte Antworten sehen möchten, müssen wir dafür sorgen, daß unser Resolver eben dieses setzen kann und hier kommt unbound ins Spiel. Das Ergebnis und den Unterschied zu dem gerade genannte Abfragebeispiel sehen wir uns dann hier genauer an.
Installation und Konfiguration des DNS-Resolvers unbound
Dokumentation / Man-Pages
unbound DNS Validation Resolver
Was uns der unbound DNS Validation Resolver bietet und welche Optionen beim Aufruf der Daemon bietet offenbart uns die betreffende Man-Page des Programms.
# man unbound
UNBOUND(8) Unbound UNBOUND(8)
NAME
unbound - Unbound DNS validating resolver 1.24.2.
SYNOPSIS
unbound [-hdpv] [-c <cfgfile>]
DESCRIPTION
unbound is a caching DNS resolver.
It uses a built in list of authoritative nameservers for the root zone (.), the so called root hints. On receiving a DNS query it will ask the
root nameservers for an answer and will in almost all cases receive a delegation to a top level domain (TLD) authoritative nameserver. It will
then ask that nameserver for an answer. It will recursively continue until an answer is found or no answer is available (NXDOMAIN). For perfor‐
mance and efficiency reasons that answer is cached for a certain time (the answer's time-to-live or TTL). A second query for the same name will
then be answered from the cache. Unbound can also do DNSSEC validation.
To use a locally running Unbound for resolving put:
nameserver 127.0.0.1
into resolv.conf(5).
If authoritative DNS is needed as well using nsd(8), careful setup is required because authoritative nameservers and resolvers are using the same
port number (53).
The available options are:
-h Show the version number and commandline option help, and exit.
-c <cfgfile>
Set the config file with settings for unbound to read instead of reading the file at the default location, /etc/unbound/unbound.conf. The
syntax is described in unbound.conf(5).
-d Debug flag: do not fork into the background, but stay attached to the console. This flag will also delay writing to the log file until the
thread-spawn time, so that most config and setup errors appear on stderr. If given twice or more, logging does not switch to the log file
or to syslog, but the log messages are printed to stderr all the time.
-p Don't use a pidfile. This argument should only be used by supervision systems which can ensure that only one instance of Unbound will run
concurrently.
-v Increase verbosity. If given multiple times, more information is logged. This is in addition to the verbosity (if any) from the config
file.
-V Show the version number and build options, and exit.
SEE ALSO
unbound.conf(5), unbound-checkconf(8), nsd(8).
AUTHOR
Unbound developers are mentioned in the CREDITS file in the distribution.
COPYRIGHT
1999-2025, NLnet Labs
1.24.2 Dec 14, 2025 UNBOUND(8)
Manual-Page der Konfigurationsdatei unbound.conf
Interessantes rund um die Konfigurationsoptionen des Resolvers finden wir in der Man-Page unbound.conf
# man unbound.conf
UNBOUND.CONF(5) Unbound UNBOUND.CONF(5)
NAME
unbound.conf - Unbound 1.24.2 configuration file.
SYNOPSIS
unbound.conf
DESCRIPTION
unbound.conf is used to configure unbound(8). The file format has attributes and values. Some attributes have attributes inside them. The nota‐
tion is: attribute: value.
Comments start with # and last to the end of line. Empty lines are ignored as is whitespace at the beginning of a line.
The utility unbound-checkconf(8) can be used to check unbound.conf prior to usage.
EXAMPLE
An example config file is shown below. Copy this to /etc/unbound/unbound.conf and start the server with:
$ unbound -c /etc/unbound/unbound.conf
Most settings are the defaults. Stop the server with:
$ kill `cat /etc/unbound/unbound.pid`
Below is a minimal config file. The source distribution contains an extensive example.conf file with all the options.
# unbound.conf(5) config file for unbound(8).
server:
directory: "/etc/unbound"
username: unbound
# make sure unbound can access entropy from inside the chroot.
# e.g. on linux the use these commands (on BSD, devfs(8) is used):
# mount --bind -n /dev/urandom /etc/unbound/dev/urandom
# and mount --bind -n /dev/log /etc/unbound/dev/log
chroot: "/etc/unbound"
# logfile: "/etc/unbound/unbound.log" #uncomment to use logfile.
pidfile: "/etc/unbound/unbound.pid"
# verbosity: 1 # uncomment and increase to get more logging.
# listen on all interfaces, answer queries from the local subnet.
interface: 0.0.0.0
interface: ::0
access-control: 10.0.0.0/8 allow
access-control: 2001:DB8::/64 allow
FILE FORMAT
There must be whitespace between keywords. Attribute keywords end with a colon ':'. An attribute is followed by a value, or its containing at‐
tributes in which case it is referred to as a clause. Clauses can be repeated throughout the file (or included files) to group attributes under
the same clause.
Files can be included using the include: directive. It can appear anywhere, it accepts a single file name as argument. Processing continues as if
the text from the included file was copied into the config file at that point. If also using chroot, using full path names for the included files
works, relative pathnames for the included names work if the directory where the daemon is started equals its chroot/working directory or is speci‐
fied before the include statement with directory: dir. Wildcards can be used to include multiple files, see glob(7).
For a more structural include option, the include-toplevel: directive can be used. This closes whatever clause is currently active (if any) and
forces the use of clauses in the included files and right after this directive.
Server Options
These options are part of the server: clause.
verbosity: <number>
The verbosity level.
Level 0
No verbosity, only errors.
Level 1
Gives operational information.
Level 2
Gives detailed operational information including short information per query.
Level 3
Gives query level information, output per query.
Level 4
Gives algorithm level information.
Level 5
Logs client identification for cache misses.
The verbosity can also be increased from the command line and during run time via remote control. See unbound(8) and unbound-control(8) re‐
spectively.
Default: 1
statistics-interval: <seconds>
The number of seconds between printing statistics to the log for every thread. Disable with value 0 or "". The histogram statistics are
only printed if replies were sent during the statistics interval, requestlist statistics are printed for every interval (but can be 0).
This is because the median calculation requires data to be present.
Default: 0 (disabled)
statistics-cumulative: <yes or no>
If enabled, statistics are cumulative since starting Unbound, without clearing the statistics counters after logging the statistics.
Default: no
extended-statistics: <yes or no>
If enabled, extended statistics are printed from unbound-control(8). The counters are listed in unbound-control(8). Keeping track of more
statistics takes time.
Default: no
statistics-inhibit-zero: <yes or no>
If enabled, selected extended statistics with a value of 0 are inhibited from printing with unbound-control(8). These are query types,
query classes, query opcodes, answer rcodes (except NOERROR, FORMERR, SERVFAIL, NXDOMAIN, NOTIMPL, REFUSED) and PRZ actions.
Default: yes
num-threads: <number>
The number of threads to create to serve clients. Use 1 for no threading.
Default: 1
port: <port number>
The port number on which the server responds to queries.
Default: 53
interface: <IP address or interface name[@port]>
Interface to use to connect to the network. This interface is listened to for queries from clients, and answers to clients are given from
it. Can be given multiple times to work on several interfaces. If none are given the default is to listen on localhost.
If an interface name is used instead of an IP address, the list of IP addresses on that interface are used. The interfaces are not changed
on a reload (kill -HUP) but only on restart.
A port number can be specified with @port (without spaces between interface and port number), if not specified the default port (from port)
is used.
ip-address: <IP address or interface name[@port]>
Same as interface (for ease of compatibility with nsd.conf(5)).
interface-automatic: <yes or no>
Listen on all addresses on all (current and future) interfaces, detect the source interface on UDP queries and copy them to replies. This
is a lot like ip-transparent, but this option services all interfaces whilst with ip-transparent you can select which (future) interfaces
Unbound provides service on. This feature is experimental, and needs support in your OS for particular socket options.
Default: no
interface-automatic-ports: "<string>"
List the port numbers that interface-automatic listens on. If empty, the default port is listened on. The port numbers are separated by
spaces in the string.
This can be used to have interface automatic to deal with the interface, and listen on the normal port number, by including it in the list,
and also HTTPS or DNS-over-TLS port numbers by putting them in the list as well.
Default: ""
outgoing-interface: <IPv4/IPv6 address or IPv6 netblock>
Interface to use to connect to the network. This interface is used to send queries to authoritative servers and receive their replies. Can
be given multiple times to work on several interfaces. If none are given the default (all) is used. You can specify the same interfaces in
interface and outgoing-interface lines, the interfaces are then used for both purposes. Outgoing queries are sent via a random outgoing in‐
terface to counter spoofing.
If an IPv6 netblock is specified instead of an individual IPv6 address, outgoing UDP queries will use a randomised source address taken from
the netblock to counter spoofing. Requires the IPv6 netblock to be routed to the host running Unbound, and requires OS support for unprivi‐
leged non-local binds (currently only supported on Linux). Several netblocks may be specified with multiple outgoing-interface options, but
do not specify both an individual IPv6 address and an IPv6 netblock, or the randomisation will be compromised. Consider combining with
prefer-ip6: yes to increase the likelihood of IPv6 nameservers being selected for queries. On Linux you need these two commands to be able
to use the freebind socket option to receive traffic for the ip6 netblock:
ip -6 addr add mynetblock/64 dev lo && \
ip -6 route add local mynetblock/64 dev lo
outgoing-range: <number>
Number of ports to open. This number of file descriptors can be opened per thread. Must be at least 1. Default depends on compile op‐
tions. Larger numbers need extra resources from the operating system. For performance a very large value is best, use libevent to make
this possible.
Default: 4096 (libevent) / 960 (minievent) / 48 (windows)
outgoing-port-permit: <port number or range>
Permit Unbound to open this port or range of ports for use to send queries. A larger number of permitted outgoing ports increases re‐
silience against spoofing attempts. Make sure these ports are not needed by other daemons. By default only ports above 1024 that have not
been assigned by IANA are used. Give a port number or a range of the form "low-high", without spaces.
The outgoing-port-permit and outgoing-port-avoid statements are processed in the line order of the config file, adding the permitted ports
and subtracting the avoided ports from the set of allowed ports. The processing starts with the non IANA allocated ports above 1024 in the
set of allowed ports.
outgoing-port-avoid: <port number or range>
Do not permit Unbound to open this port or range of ports for use to send queries. Use this to make sure Unbound does not grab a port that
another daemon needs. The port is avoided on all outgoing interfaces, both IPv4 and IPv6. By default only ports above 1024 that have not
been assigned by IANA are used. Give a port number or a range of the form "low-high", without spaces.
outgoing-num-tcp: <number>
Number of outgoing TCP buffers to allocate per thread. If set to 0, or if do-tcp: no is set, no TCP queries to authoritative servers are
done. For larger installations increasing this value is a good idea.
Default: 10
incoming-num-tcp: <number>
Number of incoming TCP buffers to allocate per thread. If set to 0, or if do-tcp: no is set, no TCP queries from clients are accepted. For
larger installations increasing this value is a good idea.
Default: 10
edns-buffer-size: <number>
Number of bytes size to advertise as the EDNS reassembly buffer size. This is the value put into datagrams over UDP towards peers. The ac‐
tual buffer size is determined by msg-buffer-size (both for TCP and UDP). Do not set higher than that value. Setting to 512 bypasses even
the most stringent path MTU problems, but is seen as extreme, since the amount of TCP fallback generated is excessive (probably also for
this resolver, consider tuning outgoing-num-tcp).
Default: 1232 (DNS Flag Day 2020 recommendation)
max-udp-size: <number>
Maximum UDP response size (not applied to TCP response). 65536 disables the UDP response size maximum, and uses the choice from the client,
always. Suggested values are 512 to 4096.
Default: 1232 (same as edns-buffer-size)
stream-wait-size: <number>
Number of bytes size maximum to use for waiting stream buffers. A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes
or gigabytes (1024*1024 bytes in a megabyte). As TCP and TLS streams queue up multiple results, the amount of memory used for these buffers
does not exceed this number, otherwise the responses are dropped. This manages the total memory usage of the server (under heavy use), the
number of requests that can be queued up per connection is also limited, with further requests waiting in TCP buffers.
Default: 4m
msg-buffer-size: <number>
Number of bytes size of the message buffers. Default is 65552 bytes, enough for 64 Kb packets, the maximum DNS message size. No message
larger than this can be sent or received. Can be reduced to use less memory, but some requests for DNS data, such as for huge resource
records, will result in a SERVFAIL reply to the client.
Default: 65552
msg-cache-size: <number>
Number of bytes size of the message cache. A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes or gigabytes
(1024*1024 bytes in a megabyte).
Default: 4m
msg-cache-slabs: <number>
Number of slabs in the message cache. Slabs reduce lock contention by threads. Must be set to a power of 2. Setting (close) to the number
of cpus is a fairly good setting. If left unconfigured, it will be configured automatically to be a power of 2 close to the number of con‐
figured threads in multi-threaded environments.
Default: (unconfigured)
num-queries-per-thread: <number>
The number of queries that every thread will service simultaneously. If more queries arrive that need servicing, and no queries can be jos‐
tled out (see jostle-timeout), then the queries are dropped. This forces the client to resend after a timeout; allowing the server time to
work on the existing queries. Default depends on compile options.
Default: 2048 (libevent) / 512 (minievent) / 24 (windows)
jostle-timeout: <msec>
Timeout used when the server is very busy. Set to a value that usually results in one roundtrip to the authority servers.
If too many queries arrive, then 50% of the queries are allowed to run to completion, and the other 50% are replaced with the new incoming
query if they have already spent more than their allowed time. This protects against denial of service by slow queries or high query rates.
The effect is that the qps for long-lasting queries is about:
(num-queries-per-thread / 2) / (average time for such long queries) qps
The qps for short queries can be about:
(num-queries-per-thread / 2) / (jostle-timeout in whole seconds) qps per thread
about (2048/2)*5 = 5120 qps by default.
Default: 200
delay-close: <msec>
Extra delay for timeouted UDP ports before they are closed, in msec. This prevents very delayed answer packets from the upstream (recur‐
sive) servers from bouncing against closed ports and setting off all sort of close-port counters, with eg. 1500 msec. When timeouts happen
you need extra sockets, it checks the ID and remote IP of packets, and unwanted packets are added to the unwanted packet counter.
Default: 0 (disabled)
udp-connect: <yes or no>
Perform connect(2) for UDP sockets that mitigates ICMP side channel leakage.
Default: yes
unknown-server-time-limit: <msec>
The wait time in msec for waiting for an unknown server to reply. Increase this if you are behind a slow satellite link, to eg. 1128. That
would then avoid re-querying every initial query because it times out.
Default: 376
discard-timeout: <msec>
The wait time in msec where recursion requests are dropped. This is to stop a large number of replies from accumulating. They receive no
reply, the work item continues to recurse. It is nice to be a bit larger than serve-expired-client-timeout if that is enabled. A value of
1900 msec is suggested. The value 0 disables it.
Default: 1900
wait-limit: <number>
The number of replies that can wait for recursion, for an IP address. This makes a ratelimit per IP address of waiting replies for recur‐
sion. It stops very large amounts of queries waiting to be returned to one destination. The value 0 disables wait limits.
Default: 1000
wait-limit-cookie: <number>
The number of replies that can wait for recursion, for an IP address that sent the query with a valid DNS Cookie. Since the cookie vali‐
dates the client address, this limit can be higher.
Default: 10000
wait-limit-netblock: <netblock> <number>
The wait limit for the netblock. If not given the wait-limit value is used. The most specific netblock is used to determine the limit.
Useful for overriding the default for a specific, group or individual, server. The value -1 disables wait limits for the netblock. By de‐
fault the loopback has a wait limit netblock of -1, it is not limited, because it is separated from the rest of network for spoofed packets.
The loopback addresses 127.0.0.0/8 and ::1/128 are default at -1.
Default: (none)
wait-limit-cookie-netblock: <netblock> <number>
The wait limit for the netblock, when the query has a DNS Cookie. If not given, the wait-limit-cookie value is used. The value -1 disables
wait limits for the netblock. The loopback addresses 127.0.0.0/8 and ::1/128 are default at -1.
Default: (none)
so-rcvbuf: <number>
If not 0, then set the SO_RCVBUF socket option to get more buffer space on UDP port 53 incoming queries. So that short spikes on busy
servers do not drop packets (see counter in netstat -su). Otherwise, the number of bytes to ask for, try "4m" on a busy server.
The OS caps it at a maximum, on linux Unbound needs root permission to bypass the limit, or the admin can use sysctl net.core.rmem_max.
On BSD change kern.ipc.maxsockbuf in /etc/sysctl.conf.
On OpenBSD change header and recompile kernel.
On Solaris ndd -set /dev/udp udp_max_buf 8388608.
Default: 0 (use system value)
so-sndbuf: <number>
If not 0, then set the SO_SNDBUF socket option to get more buffer space on UDP port 53 outgoing queries. This for very busy servers handles
spikes in answer traffic, otherwise:
send: resource temporarily unavailable
can get logged, the buffer overrun is also visible by netstat -su. If set to 0 it uses the system value. Specify the number of bytes to
ask for, try "8m" on a very busy server.
It needs some space to be able to deal with packets that wait for local address resolution, from like ARP and NDP discovery, before they are
sent out, hence it is elevated above the system default by default.
The OS caps it at a maximum, on linux Unbound needs root permission to bypass the limit, or the admin can use sysctl net.core.wmem_max.
On BSD, Solaris changes are similar to so-rcvbuf.
Default: 4m
so-reuseport: <yes or no>
If yes, then open dedicated listening sockets for incoming queries for each thread and try to set the SO_REUSEPORT socket option on each
socket. May distribute incoming queries to threads more evenly.
On Linux it is supported in kernels >= 3.9.
On other systems, FreeBSD, OSX it may also work.
You can enable it (on any platform and kernel), it then attempts to open the port and passes the option if it was available at compile time,
if that works it is used, if it fails, it continues silently (unless verbosity 3) without the option.
At extreme load it could be better to turn it off to distribute the queries evenly, reported for Linux systems (4.4.x).
Default: yes
ip-transparent: <yes or no>
If yes, then use IP_TRANSPARENT socket option on sockets where Unbound is listening for incoming traffic. Allows you to bind to non-local
interfaces. For example for non-existent IP addresses that are going to exist later on, with host failover configuration.
This is a lot like interface-automatic, but that one services all interfaces and with this option you can select which (future) interfaces
Unbound provides service on.
This option needs Unbound to be started with root permissions on some systems. The option uses IP_BINDANY on FreeBSD systems and SO_BINDANY
on OpenBSD systems.
Default: no
ip-freebind: <yes or no>
If yes, then use IP_FREEBIND socket option on sockets where Unbound is listening to incoming traffic. Allows you to bind to IP addresses
that are nonlocal or do not exist, like when the network interface or IP address is down.
Exists only on Linux, where the similar ip-transparent option is also available.
Default: no
ip-dscp: <number>
The value of the Differentiated Services Codepoint (DSCP) in the differentiated services field (DS) of the outgoing IP packet headers. The
field replaces the outdated IPv4 Type-Of-Service field and the IPv6 traffic class field.
rrset-cache-size: <number>
Number of bytes size of the RRset cache. A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes or gigabytes
(1024*1024 bytes in a megabyte).
Default: 4m
rrset-cache-slabs: <number>
Number of slabs in the RRset cache. Slabs reduce lock contention by threads. Must be set to a power of 2. Setting (close) to the number
of cpus is a fairly good setting. If left unconfigured, it will be configured automatically to be a power of 2 close to the number of con‐
figured threads in multi-threaded environments.
Default: (unconfigured)
cache-max-ttl: <seconds>
Time to live maximum for RRsets and messages in the cache. When the TTL expires, the cache item has expired. Can be set lower to force the
resolver to query for data often, and not trust (very large) TTL values. Downstream clients also see the lower TTL.
Default: 86400 (1 day)
cache-min-ttl: <seconds>
Time to live minimum for RRsets and messages in the cache. If the minimum kicks in, the data is cached for longer than the domain owner in‐
tended, and thus less queries are made to look up the data. Zero makes sure the data in the cache is as the domain owner intended, higher
values, especially more than an hour or so, can lead to trouble as the data in the cache does not match up with the actual data any more.
Default: 0 (disabled)
cache-max-negative-ttl: <seconds>
Time to live maximum for negative responses, these have a SOA in the authority section that is limited in time. This applies to NXDOMAIN
and NODATA answers.
Default: 3600
cache-min-negative-ttl: <seconds>
Time to live minimum for negative responses, these have a SOA in the authority section that is limited in time. If this is disabled and
cache-min-ttl is configured, it will take effect instead. In that case you can set this to 1 to honor the upstream TTL. This applies to
NXDOMAIN and NODATA answers.
Default: 0 (disabled)
infra-host-ttl: <seconds>
Time to live for entries in the host cache. The host cache contains roundtrip timing, lameness and EDNS support information.
Default: 900
infra-cache-slabs: <number>
Number of slabs in the infrastructure cache. Slabs reduce lock contention by threads. Must be set to a power of 2. Setting (close) to the
number of cpus is a fairly good setting. If left unconfigured, it will be configured automatically to be a power of 2 close to the number
of configured threads in multi-threaded environments.
Default: (unconfigured)
infra-cache-numhosts: <number>
Number of hosts for which information is cached.
Default: 10000
infra-cache-min-rtt: <msec>
Lower limit for dynamic retransmit timeout calculation in infrastructure cache. Increase this value if using forwarders needing more time
to do recursive name resolution.
Default: 50
infra-cache-max-rtt: <msec>
Upper limit for dynamic retransmit timeout calculation in infrastructure cache.
Default: 120000 (2 minutes)
infra-keep-probing: <yes or no>
If enabled the server keeps probing hosts that are down, in the one probe at a time regime. Hosts that are down, eg. they did not respond
during the one probe at a time period, are marked as down and it may take infra-host-ttl time to get probed again.
Default: no
define-tag: "<list of tags>"
Define the tags that can be used with local-zone and access-control. Enclose the list between quotes ("") and put spaces between tags.
do-ip4: <yes or no>
Enable or disable whether IPv4 queries are answered or issued.
Default: yes
do-ip6: <yes or no>
Enable or disable whether IPv6 queries are answered or issued. If disabled, queries are not answered on IPv6, and queries are not sent on
IPv6 to the internet nameservers. With this option you can disable the IPv6 transport for sending DNS traffic, it does not impact the con‐
tents of the DNS traffic, which may have IPv4 (A) and IPv6 (AAAA) addresses in it.
Default: yes
prefer-ip4: <yes or no>
If enabled, prefer IPv4 transport for sending DNS queries to internet nameservers. Useful if the IPv6 netblock the server has, the entire
/64 of that is not owned by one operator and the reputation of the netblock /64 is an issue, using IPv4 then uses the IPv4 filters that the
upstream servers have.
Default: no
prefer-ip6: <yes or no>
If enabled, prefer IPv6 transport for sending DNS queries to internet nameservers.
Default: no
do-udp: <yes or no>
Enable or disable whether UDP queries are answered or issued.
Default: yes
do-tcp: <yes or no>
Enable or disable whether TCP queries are answered or issued.
Default: yes
tcp-mss: <number>
Maximum segment size (MSS) of TCP socket on which the server responds to queries. Value lower than common MSS on Ethernet (1220 for exam‐
ple) will address path MTU problem. Note that not all platform supports socket option to set MSS (TCP_MAXSEG). Default is system default
MSS determined by interface MTU and negotiation between server and client.
outgoing-tcp-mss: <number>
Maximum segment size (MSS) of TCP socket for outgoing queries (from Unbound to other servers). Value lower than common MSS on Ethernet
(1220 for example) will address path MTU problem. Note that not all platform supports socket option to set MSS (TCP_MAXSEG). Default is
system default MSS determined by interface MTU and negotiation between Unbound and other servers.
tcp-idle-timeout: <msec>
The period Unbound will wait for a query on a TCP connection. If this timeout expires Unbound closes the connection. When the number of
free incoming TCP buffers falls below 50% of the total number configured, the option value used is progressively reduced, first to 1% of the
configured value, then to 0.2% of the configured value if the number of free buffers falls below 35% of the total number configured, and fi‐
nally to 0 if the number of free buffers falls below 20% of the total number configured. A minimum timeout of 200 milliseconds is observed
regardless of the option value used. It will be overridden by edns-tcp-keepalive-timeout if edns-tcp-keepalive is enabled.
Default: 30000 (30 seconds)
tcp-reuse-timeout: <msec>
The period Unbound will keep TCP persistent connections open to authority servers.
Default: 60000 (60 seconds)
max-reuse-tcp-queries: <number>
The maximum number of queries that can be sent on a persistent TCP connection.
Default: 200
tcp-auth-query-timeout: <number>
Timeout in milliseconds for TCP queries to auth servers.
Default: 3000 (3 seconds)
edns-tcp-keepalive: <yes or no>
Enable or disable EDNS TCP Keepalive.
Default: no
edns-tcp-keepalive-timeout: <msec>
Overrides tcp-idle-timeout when edns-tcp-keepalive is enabled. If the client supports the EDNS TCP Keepalive option, If the client supports
the EDNS TCP Keepalive option, Unbound sends the timeout value to the client to encourage it to close the connection before the server times
out.
Default: 120000 (2 minutes)
sock-queue-timeout: <sec>
UDP queries that have waited in the socket buffer for a long time can be dropped. The time is set in seconds, 3 could be a good value to
ignore old queries that likely the client does not need a reply for any more. This could happen if the host has not been able to service
the queries for a while, i.e. Unbound is not running, and then is enabled again. It uses timestamp socket options. The socket option is
available on the Linux and FreeBSD platforms.
Default: 0 (disabled)
tcp-upstream: <yes or no>
Enable or disable whether the upstream queries use TCP only for transport. Useful in tunneling scenarios. If set to no you can specify TCP
transport only for selected forward or stub zones using forward-tcp-upstream or stub-tcp-upstream respectively.
Default: no
udp-upstream-without-downstream: <yes or no>
Enable UDP upstream even if do-udp: no is set. Useful for TLS service providers, that want no UDP downstream but use UDP to fetch data up‐
stream.
Default: no (no changes)
tls-upstream: <yes or no>
Enabled or disable whether the upstream queries use TLS only for transport. Useful in tunneling scenarios. The TLS contains plain DNS in
TCP wireformat. The other server must support this (see tls-service-key).
If you enable this, also configure a tls-cert-bundle or use tls-win-cert or tls-system-cert to load CA certs, otherwise the connections can‐
not be authenticated.
This option enables TLS for all of them, but if you do not set this you can configure TLS specifically for some forward zones with
forward-tls-upstream. And also with stub-tls-upstream. If the tls-upstream option is enabled, it is for all the forwards and stubs, where
the forward-tls-upstream and stub-tls-upstream options are ignored, as if they had been set to yes.
Default: no
ssl-upstream: <yes or no>
Alternate syntax for tls-upstream. If both are present in the config file the last is used.
tls-service-key: <file>
If enabled, the server provides DNS-over-TLS or DNS-over-HTTPS service on the TCP ports marked implicitly or explicitly for these services
with tls-port or https-port. The file must contain the private key for the TLS session, the public certificate is in the tls-service-pem
file and it must also be specified if tls-service-key is specified. Enabling or disabling this service requires a restart (a reload is not
enough), because the key is read while root permissions are held and before chroot (if any). The ports enabled implicitly or explicitly via
tls-port and https-port do not provide normal DNS TCP service.
NOTE:
Unbound needs to be compiled with libnghttp2 in order to provide DNS-over-HTTPS.
Default: "" (disabled)
ssl-service-key: <file>
Alternate syntax for tls-service-key.
tls-service-pem: <file>
The public key certificate pem file for the tls service.
Default: "" (disabled)
ssl-service-pem: <file>
Alternate syntax for tls-service-pem.
tls-port: <number>
The port number on which to provide TCP TLS service. Only interfaces configured with that port number as @number get the TLS service.
Default: 853
ssl-port: <number>
Alternate syntax for tls-port.
tls-cert-bundle: <file>
If null or "", no file is used. Set it to the certificate bundle file, for example /etc/pki/tls/certs/ca-bundle.crt. These certificates
are used for authenticating connections made to outside peers. For example auth-zone urls, and also DNS-over-TLS connections. It is read
at start up before permission drop and chroot.
Default: "" (disabled)
ssl-cert-bundle: <file>
Alternate syntax for tls-cert-bundle.
tls-win-cert: <yes or no>
Add the system certificates to the cert bundle certificates for authentication. If no cert bundle, it uses only these certificates. On
windows this option uses the certificates from the cert store. Use the tls-cert-bundle option on other systems. On other systems, this op‐
tion enables the system certificates.
Default: no
tls-system-cert: <yes or no>
This the same attribute as the tls-win-cert attribute, under a different name. Because it is not windows specific.
tls-additional-port: <portnr>
List port numbers as tls-additional-port, and when interfaces are defined, eg. with the @port suffix, as this port number, they provide
DNS-over-TLS service. Can list multiple, each on a new statement.
tls-session-ticket-keys: <file>
If not "", lists files with 80 bytes of random contents that are used to perform TLS session resumption for clients using the Unbound
server. These files contain the secret key for the TLS session tickets. First key use to encrypt and decrypt TLS session tickets. Other
keys use to decrypt only.
With this you can roll over to new keys, by generating a new first file and allowing decrypt of the old file by listing it after the first
file for some time, after the wait clients are not using the old key any more and the old key can be removed. One way to create the file
is:
dd if=/dev/random bs=1 count=80 of=ticket.dat
The first 16 bytes should be different from the old one if you create a second key, that is the name used to identify the key. Then there
is 32 bytes random data for an AES key and then 32 bytes random data for the HMAC key.
Default: ""
tls-ciphers: <string with cipher list>
Set the list of ciphers to allow when serving TLS. Use "" for default ciphers.
Default: ""
tls-ciphersuites: <string with ciphersuites list>
Set the list of ciphersuites to allow when serving TLS. This is for newer TLS 1.3 connections. Use "" for default ciphersuites.
Default: ""
pad-responses: <yes or no>
If enabled, TLS serviced queries that contained an EDNS Padding option will cause responses padded to the closest multiple of the size spec‐
ified in pad-responses-block-size.
Default: yes
pad-responses-block-size: <number>
The block size with which to pad responses serviced over TLS. Only responses to padded queries will be padded.
Default: 468
pad-queries: <yes or no>
If enabled, all queries sent over TLS upstreams will be padded to the closest multiple of the size specified in pad-queries-block-size.
Default: yes
pad-queries-block-size: <number>
The block size with which to pad queries sent over TLS upstreams.
Default: 128
tls-use-sni: <yes or no>
Enable or disable sending the SNI extension on TLS connections.
NOTE:
Changing the value requires a reload.
Default: yes
https-port: <number>
The port number on which to provide DNS-over-HTTPS service. Only interfaces configured with that port number as @number get the HTTPS ser‐
vice.
Default: 443
http-endpoint: <endpoint string>
The HTTP endpoint to provide DNS-over-HTTPS service on.
Default: /dns-query
http-max-streams: <number of streams>
Number used in the SETTINGS_MAX_CONCURRENT_STREAMS parameter in the HTTP/2 SETTINGS frame for DNS-over-HTTPS connections.
Default: 100
http-query-buffer-size: <size in bytes>
Maximum number of bytes used for all HTTP/2 query buffers combined. These buffers contain (partial) DNS queries waiting for request stream
completion. An RST_STREAM frame will be send to streams exceeding this limit. A plain number is in bytes, append 'k', 'm' or 'g' for kilo‐
bytes, megabytes or gigabytes (1024*1024 bytes in a megabyte).
Default: 4m
http-response-buffer-size: <size in bytes>
Maximum number of bytes used for all HTTP/2 response buffers combined. These buffers contain DNS responses waiting to be written back to
the clients. An RST_STREAM frame will be send to streams exceeding this limit. A plain number is in bytes, append 'k', 'm' or 'g' for
kilobytes, megabytes or gigabytes (1024*1024 bytes in a megabyte).
Default: 4m
http-nodelay: <yes or no>
Set TCP_NODELAY socket option on sockets used to provide DNS-over-HTTPS service. Ignored if the option is not available.
Default: yes
http-notls-downstream: <yes or no>
Disable use of TLS for the downstream DNS-over-HTTP connections. Useful for local back end servers.
Default: no
proxy-protocol-port: <portnr>
List port numbers as proxy-protocol-port, and when interfaces are defined, eg. with the @port suffix, as this port number, they support and
expect PROXYv2.
In this case the proxy address will only be used for the network communication and initial ACL (check if the proxy itself is denied/refused
by configuration).
The proxied address (if any) will then be used as the true client address and will be used where applicable for logging, ACL, DNSTAP, RPZ
and IP ratelimiting.
PROXYv2 is supported for UDP and TCP/TLS listening interfaces.
There is no support for PROXYv2 on a DoH, DoQ or DNSCrypt listening interface.
Can list multiple, each on a new statement.
quic-port: <number>
The port number on which to provide DNS-over-QUIC service. Only interfaces configured with that port number as @number get the QUIC ser‐
vice. The interface uses QUIC for the UDP traffic on that port number.
Default: 853
quic-size: <size in bytes>
Maximum number of bytes for all QUIC buffers and data combined. A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes
or gigabytes (1024*1024 bytes in a megabyte). New connections receive connection refused when the limit is exceeded. New streams are reset
when the limit is exceeded.
Default: 8m
use-systemd: <yes or no>
Enable or disable systemd socket activation.
Default: no
do-daemonize: <yes or no>
Enable or disable whether the Unbound server forks into the background as a daemon. Set the value to no when Unbound runs as systemd ser‐
vice.
Default: yes
tcp-connection-limit: <IP netblock> <limit>
Allow up to limit simultaneous TCP connections from the given netblock. When at the limit, further connections are accepted but closed im‐
mediately. This option is experimental at this time.
Default: (disabled)
access-control: <IP netblock> <action>
Specify treatment of incoming queries from their originating IP address. Queries can be allowed to have access to this server that gives
DNS answers, or refused, with other actions possible. The IP address range can be specified as a netblock, it is possible to give the
statement several times in order to specify the treatment of different netblocks. The netblock is given as an IPv4 or IPv6 address with
/size appended for a classless network block. The most specific netblock match is used, if none match refuse is used. The order of the ac‐
cess-control statements therefore does not matter. The action can be deny, refuse, allow, allow_setrd, allow_snoop, allow_cookie,
deny_non_local or refuse_non_local.
deny Stops queries from hosts from that netblock.
refuse Stops queries too, but sends a DNS rcode REFUSED error message back.
allow Gives access to clients from that netblock. It gives only access for recursion clients (which is what almost all clients need).
Non-recursive queries are refused.
The allow action does allow non-recursive queries to access the local-data that is configured. The reason is that this does not in‐
volve the Unbound server recursive lookup algorithm, and static data is served in the reply. This supports normal operations where
non-recursive queries are made for the authoritative data. For non-recursive queries any replies from the dynamic cache are refused.
allow_setrd
Ignores the recursion desired (RD) bit and treats all requests as if the recursion desired bit is set.
Note that this behavior violates RFC 1034 which states that a name server should never perform recursive service unless asked via the
RD bit since this interferes with trouble shooting of name servers and their databases. This prohibited behavior may be useful if
another DNS server must forward requests for specific zones to a resolver DNS server, but only supports stub domains and sends
queries to the resolver DNS server with the RD bit cleared.
allow_snoop
Gives non-recursive access too. This gives both recursive and non recursive access. The name allow_snoop refers to cache snooping,
a technique to use non-recursive queries to examine the cache contents (for malicious acts). However, non-recursive queries can also
be a valuable debugging tool (when you want to examine the cache contents).
In that case use allow_snoop for your administration host.
allow_cookie
Allows access only to UDP queries that contain a valid DNS Cookie as specified in RFC 7873 and RFC 9018, when the answer-cookie op‐
tion is enabled. UDP queries containing only a DNS Client Cookie and no Server Cookie, or an invalid DNS Cookie, will receive a BAD‐
COOKIE response including a newly generated DNS Cookie, allowing clients to retry with that DNS Cookie. The allow_cookie action will
also accept requests over stateful transports, regardless of the presence of an DNS Cookie and regardless of the answer-cookie set‐
ting. UDP queries without a DNS Cookie receive REFUSED responses with the TC flag set, that may trigger fall back to TCP for those
deny_non_local
The deny_non_local action is for hosts that are only allowed to query for the authoritative local-data, they are not allowed full re‐
cursion but only the static data. Messages that are disallowed are dropped.
refuse_non_local
The refuse_non_local action is for hosts that are only allowed to query for the authoritative local-data, they are not allowed full
recursion but only the static data. Messages that are disallowed receive error code REFUSED.
By default only localhost (the 127.0.0.0/8 IP netblock, not the loopback interface) is implicitly allowed, the rest is refused. The default
is refused, because that is protocol-friendly. The DNS protocol is not designed to handle dropped packets due to policy, and dropping may
result in (possibly excessive) retried queries.
access-control-tag: <IP netblock> "<list of tags>"
Assign tags to access-control elements. Clients using this access control element use localzones that are tagged with one of these tags.
Tags must be defined in define-tag. Enclose list of tags in quotes ("") and put spaces between tags.
If access-control-tag is configured for a netblock that does not have an access-control, an access-control element with action allow is con‐
figured for this netblock.
access-control-tag-action: <IP netblock> <tag> <action>
Set action for particular tag for given access control element. If you have multiple tag values, the tag used to lookup the action is the
first tag match between access-control-tag and local-zone-tag where "first" comes from the order of the define-tag values.
access-control-tag-data: <IP netblock> <tag> "<resource record string>"
Set redirect data for particular tag for given access control element.
access-control-view: <IP netblock> <view name>
Set view for given access control element.
interface-action: <ip address or interface name [@port]> <action>
Similar to access-control but for interfaces.
The action is the same as the ones defined under access-control.
Default action for interfaces is refuse. By default only localhost (the 127.0.0.0/8 IP netblock, not the loopback interface) is implicitly
allowed through the default access-control behavior. This also means that any attempt to use the interface-*: options for the loopback in‐
terface will not work as they will be overridden by the implicit default "access-control: 127.0.0.0/8 allow" option.
NOTE:
The interface needs to be already specified with interface and that any access-control*: attribute overrides all interface-*: attributes
for targeted clients.
interface-tag: <ip address or interface name [@port]> <"list of tags">
Similar to access-control-tag but for interfaces.
NOTE:
The interface needs to be already specified with interface and that any access-control*: attribute overrides all interface-*: attributes
for targeted clients.
interface-tag-action: <ip address or interface name [@port]> <tag> <action>
Similar to access-control-tag-action but for interfaces.
NOTE:
The interface needs to be already specified with interface and that any access-control*: attribute overrides all interface-*: attributes
for targeted clients.
interface-tag-data: <ip address or interface name [@port]> <tag> <"resource record string">
Similar to access-control-tag-data but for interfaces.
NOTE:
The interface needs to be already specified with interface and that any access-control*: attribute overrides all interface-*: attributes
for targeted clients.
interface-view: <ip address or interface name [@port]> <view name>
Similar to access-control-view but for interfaces.
NOTE:
The interface needs to be already specified with interface and that any access-control*: attribute overrides all interface-*: attributes
for targeted clients.
chroot: <directory>
If chroot is enabled, you should pass the configfile (from the commandline) as a full path from the original root. After the chroot has
been performed the now defunct portion of the config file path is removed to be able to reread the config after a reload.
All other file paths (working dir, logfile, roothints, and key files) can be specified in several ways: as an absolute path relative to the
new root, as a relative path to the working directory, or as an absolute path relative to the original root. In the last case the path is
adjusted to remove the unused portion.
The pidfile can be either a relative path to the working directory, or an absolute path relative to the original root. It is written just
prior to chroot and dropping permissions. This allows the pidfile to be /var/run/unbound.pid and the chroot to be /var/unbound, for exam‐
ple. Note that Unbound is not able to remove the pidfile after termination when it is located outside of the chroot directory.
Additionally, Unbound may need to access /dev/urandom (for entropy) from inside the chroot.
If given, a chroot(2) is done to the given directory. If you give "" no chroot(2) is performed.
Default: /etc/unbound
username: <name>
If given, after binding the port the user privileges are dropped. If you give username: "" no user change is performed.
If this user is not capable of binding the port, reloads (by signal HUP) will still retain the opened ports. If you change the port number
in the config file, and that new port number requires privileges, then a reload will fail; a restart is needed.
Default: unbound
directory: <directory>
Sets the working directory for the program. On Windows the string "%EXECUTABLE%" tries to change to the directory that unbound.exe resides
in. If you give a server: directory: <directory> before include file statements then those includes can be relative to the working direc‐
tory.
Default: /etc/unbound
logfile: <filename>
If "" is given, logging goes to stderr, or nowhere once daemonized. The logfile is appended to, in the following format:
[seconds since 1970] unbound[pid:tid]: type: message.
If this option is given, the use-syslog attribute is internally set to no.
The logfile is reopened (for append) when the config file is reread, on SIGHUP.
Default: "" (disabled)
use-syslog: <yes or no>
Sets Unbound to send log messages to the syslogd, using syslog(3). The log facility LOG_DAEMON is used, with identity "unbound". The log‐
file setting is overridden when use-syslog: yes is set.
Default: yes
log-identity: <string>
If "" is given, then the name of the executable, usually "unbound" is used to report to the log. Enter a string to override it with that,
which is useful on systems that run more than one instance of Unbound, with different configurations, so that the logs can be easily distin‐
guished against.
Default: ""
log-time-ascii: <yes or no>
Sets logfile lines to use a timestamp in UTC ASCII. No effect if using syslog, in that case syslog formats the timestamp printed into the
log files.
Default: no (prints the seconds since 1970 in brackets)
log-time-iso: <yes or no>
Log time in ISO8601 format, if log-time-ascii: yes is also set.
Default: no
log-queries: <yes or no>
Prints one line per query to the log, with the log timestamp and IP address, name, type and class. Note that it takes time to print these
lines which makes the server (significantly) slower. Odd (nonprintable) characters in names are printed as '?'.
Default: no
log-replies: <yes or no>
Prints one line per reply to the log, with the log timestamp and IP address, name, type, class, return code, time to resolve, from cache and
response size. Note that it takes time to print these lines which makes the server (significantly) slower. Odd (nonprintable) characters
in names are printed as '?'.
Default: no
log-tag-queryreply: <yes or no>
Prints the word 'query' and 'reply' with log-queries and log-replies. This makes filtering logs easier.
Default: no (backwards compatible)
log-destaddr: <yes or no>
Prints the destination address, port and type in the log-replies output. This disambiguates what type of traffic, eg. UDP or TCP, and to
what local port the traffic was sent to.
Default: no
log-local-actions: <yes or no>
Print log lines to inform about local zone actions. These lines are like the local-zone type inform print outs, but they are also printed
for the other types of local zones.
Default: no
log-servfail: <yes or no>
Print log lines that say why queries return SERVFAIL to clients. This is separate from the verbosity debug logs, much smaller, and printed
at the error level, not the info level of debug info from verbosity.
Default: no
pidfile: <filename>
The process id is written to the file. Default is "/run/unbound.pid". So,
kill -HUP `cat /run/unbound.pid`
triggers a reload,
kill -TERM `cat /run/unbound.pid`
gracefully terminates.
Default: /run/unbound.pid
root-hints: <filename>
Read the root hints from this file. Default is nothing, using builtin hints for the IN class. The file has the format of zone files, with
root nameserver names and addresses only. The default may become outdated, when servers change, therefore it is good practice to use a root
hints file.
Default: ""
hide-identity: <yes or no>
If enabled 'id.server' and 'hostname.bind' queries are REFUSED.
Default: no
identity: <string>
Set the identity to report. If set to "", then the hostname of the server is returned.
Default: ""
hide-version: <yes or no>
If enabled 'version.server' and 'version.bind' queries are REFUSED.
Default: no
version: <string>
Set the version to report. If set to "", then the package version is returned.
Default: ""
hide-http-user-agent: <yes or no>
If enabled the HTTP header User-Agent is not set. Use with caution as some webserver configurations may reject HTTP requests lacking this
header. If needed, it is better to explicitly set the http-user-agent below.
Default: no
http-user-agent: <string>
Set the HTTP User-Agent header for outgoing HTTP requests. If set to "", then the package name and version are used.
Default: ""
nsid: <string>
Add the specified nsid to the EDNS section of the answer when queried with an NSID EDNS enabled packet. As a sequence of hex characters or
with 'ascii_' prefix and then an ASCII string.
Default: (disabled)
hide-trustanchor: <yes or no>
If enabled 'trustanchor.unbound' queries are REFUSED.
Default: no
target-fetch-policy: <"list of numbers">
Set the target fetch policy used by Unbound to determine if it should fetch nameserver target addresses opportunistically. The policy is
described per dependency depth.
The number of values determines the maximum dependency depth that Unbound will pursue in answering a query. A value of -1 means to fetch
all targets opportunistically for that dependency depth. A value of 0 means to fetch on demand only. A positive value fetches that many
targets opportunistically.
Enclose the list between quotes ("") and put spaces between numbers. Setting all zeroes, "0 0 0 0 0" gives behaviour closer to that of BIND
9, while setting "-1 -1 -1 -1 -1" gives behaviour rumoured to be closer to that of BIND 8.
Default: "3 2 1 0 0"
harden-short-bufsize: <yes or no>
Very small EDNS buffer sizes from queries are ignored.
Default: yes (as described in the standard)
harden-large-queries: <yes or no>
Very large queries are ignored. Default is no, since it is legal protocol wise to send these, and could be necessary for operation if TSIG
or EDNS payload is very large.
Default: no
harden-glue: <yes or no>
Will trust glue only if it is within the servers authority.
Default: yes
harden-unverified-glue: <yes or no>
Will trust only in-zone glue. Will try to resolve all out of zone (unverified) glue. Will fallback to the original glue if unable to re‐
solve.
Default: no
harden-dnssec-stripped: <yes or no>
Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes bogus. If turned off, and no DNSSEC data is received
(or the DNSKEY data fails to validate), then the zone is made insecure, this behaves like there is no trust anchor. You could turn this off
if you are sometimes behind an intrusive firewall (of some sort) that removes DNSSEC data from packets, or a zone changes from signed to un‐
signed to badly signed often. If turned off you run the risk of a downgrade attack that disables security for a zone.
Default: yes
harden-below-nxdomain: <yes or no>
From RFC 8020 (with title "NXDOMAIN: There Really Is Nothing Underneath"), returns NXDOMAIN to queries for a name below another name that is
already known to be NXDOMAIN. DNSSEC mandates NOERROR for empty nonterminals, hence this is possible. Very old software might return NXDO‐
MAIN for empty nonterminals (that usually happen for reverse IP address lookups), and thus may be incompatible with this. To try to avoid
this only DNSSEC-secure NXDOMAINs are used, because the old software does not have DNSSEC.
NOTE:
The NXDOMAIN must be secure, this means NSEC3 with optout is insufficient.
Default: yes
harden-referral-path: <yes or no>
Harden the referral path by performing additional queries for infrastructure data. Validates the replies if trust anchors are configured
and the zones are signed. This enforces DNSSEC validation on nameserver NS sets and the nameserver addresses that are encountered on the
referral path to the answer. Default is off, because it burdens the authority servers, and it is not RFC standard, and could lead to per‐
formance problems because of the extra query load that is generated. Experimental option. If you enable it consider adding more numbers
after the target-fetch-policy to increase the max depth that is checked to.
Default: no
harden-algo-downgrade: <yes or no>
Harden against algorithm downgrade when multiple algorithms are advertised in the DS record. This works by first choosing only the
strongest DS digest type as per RFC 4509 (Unbound treats the highest algorithm as the strongest) and then expecting signatures from all the
advertised signing algorithms from the chosen DS(es) to be present. If no, allows any one supported algorithm to validate the zone, even if
other advertised algorithms are broken. RFC 6840 mandates that zone signers must produce zones signed with all advertised algorithms, but
sometimes they do not. RFC 6840 also clarifies that this requirement is not for validators and validators should accept any single valid
path. It should thus be explicitly noted that this option violates RFC 6840 for DNSSEC validation and should only be used to perform a sig‐
nature completeness test to support troubleshooting.
WARNING:
Using this option may break DNSSEC resolution with non RFC 6840 conforming signers and/or in multi-signer configurations that don't send
all the advertised signatures.
Default: no
harden-unknown-additional: <yes or no>
Harden against unknown records in the authority section and additional section. If no, such records are copied from the upstream and pre‐
sented to the client together with the answer. If yes, it could hamper future protocol developments that want to add records.
Default: no
use-caps-for-id: <yes or no>
Use 0x20-encoded random bits in the query to foil spoof attempts. This perturbs the lowercase and uppercase of query names sent to author‐
ity servers and checks if the reply still has the correct casing. This feature is an experimental implementation of draft dns-0x20.
Default: no
caps-exempt: <domain>
Exempt the domain so that it does not receive caps-for-id perturbed queries. For domains that do not support 0x20 and also fail with fall‐
back because they keep sending different answers, like some load balancers. Can be given multiple times, for different domains.
caps-whitelist: <domain>
Alternate syntax for caps-exempt.
qname-minimisation: <yes or no>
Send minimum amount of information to upstream servers to enhance privacy. Only send minimum required labels of the QNAME and set QTYPE to
A when possible. Best effort approach; full QNAME and original QTYPE will be sent when upstream replies with a RCODE other than NOERROR,
except when receiving NXDOMAIN from a DNSSEC signed zone.
Default: yes
qname-minimisation-strict: <yes or no>
QNAME minimisation in strict mode. Do not fall-back to sending full QNAME to potentially broken nameservers. A lot of domains will not be
resolvable when this option in enabled. Only use if you know what you are doing. This option only has effect when qname-minimisation is
enabled.
Default: no
aggressive-nsec: <yes or no>
Aggressive NSEC uses the DNSSEC NSEC chain to synthesize NXDOMAIN and other denials, using information from previous NXDOMAINs answers. It
helps to reduce the query rate towards targets that get a very high nonexistent name lookup rate.
Default: yes
private-address: <IP address or subnet>
Give IPv4 of IPv6 addresses or classless subnets. These are addresses on your private network, and are not allowed to be returned for pub‐
lic internet names. Any occurrence of such addresses are removed from DNS answers. Additionally, the DNSSEC validator may mark the answers
bogus. This protects against so-called DNS Rebinding, where a user browser is turned into a network proxy, allowing remote access through
the browser to other parts of your private network.
Some names can be allowed to contain your private addresses, by default all the local-data that you configured is allowed to, and you can
specify additional names using private-domain. No private addresses are enabled by default.
We consider to enable this for the RFC 1918 private IP address space by default in later releases. That would enable private addresses for
10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16, fd00::/8 and fe80::/10, since the RFC standards say these addresses should not be
visible on the public internet.
Turning on 127.0.0.0/8 would hinder many spamblocklists as they use that. Adding ::ffff:0:0/96 stops IPv4-mapped IPv6 addresses from by‐
passing the filter.
private-domain: <domain name>
Allow this domain, and all its subdomains to contain private addresses. Give multiple times to allow multiple domain names to contain pri‐
vate addresses.
Default: (none)
unwanted-reply-threshold: <number>
If set, a total number of unwanted replies is kept track of in every thread. When it reaches the threshold, a defensive action is taken and
a warning is printed to the log. The defensive action is to clear the rrset and message caches, hopefully flushing away any poison. A
value of 10 million is suggested.
Default: 0 (disabled)
do-not-query-address: <IP address>
Do not query the given IP address. Can be IPv4 or IPv6. Append /num to indicate a classless delegation netblock, for example like
10.2.3.4/24 or 2001::11/64.
Default: (none)
do-not-query-localhost: <yes or no>
If yes, localhost is added to the do-not-query-address entries, both IPv6 ::1 and IPv4 127.0.0.1/8. If no, then localhost can be used to
send queries to.
Default: yes
prefetch: <yes or no>
If yes, cache hits on message cache elements that are on their last 10 percent of their TTL value trigger a prefetch to keep the cache up to
date. Turning it on gives about 10 percent more traffic and load on the machine, but popular items do not expire from the cache.
Default: no
prefetch-key: <yes or no>
If yes, fetch the DNSKEYs earlier in the validation process, when a DS record is encountered. This lowers the latency of requests. It does
use a little more CPU. Also if the cache is set to 0, it is no use.
Default: no
deny-any: <yes or no>
If yes, deny queries of type ANY with an empty response. If disabled, Unbound responds with a short list of resource records if some can be
found in the cache and makes the upstream type ANY query if there are none.
Default: no
rrset-roundrobin: <yes or no>
If yes, Unbound rotates RRSet order in response (the random number is taken from the query ID, for speed and thread safety).
Default: yes
minimal-responses: <yes or no>
If yes, Unbound does not insert authority/additional sections into response messages when those sections are not required. This reduces re‐
sponse size significantly, and may avoid TCP fallback for some responses which may cause a slight speedup. The default is yes, even though
the DNS protocol RFCs mandate these sections, and the additional content could save roundtrips for clients that use the additional content.
However these sections are hardly used by clients. Enabling prefetch can benefit clients that need the additional content by trying to keep
that content fresh in the cache.
Default: yes
disable-dnssec-lame-check: <yes or no>
If yes, disables the DNSSEC lameness check in the iterator. This check sees if RRSIGs are present in the answer, when DNSSEC is expected,
and retries another authority if RRSIGs are unexpectedly missing. The validator will insist in RRSIGs for DNSSEC signed domains regardless
of this setting, if a trust anchor is loaded.
Default: no
module-config: "<module names>"
Module configuration, a list of module names separated by spaces, surround the string with quotes (""). The modules can be respip, valida‐
tor, or iterator (and possibly more, see below).
NOTE:
The ordering of the modules is significant, the order decides the order of processing.
Setting this to just "iterator" will result in a non-validating server. Setting this to "validator iterator" will turn on DNSSEC valida‐
tion.
NOTE:
You must also set trust-anchors for validation to be useful.
Adding respip to the front will cause RPZ processing to be done on all queries.
Most modules that need to be listed here have to be listed at the beginning of the line.
The subnetcache module has to be listed just before the iterator.
The python module can be listed in different places, it then processes the output of the module it is just before.
The dynlib module can be listed pretty much anywhere, it is only a very thin wrapper that allows dynamic libraries to run in its place.
Default: "validator iterator"
trust-anchor-file: <filename>
File with trusted keys for validation. Both DS and DNSKEY entries can appear in the file. The format of the file is the standard DNS Zone
file format.
Default: "" (no trust anchor file)
auto-trust-anchor-file: <filename>
File with trust anchor for one zone, which is tracked with RFC 5011 probes. The probes are run several times per month, thus the machine
must be online frequently. The initial file can be one with contents as described in trust-anchor-file. The file is written to when the
anchor is updated, so the Unbound user must have write permission. Write permission to the file, but also to the directory it is in (to
create a temporary file, which is necessary to deal with filesystem full events), it must also be inside the chroot (if that is used).
Default: "" (no auto trust anchor file)
trust-anchor: "<Resource Record>"
A DS or DNSKEY RR for a key to use for validation. Multiple entries can be given to specify multiple trusted keys, in addition to the
trust-anchor-file. The resource record is entered in the same format as dig(1) or drill(1) prints them, the same format as in the zone
file. Has to be on a single line, with "" around it. A TTL can be specified for ease of cut and paste, but is ignored. A class can be
specified, but class IN is default.
Default: (none)
trusted-keys-file: <filename>
File with trusted keys for validation. Specify more than one file with several entries, one file per entry. Like trust-anchor-file but has
a different file format. Format is BIND-9 style format, the trusted-keys { name flag proto algo "key"; }; clauses are read. It is possible
to use wildcards with this statement, the wildcard is expanded on start and on reload.
Default: "" (no trusted keys file)
trust-anchor-signaling: <yes or no>
Send RFC 8145 key tag query after trust anchor priming.
Default: yes
root-key-sentinel: <yes or no>
Root key trust anchor sentinel.
Default: yes
domain-insecure: <domain name>
Sets <domain name> to be insecure, DNSSEC chain of trust is ignored towards the <domain name>. So a trust anchor above the domain name can
not make the domain secure with a DS record, such a DS record is then ignored. Can be given multiple times to specify multiple domains that
are treated as if unsigned. If you set trust anchors for the domain they override this setting (and the domain is secured).
This can be useful if you want to make sure a trust anchor for external lookups does not affect an (unsigned) internal domain. A DS record
externally can create validation failures for that internal domain.
Default: (none)
val-override-date: <rrsig-style date spec>
WARNING:
Debugging feature!
If enabled by giving a RRSIG style date, that date is used for verifying RRSIG inception and expiration dates, instead of the current date.
Do not set this unless you are debugging signature inception and expiration. The value -1 ignores the date altogether, useful for some spe‐
cial applications.
Default: 0 (disabled)
val-sig-skew-min: <seconds>
Minimum number of seconds of clock skew to apply to validated signatures. A value of 10% of the signature lifetime (expiration - inception)
is used, capped by this setting. Default is 3600 (1 hour) which allows for daylight savings differences. Lower this value for more strict
checking of short lived signatures.
Default: 3600 (1 hour)
val-sig-skew-max: <seconds>
Maximum number of seconds of clock skew to apply to validated signatures. A value of 10% of the signature lifetime (expiration - inception)
is used, capped by this setting. Default is 86400 (24 hours) which allows for timezone setting problems in stable domains. Setting both
min and max very low disables the clock skew allowances. Setting both min and max very high makes the validator check the signature time‐
stamps less strictly.
Default: 86400 (24 hours)
val-max-restart: <number>
The maximum number the validator should restart validation with another authority in case of failed validation.
Default: 5
val-bogus-ttl: <seconds>
The time to live for bogus data. This is data that has failed validation; due to invalid signatures or other checks. The TTL from that
data cannot be trusted, and this value is used instead. The time interval prevents repeated revalidation of bogus data.
Default: 60
val-clean-additional: <yes or no>
Instruct the validator to remove data from the additional section of secure messages that are not signed properly. Messages that are inse‐
cure, bogus, indeterminate or unchecked are not affected. Use this setting to protect the users that rely on this validator for authentica‐
tion from potentially bad data in the additional section.
Default: yes
val-log-level: <number>
Have the validator print validation failures to the log. Regardless of the verbosity setting.
At 1, for every user query that fails a line is printed to the logs. This way you can monitor what happens with validation. Use a diagno‐
sis tool, such as dig or drill, to find out why validation is failing for these queries.
At 2, not only the query that failed is printed but also the reason why Unbound thought it was wrong and which server sent the faulty data.
Default: 0 (disabled)
val-permissive-mode: <yes or no>
Instruct the validator to mark bogus messages as indeterminate. The security checks are performed, but if the result is bogus (failed secu‐
rity), the reply is not withheld from the client with SERVFAIL as usual. The client receives the bogus data. For messages that are found
to be secure the AD bit is set in replies. Also logging is performed as for full validation.
Default: no
ignore-cd-flag: <yes or no>
Instruct Unbound to ignore the CD flag from clients and refuse to return bogus answers to them. Thus, the CD (Checking Disabled) flag does
not disable checking any more. This is useful if legacy (w2008) servers that set the CD flag but cannot validate DNSSEC themselves are the
clients, and then Unbound provides them with DNSSEC protection.
Default: no
disable-edns-do: <yes or no>
Disable the EDNS DO flag in upstream requests. It breaks DNSSEC validation for Unbound's clients. This results in the upstream name
servers to not include DNSSEC records in their replies and could be helpful for devices that cannot handle DNSSEC information. When the op‐
tion is enabled, clients that set the DO flag receive no EDNS record in the response to indicate the lack of support to them. If this op‐
tion is enabled but Unbound is already configured for DNSSEC validation (i.e., the validator module is enabled; default) this option is im‐
plicitly turned off with a warning as to not break DNSSEC validation in Unbound.
Default: no
serve-expired: <yes or no>
If enabled, Unbound attempts to serve old responses from cache with a TTL of serve-expired-reply-ttl in the response. By default the ex‐
pired answer will be used after a resolution attempt errored out or is taking more than serve-expired-client-timeout to resolve.
Default: no
serve-expired-ttl: <seconds>
Limit serving of expired responses to configured seconds after expiration. 0 disables the limit. This option only applies when
serve-expired is enabled. A suggested value per RFC 8767 is between 86400 (1 day) and 259200 (3 days). The default is 86400.
Default: 86400
serve-expired-ttl-reset: <yes or no>
Set the TTL of expired records to the serve-expired-ttl value after a failed attempt to retrieve the record from upstream. This makes sure
that the expired records will be served as long as there are queries for it.
Default: no
serve-expired-reply-ttl: <seconds>
TTL value to use when replying with expired data. If serve-expired-client-timeout is also used then it is RECOMMENDED to use 30 as the
value (RFC 8767).
Default: 30
serve-expired-client-timeout: <msec>
Time in milliseconds before replying to the client with expired data. This essentially enables the serve-stale behavior as specified in RFC
8767 that first tries to resolve before immediately responding with expired data. Setting this to 0 will disable this behavior and instead
serve the expired record immediately from the cache before attempting to refresh it via resolution.
Default: 1800
serve-original-ttl: <yes or no>
If enabled, Unbound will always return the original TTL as received from the upstream name server rather than the decrementing TTL as stored
in the cache. This feature may be useful if Unbound serves as a front-end to a hidden authoritative name server.
Enabling this feature does not impact cache expiry, it only changes the TTL Unbound embeds in responses to queries.
NOTE:
Enabling this feature implicitly disables enforcement of the configured minimum and maximum TTL, as it is assumed users who enable this
feature do not want Unbound to change the TTL obtained from an upstream server.
NOTE:
The values set using cache-min-ttl and cache-max-ttl are ignored.
Default: no
val-nsec3-keysize-iterations: <"list of values">
List of keysize and iteration count values, separated by spaces, surrounded by quotes. This determines the maximum allowed NSEC3 iteration
count before a message is simply marked insecure instead of performing the many hashing iterations. The list must be in ascending order and
have at least one entry. If you set it to "1024 65535" there is no restriction to NSEC3 iteration values.
NOTE:
This table must be kept short; a very long list could cause slower operation.
Default: "1024 150 2048 150 4096 150"
zonemd-permissive-mode: <yes or no>
If enabled the ZONEMD verification failures are only logged and do not cause the zone to be blocked and only return servfail. Useful for
testing out if it works, or if the operator only wants to be notified of a problem without disrupting service.
Default: no
add-holddown: <seconds>
Instruct the auto-trust-anchor-file probe mechanism for RFC 5011 autotrust updates to add new trust anchors only after they have been visi‐
ble for this time.
Default: 2592000 (30 days as per the RFC)
del-holddown: <seconds>
Instruct the auto-trust-anchor-file probe mechanism for RFC 5011 autotrust updates to remove revoked trust anchors after they have been kept
in the revoked list for this long.
Default: 2592000 (30 days as per the RFC)
keep-missing: <seconds>
Instruct the auto-trust-anchor-file probe mechanism for RFC 5011 autotrust updates to remove missing trust anchors after they have been un‐
seen for this long. This cleans up the state file if the target zone does not perform trust anchor revocation, so this makes the auto probe
mechanism work with zones that perform regular (non-5011) rollovers. The value 0 does not remove missing anchors, as per the RFC.
Default: 31622400 (366 days)
permit-small-holddown: <yes or no>
Debug option that allows the autotrust 5011 rollover timers to assume very small values.
Default: no
key-cache-size: <number>
Number of bytes size of the key cache. A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes or gigabytes (1024*1024
bytes in a megabyte).
Default: 4m
key-cache-slabs: <number>
Number of slabs in the key cache. Slabs reduce lock contention by threads. Must be set to a power of 2. Setting (close) to the number of
cpus is a fairly good setting. If left unconfigured, it will be configured automatically to be a power of 2 close to the number of config‐
ured threads in multi-threaded environments.
Default: (unconfigured)
neg-cache-size: <number>
Number of bytes size of the aggressive negative cache. A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes or giga‐
bytes (1024*1024 bytes in a megabyte).
Default: 1m
unblock-lan-zones: <yes or no>
If enabled, then for private address space, the reverse lookups are no longer filtered. This allows Unbound when running as dns service on
a host where it provides service for that host, to put out all of the queries for the 'lan' upstream. When enabled, only localhost,
127.0.0.1 reverse and ::1 reverse zones are configured with default local zones. Disable the option when Unbound is running as a (DHCP-)
DNS network resolver for a group of machines, where such lookups should be filtered (RFC compliance), this also stops potential data leakage
about the local network to the upstream DNS servers.
Default: no
insecure-lan-zones: <yes or no>
If enabled, then reverse lookups in private address space are not validated. This is usually required whenever unblock-lan-zones is used.
Default: no
local-zone: <zone> <type>
Configure a local zone. The type determines the answer to give if there is no match from local-data. The types are deny, refuse, static,
transparent, redirect, nodefault, typetransparent, inform, inform_deny, inform_redirect, always_transparent, block_a, always_refuse,
always_nxdomain, always_null, noview, and are explained below. After that the default settings are listed. Use local-data to enter data
into the local zone. Answers for local zones are authoritative DNS answers. By default the zones are class IN.
If you need more complicated authoritative data, with referrals, wildcards, CNAME/DNAME support, or DNSSEC authoritative service, setup a
stub-zone for it as detailed in the stub zone section below. A stub-zone can be used to have unbound send queries to another server, an au‐
the information. With an auth-zone a zone can be loaded from file and used, it can be used like a local zone for users downstream, or the
auth-zone information can be used to fetch information from when resolving like it is an upstream server. The forward-zone and auth-zone
options are described in their sections below. If you want to perform filtering of the information that the users can fetch, the local-zone
and local-data statements allow for this, but also the rpz functionality can be used, described in the RPZ section.
deny Do not send an answer, drop the query. If there is a match from local data, the query is answered.
refuse Send an error message reply, with rcode REFUSED. If there is a match from local data, the query is answered.
static If there is a match from local data, the query is answered. Otherwise, the query is answered with NODATA or NXDOMAIN. For a nega‐
tive answer a SOA is included in the answer if present as local-data for the zone apex domain.
transparent
If there is a match from local-data, the query is answered. Otherwise if the query has a different name, the query is resolved nor‐
mally. If the query is for a name given in local-data but no such type of data is given in localdata, then a NOERROR NODATA answer
is returned. If no local-zone is given local-data causes a transparent zone to be created by default.
typetransparent
If there is a match from local data, the query is answered. If the query is for a different name, or for the same name but for a
different type, the query is resolved normally. So, similar to transparent but types that are not listed in local data are resolved
normally, so if an A record is in the local data that does not cause a NODATA reply for AAAA queries.
redirect
The query is answered from the local data for the zone name. There may be no local data beneath the zone name. This answers queries
for the zone, and all subdomains of the zone with the local data for the zone. It can be used to redirect a domain to return a dif‐
ferent address record to the end user, with:
local-zone: "example.com." redirect
local-data: "example.com. A 127.0.0.1"
queries for www.example.com and www.foo.example.com are redirected, so that users with web browsers cannot access sites with suffix
example.com.
inform The query is answered normally, same as transparent. The client IP address (@portnumber) is printed to the logfile. The log message
is:
timestamp, unbound-pid, info: zonename inform IP@port queryname type class.
This option can be used for normal resolution, but machines looking up infected names are logged, eg. to run antivirus on them.
inform_deny
The query is dropped, like deny, and logged, like inform. Ie. find infected machines without answering the queries.
inform_redirect
The query is redirected, like redirect, and logged, like inform. Ie. answer queries with fixed data and also log the machines that
ask.
always_transparent
Like transparent, but ignores local data and resolves normally.
block_a
Like transparent, but ignores local data and resolves normally all query types excluding A. For A queries it unconditionally returns
NODATA. Useful in cases when there is a need to explicitly force all apps to use IPv6 protocol and avoid any queries to IPv4.
always_refuse
Like refuse, but ignores local data and refuses the query.
always_nxdomain
Like static, but ignores local data and returns NXDOMAIN for the query.
always_nodata
Like static, but ignores local data and returns NODATA for the query.
always_deny
Like deny, but ignores local data and drops the query.
always_null
Always returns 0.0.0.0 or ::0 for every name in the zone. Like redirect with zero data for A and AAAA. Ignores local data in the
zone. Used for some block lists.
noview Breaks out of that view and moves towards the global local zones for answer to the query. If the view-first is no, it'll resolve
normally. If view-first is enabled, it'll break perform that step and check the global answers. For when the view has view specific
overrides but some zone has to be answered from global local zone contents.
nodefault
Used to turn off default contents for AS112 zones. The other types also turn off default contents for the zone. The nodefault op‐
tion has no other effect than turning off default contents for the given zone. Use nodefault if you use exactly that zone, if you
want to use a subzone, use transparent.
The default zones are localhost, reverse 127.0.0.1 and ::1, the home.arpa, resolver.arpa, service.arpa, onion, test, invalid and the AS112
zones. The AS112 zones are reverse DNS zones for private use and reserved IP addresses for which the servers on the internet cannot provide
correct answers. They are configured by default to give NXDOMAIN (no reverse information) answers.
The defaults can be turned off by specifying your own local-zone of that name, or using the nodefault type. Below is a list of the default
zone contents.
localhost
The IPv4 and IPv6 localhost information is given. NS and SOA records are provided for completeness and to satisfy some DNS update
tools. Default content:
local-zone: "localhost." redirect
local-data: "localhost. 10800 IN NS localhost."
local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
local-data: "localhost. 10800 IN A 127.0.0.1"
local-data: "localhost. 10800 IN AAAA ::1"
reverse IPv4 loopback
Default content:
local-zone: "127.in-addr.arpa." static
local-data: "127.in-addr.arpa. 10800 IN NS localhost."
local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."
reverse IPv6 loopback
Default content:
local-zone: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." static
local-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN NS localhost."
local-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
local-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN PTR localhost."
home.arpa (RFC 8375)
Default content:
local-zone: "home.arpa." static
local-data: "home.arpa. 10800 IN NS localhost."
local-data: "home.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
resolver.arpa (RFC 9462)
Default content:
local-zone: "resolver.arpa." static
local-data: "resolver.arpa. 10800 IN NS localhost."
local-data: "resolver.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
service.arpa (draft-ietf-dnssd-srp-25)
Default content:
local-zone: "service.arpa." static
local-data: "service.arpa. 10800 IN NS localhost."
local-data: "service.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
onion (RFC 7686)
Default content:
local-zone: "onion." static
local-data: "onion. 10800 IN NS localhost."
local-data: "onion. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
test (RFC 6761)
Default content:
local-zone: "test." static
local-data: "test. 10800 IN NS localhost."
local-data: "test. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
invalid (RFC 6761)
Default content:
local-zone: "invalid." static
local-data: "invalid. 10800 IN NS localhost."
local-data: "invalid. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
reverse local use zones (RFC 1918)
Reverse data for zones 10.in-addr.arpa, 16.172.in-addr.arpa to 31.172.in-addr.arpa, 168.192.in-addr.arpa. The local-zone is set sta‐
tic and as local-data SOA and NS records are provided.
special-use IPv4 Addresses (RFC 3330)
Reverse data for zones 0.in-addr.arpa (this), 254.169.in-addr.arpa (link-local), 2.0.192.in-addr.arpa (TEST NET 1),
100.51.198.in-addr.arpa (TEST NET 2), 113.0.203.in-addr.arpa (TEST NET 3), 255.255.255.255.in-addr.arpa (broadcast). And from
64.100.in-addr.arpa to 127.100.in-addr.arpa (Shared Address Space).
reverse IPv6 unspecified (RFC 4291)
Reverse data for zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.
reverse IPv6 Locally Assigned Local Addresses (RFC 4193)
Reverse data for zone D.F.ip6.arpa.
reverse IPv6 Link Local Addresses (RFC 4291)
Reverse data for zones 8.E.F.ip6.arpa to B.E.F.ip6.arpa.
reverse IPv6 Example Prefix
Reverse data for zone 8.B.D.0.1.0.0.2.ip6.arpa. This zone is used for tutorials and examples. You can remove the block on this zone
with:
local-zone: 8.B.D.0.1.0.0.2.ip6.arpa. nodefault
You can also selectively unblock a part of the zone by making that part transparent with a local-zone statement. This also works with the
other default zones.
local-data: "<resource record string>"
Configure local data, which is served in reply to queries for it. The query has to match exactly unless you configure the local-zone as
redirect. If not matched exactly, the local-zone type determines further processing. If local-data is configured that is not a subdomain
of a local-zone, a transparent local-zone is configured. For record types such as TXT, use single quotes, as in:
local-data: 'example. TXT "text"'
NOTE:
If you need more complicated authoritative data, with referrals, wildcards, CNAME/DNAME support, or DNSSEC authoritative service, setup a
stub-zone for it as detailed in the stub zone section below.
local-data-ptr: "IPaddr name"
Configure local data shorthand for a PTR record with the reversed IPv4 or IPv6 address and the host name. For example "192.0.2.4 www.exam‐
ple.com". TTL can be inserted like this: "2001:DB8::4 7200 www.example.com"
local-zone-tag: <zone> <"list of tags">
Assign tags to local zones. Tagged localzones will only be applied when the used access-control element has a matching tag. Tags must be
defined in define-tag. Enclose list of tags in quotes ("") and put spaces between tags. When there are multiple tags it checks if the in‐
tersection of the list of tags for the query and local-zone-tag is non-empty.
local-zone-override: <zone> <IP netblock> <type>
Override the local zone type for queries from addresses matching netblock. Use this localzone type, regardless the type configured for the
local zone (both tagged and untagged) and regardless the type configured using access-control-tag-action.
response-ip: <IP-netblock> <action>
This requires use of the respip module.
If the IP address in an AAAA or A RR in the answer section of a response matches the specified IP netblock, the specified action will apply.
<action> has generally the same semantics as that for access-control-tag-action, but there are some exceptions.
Actions for response-ip are different from those for local-zone in that in case of the former there is no point of such conditions as "the
query matches it but there is no local data". Because of this difference, the semantics of response-ip actions are modified or simplified
as follows: The static, refuse, transparent, typetransparent, and nodefault actions are invalid for response-ip. Using any of these will
cause the configuration to be rejected as faulty. The deny action is non-conditional, i.e. it always results in dropping the corresponding
query. The resolution result before applying the deny action is still cached and can be used for other queries.
response-ip-data: <IP-netblock> <"resource record string">
This requires use of the respip module.
This specifies the action data for response-ip with action being to redirect as specified by <"resource record string">. <"Resource record
string"> is similar to that of access-control-tag-action, but it must be of either AAAA, A or CNAME types. If the <IP-netblock> is an
IPv6/IPv4 prefix, the record must be AAAA/A respectively, unless it is a CNAME (which can be used for both versions of IP netblocks). If it
is CNAME there must not be more than one response-ip-data for the same <IP-netblock>. Also, CNAME and other types of records must not coex‐
ist for the same <IP-netblock>, following the normal rules for CNAME records. The textual domain name for the CNAME does not have to be ex‐
plicitly terminated with a dot ("."); the root name is assumed to be the origin for the name.
response-ip-tag: <IP-netblock> <"list of tags">
This requires use of the respip module.
Assign tags to response <IP-netblock>. If the IP address in an AAAA or A RR in the answer section of a response matches the specified
<IP-netblock>, the specified tags are assigned to the IP address. Then, if an access-control-tag is defined for the client and it includes
one of the tags for the response IP, the corresponding access-control-tag-action will apply. Tag matching rule is the same as that for
access-control-tag and local-zone. Unlike local-zone-tag, response-ip-tag can be defined for an <IP-netblock> even if no response-ip is de‐
fined for that netblock. If multiple response-ip-tag options are specified for the same <IP-netblock> in different statements, all but the
first will be ignored. However, this will not be flagged as a configuration error, but the result is probably not what was intended.
Actions specified in an access-control-tag-action that has a matching tag with response-ip-tag can be those that are "invalid" for
response-ip listed above, since access-control-tag-action can be shared with local zones. For these actions, if they behave differently de‐
pending on whether local data exists or not in case of local zones, the behavior for response-ip-data will generally result in NOERROR/NO‐
DATA instead of NXDOMAIN, since the response-ip data are inherently type specific, and non-existence of data does not indicate anything
about the existence or non-existence of the qname itself. For example, if the matching tag action is static but there is no data for the
corresponding response-ip configuration, then the result will be NOERROR/NODATA. The only case where NXDOMAIN is returned is when an
always_nxdomain action applies.
ratelimit: <number or 0>
Enable ratelimiting of queries sent to nameserver for performing recursion. 0 disables the feature. This option is experimental at this
time.
The ratelimit is in queries per second that are allowed. More queries are turned away with an error (SERVFAIL). Cached responses are not
ratelimited by this setting.
This stops recursive floods, eg. random query names, but not spoofed reflection floods. The zone of the query is determined by examining
the nameservers for it, the zone name is used to keep track of the rate. For example, 1000 may be a suitable value to stop the server from
being overloaded with random names, and keeps unbound from sending traffic to the nameservers for those zones.
NOTE:
Configured forwarders are excluded from ratelimiting.
Default: 0
ratelimit-size: <memory size>
Give the size of the data structure in which the current ongoing rates are kept track in. In bytes or use m(mega), k(kilo), g(giga). The
ratelimit structure is small, so this data structure likely does not need to be large.
Default: 4m
ratelimit-slabs: <number>
Number of slabs in the ratelimit tracking data structure. Slabs reduce lock contention by threads. Must be set to a power of 2. Setting
(close) to the number of cpus is a fairly good setting. If left unconfigured, it will be configured automatically to be a power of 2 close
to the number of configured threads in multi-threaded environments.
Default: (unconfigured)
ratelimit-factor: <number>
Set the amount of queries to rate limit when the limit is exceeded. If set to 0, all queries are dropped for domains where the limit is ex‐
ceeded. If set to another value, 1 in that number is allowed through to complete. Default is 10, allowing 1/10 traffic to flow normally.
This can make ordinary queries complete (if repeatedly queried for), and enter the cache, whilst also mitigating the traffic flow by the
factor given.
Default: 10
ratelimit-backoff: <yes or no>
If enabled, the ratelimit is treated as a hard failure instead of the default maximum allowed constant rate. When the limit is reached,
traffic is ratelimited and demand continues to be kept track of for a 2 second rate window. No traffic is allowed, except for
ratelimit-factor, until demand decreases below the configured ratelimit for a 2 second rate window. Useful to set ratelimit to a suspicious
rate to aggressively limit unusually high traffic.
Default: no
ratelimit-for-domain: <domain> <number qps or 0>
Override the global ratelimit for an exact match domain name with the listed number. You can give this for any number of names. For exam‐
ple, for a top-level-domain you may want to have a higher limit than other names. A value of 0 will disable ratelimiting for that domain.
ratelimit-below-domain: <domain> <number qps or 0>
Override the global ratelimit for a domain name that ends in this name. You can give this multiple times, it then describes different set‐
tings in different parts of the namespace. The closest matching suffix is used to determine the qps limit. The rate for the exact matching
domain name is not changed, use ratelimit-for-domain to set that, you might want to use different settings for a top-level-domain and subdo‐
mains. A value of 0 will disable ratelimiting for domain names that end in this name.
ip-ratelimit: <number or 0>
Enable global ratelimiting of queries accepted per ip address. This option is experimental at this time. The ratelimit is in queries per
second that are allowed. More queries are completely dropped and will not receive a reply, SERVFAIL or otherwise. IP ratelimiting happens
before looking in the cache. This may be useful for mitigating amplification attacks. Clients with a valid DNS Cookie will bypass the
ratelimit. If a ratelimit for such clients is still needed, ip-ratelimit-cookie can be used instead.
Default: 0 (disabled)
ip-ratelimit-cookie: <number or 0>
Enable global ratelimiting of queries accepted per IP address with a valid DNS Cookie. This option is experimental at this time. The rate‐
limit is in queries per second that are allowed. More queries are completely dropped and will not receive a reply, SERVFAIL or otherwise.
IP ratelimiting happens before looking in the cache. This option could be useful in combination with allow_cookie, in an attempt to miti‐
gate other amplification attacks than UDP reflections (e.g., attacks targeting Unbound itself) which are already handled with DNS Cookies.
If used, the value is suggested to be higher than ip-ratelimit e.g., tenfold.
Default: 0 (disabled)
ip-ratelimit-size: <memory size>
Give the size of the data structure in which the current ongoing rates are kept track in. In bytes or use m(mega), k(kilo), g(giga). The
IP ratelimit structure is small, so this data structure likely does not need to be large.
Default: 4m
ip-ratelimit-slabs: <number>
Number of slabs in the ip ratelimit tracking data structure. Slabs reduce lock contention by threads. Must be set to a power of 2. Set‐
ting (close) to the number of cpus is a fairly good setting. If left unconfigured, it will be configured automatically to be a power of 2
close to the number of configured threads in multi-threaded environments.
Default: (unconfigured)
ip-ratelimit-factor: <number>
Set the amount of queries to rate limit when the limit is exceeded. If set to 0, all queries are dropped for addresses where the limit is
exceeded. If set to another value, 1 in that number is allowed through to complete. Default is 10, allowing 1/10 traffic to flow normally.
This can make ordinary queries complete (if repeatedly queried for), and enter the cache, whilst also mitigating the traffic flow by the
factor given.
Default: 10
ip-ratelimit-backoff: <yes or no>
If enabled, the rate limit is treated as a hard failure instead of the default maximum allowed constant rate. When the limit is reached,
traffic is ratelimited and demand continues to be kept track of for a 2 second rate window. No traffic is allowed, except for
ip-ratelimit-factor, until demand decreases below the configured ratelimit for a 2 second rate window. Useful to set ip-ratelimit to a sus‐
picious rate to aggressively limit unusually high traffic.
Default: no
outbound-msg-retry: <number>
The number of retries, per upstream nameserver in a delegation, that Unbound will attempt in case a throwaway response is received. No re‐
sponse (timeout) contributes to the retry counter. If a forward/stub zone is used, this is the number of retries per nameserver in the
zone.
Default: 5
max-sent-count: <number>
Hard limit on the number of outgoing queries Unbound will make while resolving a name, making sure large NS sets do not loop. Results in
SERVFAIL when reached. It resets on query restarts (e.g., CNAME) and referrals.
Default: 32
max-query-restarts: <number>
Hard limit on the number of times Unbound is allowed to restart a query upon encountering a CNAME record. Results in SERVFAIL when reached.
Changing this value needs caution as it can allow long CNAME chains to be accepted, where Unbound needs to verify (resolve) each link indi‐
vidually.
Default: 11
iter-scrub-ns: <number>
Limit on the number of NS records allowed in an rrset of type NS, from the iterator scrubber. This protects the internals of the resolver
from overly large NS sets.
Default: 20
iter-scrub-cname: <number>
Limit on the number of CNAME, DNAME records in an answer, from the iterator scrubber. This protects the internals of the resolver from
overly long indirection chains. Clips off the remainder of the reply packet at that point.
Default: 11
max-global-quota: <number>
Limit on the number of upstream queries sent out for an incoming query and its subqueries from recursion. It is not reset during the reso‐
lution. When it is exceeded the query is failed and the lookup process stops.
Default: 200
iter-scrub-promiscuous: <yes or no>
Should the iterator scrubber remove promiscuous NS from positive answers. This protects against poisonous contents, that could affect names
in the same zone as a spoofed packet.
Default: yes
fast-server-permil: <number>
Specify how many times out of 1000 to pick from the set of fastest servers. 0 turns the feature off. A value of 900 would pick from the
fastest servers 90 percent of the time, and would perform normal exploration of random servers for the remaining time. When prefetch is en‐
abled (or serve-expired), such prefetches are not sped up, because there is no one waiting for it, and it presents a good moment to perform
server exploration. The fast-server-num option can be used to specify the size of the fastest servers set.
Default: 0
fast-server-num: <number>
Set the number of servers that should be used for fast server selection. Only use the fastest specified number of servers with the
fast-server-permil option, that turns this on or off.
Default: 3
answer-cookie: <yes or no>
If enabled, Unbound will answer to requests containing DNS Cookies as specified in RFC 7873 and RFC 9018.
Default: no
cookie-secret: "<128 bit hex string>"
Server's secret for DNS Cookie generation. Useful to explicitly set for servers in an anycast deployment that need to share the secret in
order to verify each other's Server Cookies. An example hex string would be "000102030405060708090a0b0c0d0e0f".
NOTE:
This option is ignored if a cookie-secret-file is present. In that case the secrets from that file are used in DNS Cookie calculations.
Default: 128 bits random secret generated at startup time
cookie-secret-file: <filename>
File from which the secrets are read used in DNS Cookie calculations. When this file exists, the secrets in this file are used and the se‐
cret specified by the cookie-secret option is ignored. Enable it by setting a filename, like "/usr/local/etc/unbound_cookiesecrets.txt".
The content of this file must be manipulated with the add_cookie_secret, drop_cookie_secret and activate_cookie_secret commands to the
unbound-control(8) tool. Please see that manpage on how to perform a safe cookie secret rollover.
Default: "" (disabled)
edns-client-string: <IP netblock> <string>
Include an EDNS0 option containing configured ASCII string in queries with destination address matching the configured <IP netblock>. This
configuration option can be used multiple times. The most specific match will be used.
edns-client-string-opcode: <opcode>
EDNS0 option code for the edns-client-string option, from 0 to 65535. A value from the 'Reserved for Local/Experimental' range
(65001-65534) should be used.
Default: 65001
ede: <yes or no>
If enabled, Unbound will respond with Extended DNS Error codes (RFC 8914). These EDEs provide additional information with a response mainly
for, but not limited to, DNS and DNSSEC errors.
When the val-log-level option is also set to 2, responses with Extended DNS Errors concerning DNSSEC failures will also contain a descrip‐
tive text message about the reason for the failure.
Default: no
ede-serve-expired: <yes or no>
If enabled, Unbound will attach an Extended DNS Error (RFC 8914) Code 3 - Stale Answer as EDNS0 option to the expired response.
NOTE:
ede: yes needs to be set as well for this to work.
Default: no
dns-error-reporting: <yes or no>
If enabled, Unbound will send DNS Error Reports (RFC 9567). The name servers need to express support by attaching the Report-Channel EDNS0
option on their replies specifying the reporting agent for the zone. Any errors encountered during resolution that would result in Unbound
generating an Extended DNS Error (RFC 8914) will be reported to the zone's reporting agent.
The ede option does not need to be enabled for this to work.
It is advised that the qname-minimisation option is also enabled to increase privacy on the outgoing reports.
Default: no
Remote Control Options
In the remote-control: clause are the declarations for the remote control facility. If this is enabled, the unbound-control(8) utility can be used
to send commands to the running Unbound server. The server uses these clauses to setup TLSv1 security for the connection. The unbound-control(8)
utility also reads the remote-control: section for options. To setup the correct self-signed certificates use the unbound-control-setup(8) util‐
ity.
control-enable: <yes or no>
The option is used to enable remote control. If turned off, the server does not listen for control commands.
Default: no
control-interface: <IP address or interface name or path>
Give IPv4 or IPv6 addresses or local socket path to listen on for control commands. If an interface name is used instead of an IP address,
the list of IP addresses on that interface are used.
By default localhost (127.0.0.1 and ::1) is listened to. Use 0.0.0.0 and ::0 to listen to all interfaces. If you change this and permis‐
sions have been dropped, you must restart the server for the change to take effect.
If you set it to an absolute path, a unix domain socket is used. This socket does not use the certificates and keys, so those files need
not be present. To restrict access, Unbound sets permissions on the file to the user and group that is configured, the access bits are set
to allow the group members to access the control socket file. Put users that need to access the socket in the that group. To restrict ac‐
cess further, create a directory to put the control socket in and restrict access to that directory.
control-port: <port number>
The port number to listen on for IPv4 or IPv6 control interfaces.
NOTE:
If you change this and permissions have been dropped, you must restart the server for the change to take effect.
Default: 8953
control-use-cert: <yes or no>
For localhost control-interface you can disable the use of TLS by setting this option to "no". For local sockets, TLS is disabled and the
value of this option is ignored.
Default: yes
server-key-file: <private key file>
Path to the server private key. This file is generated by the unbound-control-setup(8) utility. This file is used by the Unbound server,
but not by unbound-control(8).
Default: unbound_server.key
server-cert-file: <certificate file.pem>
Path to the server self signed certificate. This file is generated by the unbound-control-setup(8) utility. This file is used by the Un‐
bound server, and also by unbound-control(8).
Default: unbound_server.pem
control-key-file: <private key file>
Path to the control client private key. This file is generated by the unbound-control-setup(8) utility. This file is used by
unbound-control(8).
Default: unbound_control.key
control-cert-file: <certificate file.pem>
Path to the control client certificate. This certificate has to be signed with the server certificate. This file is generated by the
unbound-control-setup(8) utility. This file is used by unbound-control(8).
Default: unbound_control.pem
Stub Zone Options
There may be multiple stub-zone: clauses. Each with a name and zero or more hostnames or IP addresses. For the stub zone this list of nameservers
is used. Class IN is assumed. The servers should be authority servers, not recursors; Unbound performs the recursive processing itself for stub
zones.
The stub zone can be used to configure authoritative data to be used by the resolver that cannot be accessed using the public internet servers.
This is useful for company-local data or private zones. Setup an authoritative server on a different host (or different port). Enter a config en‐
try for Unbound with:
stub-addr: <ip address of host[@port]>
The Unbound resolver can then access the data, without referring to the public internet for it.
This setup allows DNSSEC signed zones to be served by that authoritative server, in which case a trusted key entry with the public key can be put
in config, so that Unbound can validate the data and set the AD bit on replies for the private zone (authoritative servers do not set the AD bit).
This setup makes Unbound capable of answering queries for the private zone, and can even set the AD bit ('authentic'), but the AA ('authoritative')
bit is not set on these replies.
Consider adding server statements for domain-insecure and for local-zone: <name> nodefault for the zone if it is a locally served zone. The inse‐
cure clause stops DNSSEC from invalidating the zone. The local-zone: nodefault (or transparent) clause makes the (reverse-) zone bypass Unbound's
filtering of RFC 1918 zones.
name: <domain name>
Name of the stub zone. This is the full domain name of the zone.
stub-host: <domain name>
Name of stub zone nameserver. Is itself resolved before it is used.
To use a non-default port for DNS communication append '@' with the port number.
If TLS is enabled, then you can append a '#' and a name, then it'll check the TLS authentication certificates with that name.
If you combine the '@' and '#', the '@' comes first. If only '#' is used the default port is the configured tls-port.
stub-addr: <IP address>
IP address of stub zone nameserver. Can be IPv4 or IPv6.
To use a non-default port for DNS communication append '@' with the port number.
If TLS is enabled, then you can append a '#' and a name, then it'll check the tls authentication certificates with that name.
If you combine the '@' and '#', the '@' comes first. If only '#' is used the default port is the configured tls-port.
stub-prime: <yes or no>
If enabled it performs NS set priming, which is similar to root hints, where it starts using the list of nameservers currently published by
the zone. Thus, if the hint list is slightly outdated, the resolver picks up a correct list online.
Default: no
stub-first: <yes or no>
If enabled, a query is attempted without the stub clause if it fails. The data could not be retrieved and would have caused SERVFAIL be‐
cause the servers are unreachable, instead it is tried without this clause.
Default: no
stub-tls-upstream: <yes or no>
Enabled or disable whether the queries to this stub use TLS for transport.
Default: no
stub-ssl-upstream: <yes or no>
Alternate syntax for stub-tls-upstream.
stub-tcp-upstream: <yes or no>
If it is set to "yes" then upstream queries use TCP only for transport regardless of global flag tcp-upstream.
Default: no
stub-no-cache: <yes or no>
If enabled, data inside the stub is not cached. This is useful when you want immediate changes to be visible.
Default: no
Forward Zone Options
There may be multiple forward-zone: clauses. Each with a name and zero or more hostnames or IP addresses. For the forward zone this list of name‐
servers is used to forward the queries to. The servers listed as forward-host and forward-addr have to handle further recursion for the query.
Thus, those servers are not authority servers, but are (just like Unbound is) recursive servers too; Unbound does not perform recursion itself for
the forward zone, it lets the remote server do it. Class IN is assumed. CNAMEs are chased by Unbound itself, asking the remote server for every
name in the indirection chain, to protect the local cache from illegal indirect referenced items. A forward-zone entry with name "." and a
forward-addr target will forward all queries to that other server (unless it can answer from the cache).
name: <domain name>
Name of the forward zone. This is the full domain name of the zone.
forward-host: <domain name>
Name of server to forward to. Is itself resolved before it is used.
To use a non-default port for DNS communication append '@' with the port number.
If TLS is enabled, then you can append a '#' and a name, then it'll check the TLS authentication certificates with that name.
If you combine the '@' and '#', the '@' comes first. If only '#' is used the default port is the configured tls-port.
forward-addr: <IP address>
IP address of server to forward to. Can be IPv4 or IPv6.
To use a non-default port for DNS communication append '@' with the port number.
If TLS is enabled, then you can append a '#' and a name, then it'll check the tls authentication certificates with that name.
If you combine the '@' and '#', the '@' comes first. If only '#' is used the default port is the configured tls-port.
At high verbosity it logs the TLS certificate, with TLS enabled. If you leave out the '#' and auth name from the forward-addr, any name is
accepted. The cert must also match a CA from the tls-cert-bundle.
forward-first: <yes or no>
If a forwarded query is met with a SERVFAIL error, and this option is enabled, Unbound will fall back to normal recursive resolution for
this query as if no query forwarding had been specified.
Default: no
forward-tls-upstream: <yes or no>
Enabled or disable whether the queries to this forwarder use TLS for transport. If you enable this, also configure a tls-cert-bundle or use
tls-win-cert to load CA certs, otherwise the connections cannot be authenticated.
Default: no
forward-ssl-upstream: <yes or no>
Alternate syntax for forward-tls-upstream.
forward-tcp-upstream: <yes or no>
If it is set to "yes" then upstream queries use TCP only for transport regardless of global flag tcp-upstream.
Default: no
forward-no-cache: <yes or no>
If enabled, data inside the forward is not cached. This is useful when you want immediate changes to be visible.
Default: no
Authority Zone Options
Authority zones are configured with auth-zone:, and each one must have a name. There can be multiple ones, by listing multiple auth-zone clauses,
each with a different name, pertaining to that part of the namespace. The authority zone with the name closest to the name looked up is used. Au‐
thority zones can be processed on two distinct, non-exclusive, configurable stages.
With for-downstream: yes (default), authority zones are processed after local-zones and before cache. When used in this manner, Unbound responds
like an authority server with no further processing other than returning an answer from the zone contents. A notable example, in this case, is
CNAME records which are returned verbatim to downstream clients without further resolution.
With for-upstream: yes (default), authority zones are processed after the cache lookup, just before going to the network to fetch information for
recursion. When used in this manner they provide a local copy of an authority server that speeds up lookups for that data during resolving.
If both options are enabled (default), client queries for an authority zone are answered authoritatively from Unbound, while internal queries that
require data from the authority zone consult the local zone data instead of going to the network.
An interesting configuration is for-downstream: no, for-upstream: yes that allows for hyperlocal behavior where both client and internal queries
consult the local zone data while resolving. In this case, the aforementioned CNAME example will result in a thoroughly resolved answer.
Authority zones can be read from zonefile. And can be kept updated via AXFR and IXFR. After update the zonefile is rewritten. The update mecha‐
nism uses the SOA timer values and performs SOA UDP queries to detect zone changes.
If the update fetch fails, the timers in the SOA record are used to time another fetch attempt. Until the SOA expiry timer is reached. Then the
zone is expired. When a zone is expired, queries are SERVFAIL, and any new serial number is accepted from the primary (even if older), and if
fallback is enabled, the fallback activates to fetch from the upstream instead of the SERVFAIL.
name: <zone name>
Name of the authority zone.
primary: <IP address or host name>
Where to download a copy of the zone from, with AXFR and IXFR. Multiple primaries can be specified. They are all tried if one fails.
To use a non-default port for DNS communication append '@' with the port number.
You can append a '#' and a name, then AXFR over TLS can be used and the TLS authentication certificates will be checked with that name.
If you combine the '@' and '#', the '@' comes first. If you point it at another Unbound instance, it would not work because that does not
support AXFR/IXFR for the zone, but if you used url to download the zonefile as a text file from a webserver that would work.
If you specify the hostname, you cannot use the domain from the zonefile, because it may not have that when retrieving that data, instead
use a plain IP address to avoid a circular dependency on retrieving that IP address.
master: <IP address or host name>
Alternate syntax for primary.
url: <URL to zone file>
Where to download a zonefile for the zone. With HTTP or HTTPS. An example for the url is:
http://www.example.com/example.org.zone
Multiple url statements can be given, they are tried in turn.
If only urls are given the SOA refresh timer is used to wait for making new downloads. If also primaries are listed, the primaries are
first probed with UDP SOA queries to see if the SOA serial number has changed, reducing the number of downloads. If none of the urls work,
the primaries are tried with IXFR and AXFR.
For HTTPS, the tls-cert-bundle and the hostname from the url are used to authenticate the connection.
If you specify a hostname in the URL, you cannot use the domain from the zonefile, because it may not have that when retrieving that data,
instead use a plain IP address to avoid a circular dependency on retrieving that IP address.
Avoid dependencies on name lookups by using a notation like "http://192.0.2.1/unbound-primaries/example.com.zone", with an explicit IP ad‐
dress.
allow-notify: <IP address or host name or netblockIP/prefix>
With allow-notify you can specify additional sources of notifies. When notified, the server attempts to first probe and then zone transfer.
If the notify is from a primary, it first attempts that primary. Otherwise other primaries are attempted. If there are no primaries, but
only urls, the file is downloaded when notified.
NOTE:
The primaries from primary and url statements are allowed notify by default.
fallback-enabled: <yes or no>
If enabled, Unbound falls back to querying the internet as a resolver for this zone when lookups fail. For example for DNSSEC validation
failures.
Default: no
for-downstream: <yes or no>
If enabled, Unbound serves authority responses to downstream clients for this zone. This option makes Unbound behave, for the queries with
names in this zone, like one of the authority servers for that zone.
Turn it off if you want Unbound to provide recursion for the zone but have a local copy of zone data.
If for-downstream: no and for-upstream: yes are set, then Unbound will DNSSEC validate the contents of the zone before serving the zone con‐
tents to clients and store validation results in the cache.
Default: yes
for-upstream: <yes or no>
If enabled, Unbound fetches data from this data collection for answering recursion queries. Instead of sending queries over the internet to
the authority servers for this zone, it'll fetch the data directly from the zone data.
Turn it on when you want Unbound to provide recursion for downstream clients, and use the zone data as a local copy to speed up lookups.
Default: yes
zonemd-check: <yes or no>
Enable this option to check ZONEMD records in the zone. The ZONEMD record is a checksum over the zone data. This includes glue in the zone
and data from the zone file, and excludes comments from the zone file. When there is a DNSSEC chain of trust, DNSSEC signatures are checked
too.
Default: no
zonemd-reject-absence: <yes or no>
Enable this option to reject the absence of the ZONEMD record. Without it, when ZONEMD is not there it is not checked.
It is useful to enable for a non-DNSSEC signed zone where the operator wants to require the verification of a ZONEMD, hence a missing ZONEMD
is a failure.
The action upon failure is controlled by the zonemd-permissive-mode option, for log only or also block the zone.
Without the option, absence of a ZONEMD is only a failure when the zone is DNSSEC signed, and we have a trust anchor, and the DNSSEC verifi‐
cation of the absence of the ZONEMD fails. With the option enabled, the absence of a ZONEMD is always a failure, also for nonDNSSEC signed
zones.
Default: no
zonefile: <filename>
The filename where the zone is stored. If not given then no zonefile is used. If the file does not exist or is empty, Unbound will attempt
to fetch zone data (eg. from the primary servers).
View Options
There may be multiple view: clauses. Each with a name and zero or more local-zone and local-data attributes. Views can also contain view-first,
response-ip, response-ip-data and local-data-ptr attributes. View can be mapped to requests by specifying the view name in an access-control-view
attribute. Options from matching views will override global options. Global options will be used if no matching view is found, or when the match‐
ing view does not have the option specified.
name: <view name>
Name of the view. Must be unique. This name is used in the access-control-view attribute.
local-zone: <zone> <type>
View specific local zone elements. Has the same types and behaviour as the global local-zone elements. When there is at least one lo‐
cal-zone: specified and view-first: no is set, the default local-zones will be added to this view. Defaults can be disabled using the node‐
fault type. When view-first: yes is set or when a view does not have a local-zone, the global local-zone will be used including it's de‐
fault zones.
local-data: "<resource record string>"
View specific local data elements. Has the same behaviour as the global local-data elements.
local-data-ptr: "IPaddr name"
View specific local-data-ptr elements. Has the same behaviour as the global local-data-ptr elements.
view-first: <yes or no>
If enabled, it attempts to use the global local-zone and local-data if there is no match in the view specific options.
Default: no
Python Module Options
The python: clause gives the settings for the python(1) script module. This module acts like the iterator and validator modules do, on queries and
answers. To enable the script module it has to be compiled into the daemon, and the word python has to be put in the module-config option (usually
first, or between the validator and iterator). Multiple instances of the python module are supported by adding the word python more than once.
If the chroot option is enabled, you should make sure Python's library directory structure is bind mounted in the new root environment, see
mount(8). Also the python-script path should be specified as an absolute path relative to the new root, or as a relative path to the working di‐
rectory.
python-script: <python file>
The script file to load. Repeat this option for every python module instance added to the module-config option.
Dynamic Library Module Options
The dynlib: clause gives the settings for the dynlib module. This module is only a very small wrapper that allows dynamic modules to be loaded on
runtime instead of being compiled into the application. To enable the dynlib module it has to be compiled into the daemon, and the word dynlib has
to be put in the module-config attribute. Multiple instances of dynamic libraries are supported by adding the word dynlib more than once.
The dynlib-file path should be specified as an absolute path relative to the new path set by chroot, or as a relative path to the working direc‐
tory.
dynlib-file: <dynlib file>
The dynamic library file to load. Repeat this option for every dynlib module instance added to the module-config option.
DNS64 Module Options
The dns64 module must be configured in the module-config directive, e.g.:
module-config: "dns64 validator iterator"
and be compiled into the daemon to be enabled.
NOTE:
These settings go in the server: section.
dns64-prefix: <IPv6 prefix>
This sets the DNS64 prefix to use to synthesize AAAA records with. It must be /96 or shorter.
Default: 64:ff9b::/96
dns64-synthall: <yes or no>
WARNING:
Debugging feature!
If enabled, synthesize all AAAA records despite the presence of actual AAAA records.
Default: no
dns64-ignore-aaaa: <domain name>
List domain for which the AAAA records are ignored and the A record is used by DNS64 processing instead. Can be entered multiple times,
list a new domain for which it applies, one per line. Applies also to names underneath the name given.
NAT64 Operation
NAT64 operation allows using a NAT64 prefix for outbound requests to IPv4-only servers. It is controlled by two options in the server: section:
do-nat64: <yes or no>
Use NAT64 to reach IPv4-only servers. Consider also enabling prefer-ip6 to prefer native IPv6 connections to nameservers.
Default: no
nat64-prefix: <IPv6 prefix>
Use a specific NAT64 prefix to reach IPv4-only servers. The prefix length must be one of /32, /40, /48, /56, /64 or /96.
Default: 64:ff9b::/96 (same as dns64-prefix)
DNSCrypt Options
The dnscrypt: clause gives the settings of the dnscrypt channel. While those options are available, they are only meaningful if Unbound was com‐
piled with --enable-dnscrypt. Currently certificate and secret/public keys cannot be generated by Unbound. You can use dnscrypt-wrapper to gener‐
ate those: https://github.com/cofyc/dnscrypt-wrapper/blob/master/README.md#usage
dnscrypt-enable: <yes or no>
Whether or not the dnscrypt config should be enabled. You may define configuration but not activate it.
Default: no
dnscrypt-port: <port number>
On which port should dnscrypt should be activated.
NOTE:
There should be a matching interface option defined in the server: section for this port.
dnscrypt-provider: <provider name>
The provider name to use to distribute certificates. This is of the form:
2.dnscrypt-cert.example.com.
IMPORTANT:
The name MUST end with a dot.
dnscrypt-secret-key: <path to secret key file>
Path to the time limited secret key file. This option may be specified multiple times.
dnscrypt-provider-cert: <path to cert file>
Path to the certificate related to the dnscrypt-secret-key. This option may be specified multiple times.
dnscrypt-provider-cert-rotated: <path to cert file>
Path to a certificate that we should be able to serve existing connection from but do not want to advertise over dnscrypt-provider 's TXT
record certs distribution.
A typical use case is when rotating certificates, existing clients may still use the client magic from the old cert in their queries until
they fetch and update the new cert. Likewise, it would allow one to prime the new cert/key without distributing the new cert yet, this can
be useful when using a network of servers using anycast and on which the configuration may not get updated at the exact same time.
By priming the cert, the servers can handle both old and new certs traffic while distributing only one.
This option may be specified multiple times.
dnscrypt-shared-secret-cache-size: <memory size>
Give the size of the data structure in which the shared secret keys are kept in. In bytes or use m(mega), k(kilo), g(giga). The shared se‐
cret cache is used when a same client is making multiple queries using the same public key. It saves a substantial amount of CPU.
Default: 4m
dnscrypt-shared-secret-cache-slabs: <number>
Number of slabs in the dnscrypt shared secrets cache. Slabs reduce lock contention by threads. Must be set to a power of 2. Setting
(close) to the number of cpus is a fairly good setting. If left unconfigured, it will be configured automatically to be a power of 2 close
to the number of configured threads in multi-threaded environments.
Default: (unconfigured)
dnscrypt-nonce-cache-size: <memory size>
Give the size of the data structure in which the client nonces are kept in. In bytes or use m(mega), k(kilo), g(giga). The nonce cache is
used to prevent dnscrypt message replaying. Client nonce should be unique for any pair of client pk/server sk.
Default: 4m
dnscrypt-nonce-cache-slabs: <number>
Number of slabs in the dnscrypt nonce cache. Slabs reduce lock contention by threads. Must be set to a power of 2. Setting (close) to the
number of cpus is a fairly good setting. If left unconfigured, it will be configured automatically to be a power of 2 close to the number
of configured threads in multi-threaded environments.
Default: (unconfigured)
EDNS Client Subnet Module Options
The ECS module must be configured in the module-config directive, e.g.:
module-config: "subnetcache validator iterator"
and be compiled into the daemon to be enabled.
NOTE:
These settings go in the server: section.
If the destination address is allowed in the configuration Unbound will add the EDNS0 option to the query containing the relevant part of the
client's address. When an answer contains the ECS option the response and the option are placed in a specialized cache. If the authority indi‐
cated no support, the response is stored in the regular cache.
Additionally, when a client includes the option in its queries, Unbound will forward the option when sending the query to addresses that are ex‐
plicitly allowed in the configuration using send-client-subnet. The option will always be forwarded, regardless the allowed addresses, when
client-subnet-always-forward: yes is set. In this case the lookup in the regular cache is skipped.
The maximum size of the ECS cache is controlled by msg-cache-size in the configuration file. On top of that, for each query only 100 different
subnets are allowed to be stored for each address family. Exceeding that number, older entries will be purged from cache.
Note that due to the nature of how EDNS Client Subnet works, by segregating the client IP space in order to try and have tailored responses for
prefixes of unknown sizes, resolution and cache response performance are impacted as a result. Usage of the subnetcache module should only be en‐
abled in installations that require such functionality where the resolver and the clients belong to different networks. An example of that is an
open resolver installation.
This module does not interact with the serve-expired* and prefetch options.
send-client-subnet: <IP address>
Send client source address to this authority. Append /num to indicate a classless delegation netblock, for example like 10.2.3.4/24 or
2001::11/64. Can be given multiple times. Authorities not listed will not receive edns-subnet information, unless domain in query is spec‐
ified in client-subnet-zone.
client-subnet-zone: <domain>
Send client source address in queries for this domain and its subdomains. Can be given multiple times. Zones not listed will not receive
edns-subnet information, unless hosted by authority specified in send-client-subnet.
client-subnet-always-forward: <yes or no>
Specify whether the ECS address check (configured using send-client-subnet) is applied for all queries, even if the triggering query con‐
tains an ECS record, or only for queries for which the ECS record is generated using the querier address (and therefore did not contain ECS
data in the client query). If enabled, the address check is skipped when the client query contains an ECS record. And the lookup in the
regular cache is skipped.
Default: no
max-client-subnet-ipv6: <number>
Specifies the maximum prefix length of the client source address we are willing to expose to third parties for IPv6.
Default: 56
max-client-subnet-ipv4: <number>
Specifies the maximum prefix length of the client source address we are willing to expose to third parties for IPv4.
Default: 24
min-client-subnet-ipv6: <number>
Specifies the minimum prefix length of the IPv6 source mask we are willing to accept in queries. Shorter source masks result in REFUSED an‐
swers. Source mask of 0 is always accepted.
Default: 0
min-client-subnet-ipv4: <number>
Specifies the minimum prefix length of the IPv4 source mask we are willing to accept in queries. Shorter source masks result in REFUSED an‐
swers. Source mask of 0 is always accepted. Default: 0
max-ecs-tree-size-ipv4: <number>
Specifies the maximum number of subnets ECS answers kept in the ECS radix tree. This number applies for each qname/qclass/qtype tuple.
Default: 100
max-ecs-tree-size-ipv6: <number>
Specifies the maximum number of subnets ECS answers kept in the ECS radix tree. This number applies for each qname/qclass/qtype tuple.
Default: 100
Opportunistic IPsec Support Module Options
The IPsec module must be configured in the module-config directive, e.g.:
module-config: "ipsecmod validator iterator"
and be compiled into Unbound by using --enable-ipsecmod to be enabled.
NOTE:
These settings go in the server: section.
When Unbound receives an A/AAAA query that is not in the cache and finds a valid answer, it will withhold returning the answer and instead will
generate an IPSECKEY subquery for the same domain name. If an answer was found, Unbound will call an external hook passing the following argu‐
ments:
QNAME Domain name of the A/AAAA and IPSECKEY query. In string format.
IPSECKEY TTL
TTL of the IPSECKEY RRset.
A/AAAA String of space separated IP addresses present in the A/AAAA RRset. The IP addresses are in string format.
IPSECKEY
String of space separated IPSECKEY RDATA present in the IPSECKEY RRset. The IPSECKEY RDATA are in DNS presentation format.
The A/AAAA answer is then cached and returned to the client. If the external hook was called the TTL changes to ensure it doesn't surpass
ipsecmod-max-ttl.
The same procedure is also followed when prefetch: yes is set, but the A/AAAA answer is given to the client before the hook is called.
ipsecmod-max-ttl ensures that the A/AAAA answer given from cache is still relevant for opportunistic IPsec.
ipsecmod-enabled: <yes or no>
Specifies whether the IPsec module is enabled or not. The IPsec module still needs to be defined in the module-config directive. This op‐
tion facilitates turning on/off the module without restarting/reloading Unbound.
Default: yes
ipsecmod-hook: <filename>
Specifies the external hook that Unbound will call with system(3). The file can be specified as an absolute/relative path. The file needs
the proper permissions to be able to be executed by the same user that runs Unbound. It must be present when the IPsec module is defined in
the module-config directive.
ipsecmod-strict: <yes or no>
If enabled Unbound requires the external hook to return a success value of 0. Failing to do so Unbound will reply with SERVFAIL. The
A/AAAA answer will also not be cached.
Default: no
ipsecmod-max-ttl: <seconds>
Time to live maximum for A/AAAA cached records after calling the external hook.
Default: 3600
ipsecmod-ignore-bogus: <yes or no>
Specifies the behaviour of Unbound when the IPSECKEY answer is bogus. If set to yes, the hook will be called and the A/AAAA answer will be
returned to the client. If set to no, the hook will not be called and the answer to the A/AAAA query will be SERVFAIL. Mainly used for
testing.
Default: no
ipsecmod-allow: <domain>
Allow the IPsec module functionality for the domain so that the module logic will be executed. Can be given multiple times, for different
domains. If the option is not specified, all domains are treated as being allowed (default).
ipsecmod-whitelist: <domain>
Alternate syntax for ipsecmod-allow.
Cache DB Module Options
The Cache DB module must be configured in the module-config directive, e.g.:
module-config: "validator cachedb iterator"
and be compiled into the daemon with --enable-cachedb.
If this module is enabled and configured, the specified backend database works as a second level cache; when Unbound cannot find an answer to a
query in its built-in in-memory cache, it consults the specified backend. If it finds a valid answer in the backend, Unbound uses it to respond to
the query without performing iterative DNS resolution. If Unbound cannot even find an answer in the backend, it resolves the query as usual, and
stores the answer in the backend.
This module interacts with the serve-expired-* options and will reply with expired data if Unbound is configured for that.
If Unbound was built with --with-libhiredis on a system that has installed the hiredis C client library of Redis, then the redis backend can be
used. This backend communicates with the specified Redis server over a TCP connection to store and retrieve cache data. It can be used as a per‐
sistent and/or shared cache backend.
NOTE:
Unbound never removes data stored in the Redis server, even if some data have expired in terms of DNS TTL or the Redis server has cached too
much data; if necessary the Redis server must be configured to limit the cache size, preferably with some kind of least-recently-used eviction
policy.
Additionally, the redis-expire-records option can be used in order to set the relative DNS TTL of the message as timeout to the Redis records; keep
in mind that some additional memory is used per key and that the expire information is stored as absolute Unix timestamps in Redis (computer time
must be stable).
This backend uses synchronous communication with the Redis server based on the assumption that the communication is stable and sufficiently fast.
The thread waiting for a response from the Redis server cannot handle other DNS queries. Although the backend has the ability to reconnect to the
server when the connection is closed unexpectedly and there is a configurable timeout in case the server is overly slow or hangs up, these cases
are assumed to be very rare. If connection close or timeout happens too often, Unbound will be effectively unusable with this backend. It's the
administrator's responsibility to make the assumption hold.
The cachedb: clause gives custom settings of the cache DB module.
backend: <backend name>
Specify the backend database name. The default database is the in-memory backend named testframe, which, as the name suggests, is not of
any practical use. Depending on the build-time configuration, redis backend may also be used as described above.
Default: testframe
secret-seed: "<secret string>"
Specify a seed to calculate a hash value from query information. This value will be used as the key of the corresponding answer for the
backend database and can be customized if the hash should not be predictable operationally. If the backend database is shared by multiple
Unbound instances, all instances must use the same secret seed.
Default: "default"
cachedb-no-store: <yes or no>
If the backend should be read from, but not written to. This makes this instance not store dns messages in the backend. But if data is
available it is retrieved.
Default: no
cachedb-check-when-serve-expired: <yes or no>
If enabled, the cachedb is checked before an expired response is returned. When serve-expired is enabled, without
serve-expired-client-timeout , it then does not immediately respond with an expired response from cache, but instead first checks the
cachedb for valid contents, and if so returns it. If the cachedb also has no valid contents, the serve expired response is sent. If also
serve-expired-client-timeout is enabled, the expired response is delayed until the timeout expires. Unless the lookup succeeds within the
timeout.
Default: yes
The following cachedb: options are specific to the redis backend.
redis-server-host: <server address or name>
The IP (either v6 or v4) address or domain name of the Redis server. In general an IP address should be specified as otherwise Unbound will
have to resolve the name of the server every time it establishes a connection to the server.
Default: 127.0.0.1
redis-server-port: <port number>
The TCP port number of the Redis server.
Default: 6379
redis-server-path: <unix socket path>
The unix socket path to connect to the Redis server. Unix sockets may have better throughput than the IP address option.
Default: "" (disabled)
redis-server-password: "<password>"
The Redis AUTH password to use for the Redis server. Only relevant if Redis is configured for client password authorisation.
Default: "" (disabled)
redis-timeout: <msec>
The period until when Unbound waits for a response from the Redis server. If this timeout expires Unbound closes the connection, treats it
as if the Redis server does not have the requested data, and will try to re-establish a new connection later.
Default: 100
redis-command-timeout: <msec>
The timeout to use for Redis commands, in milliseconds. If 0, it uses the redis-timeout value.
Default: 0
redis-connect-timeout: <msec>
The timeout to use for Redis connection set up, in milliseconds. If 0, it uses the redis-timeout value.
Default: 0
redis-expire-records: <yes or no>
If Redis record expiration is enabled. If yes, Unbound sets timeout for Redis records so that Redis can evict keys that have expired auto‐
matically. If Unbound is configured with serve-expired and serve-expired-ttl: 0, this option is internally reverted to "no".
NOTE:
Redis "SET ... EX" support is required for this option (Redis >= 2.6.12).
Default: no
redis-logical-db: <logical database index>
The logical database in Redis to use. These are databases in the same Redis instance sharing the same configuration and persisted in the
same RDB/AOF file. If unsure about using this option, Redis documentation (https://redis.io/commands/select/) suggests not to use a single
Redis instance for multiple unrelated applications. The default database in Redis is 0 while other logical databases need to be explicitly
SELECT'ed upon connecting.
Default: 0
redis-replica-server-host: <server address or name>
The IP (either v6 or v4) address or domain name of the Redis server. In general an IP address should be specified as otherwise Unbound will
have to resolve the name of the server every time it establishes a connection to the server.
This server is treated as a read-only replica server (https://redis.io/docs/management/replication/#read-only-replica). If specified, all
Redis read commands will go to this replica server, while the write commands will go to the redis-server-host.
Default: "" (disabled).
redis-replica-server-port: <port number>
The TCP port number of the Redis replica server.
Default: 6379
redis-replica-server-path: <unix socket path>
The unix socket path to connect to the Redis replica server. Unix sockets may have better throughput than the IP address option.
Default: "" (disabled)
redis-replica-server-password: "<password>"
The Redis AUTH password to use for the Redis server. Only relevant if Redis is configured for client password authorisation.
Default: "" (disabled)
redis-replica-timeout: <msec>
The period until when Unbound waits for a response from the Redis replica server. If this timeout expires Unbound closes the connection,
treats it as if the Redis server does not have the requested data, and will try to re-establish a new connection later.
Default: 100
redis-replica-command-timeout: <msec>
The timeout to use for Redis replica commands, in milliseconds. If 0, it uses the redis-replica-timeout value.
Default: 0
redis-replica-connect-timeout: <msec>
The timeout to use for Redis replica connection set up, in milliseconds. If 0, it uses the redis-replica-timeout value.
Default: 0
redis-replica-logical-db: <logical database index>
Same as redis-logical-db but for the Redis replica server.
Default: 0
DNSTAP Logging Options
DNSTAP support, when compiled in by using --enable-dnstap, is enabled in the dnstap: section. This starts an extra thread (when compiled with
threading) that writes the log information to the destination. If Unbound is compiled without threading it does not spawn a thread, but connects
per-process to the destination.
dnstap-enable: <yes or no>
If dnstap is enabled. If yes, it connects to the DNSTAP server and if any of the dnstap-log-..-messages: options is enabled it sends logs
for those messages to the server.
Default: no
dnstap-bidirectional: <yes or no>
Use frame streams in bidirectional mode to transfer DNSTAP messages.
Default: yes
dnstap-socket-path: <file name>
Sets the unix socket file name for connecting to the server that is listening on that socket.
Default: /etc/unbound/dnstap.sock
dnstap-ip: <IPaddress[@port]>
If "", the unix socket is used, if set with an IP address (IPv4 or IPv6) that address is used to connect to the server.
Default: ""
dnstap-tls: <yes or no>
Set this to use TLS to connect to the server specified in dnstap-ip. If set to no, TCP is used to connect to the server.
Default: yes
dnstap-tls-server-name: <name of TLS authentication>
The TLS server name to authenticate the server with. Used when dnstap-tls: yes is set. If "" it is ignored.
Default: ""
dnstap-tls-cert-bundle: <file name of cert bundle>
The pem file with certs to verify the TLS server certificate. If "" the server default cert bundle is used, or the windows cert bundle on
windows.
Default: ""
dnstap-tls-client-key-file: <file name>
The client key file for TLS client authentication. If "" client authentication is not used.
Default: ""
dnstap-tls-client-cert-file: <file name>
The client cert file for TLS client authentication.
Default: ""
dnstap-send-identity: <yes or no>
If enabled, the server identity is included in the log messages.
Default: no
dnstap-send-version: <yes or no>
If enabled, the server version if included in the log messages.
Default: no
dnstap-identity: <string>
The identity to send with messages, if "" the hostname is used.
Default: ""
dnstap-version: <string>
The version to send with messages, if "" the package version is used.
Default: ""
dnstap-sample-rate: <number>
The sample rate for log of messages, it logs only 1/N messages. With 0 it is disabled. This is useful in a high volume environment, where
log functionality would otherwise not be reliable. For example 10 would spend only 1/10th time on logging, and 100 would only spend a hun‐
dredth of the time on logging.
Default: 0 (disabled)
dnstap-log-resolver-query-messages: <yes or no>
Enable to log resolver query messages. These are messages from Unbound to upstream servers.
Default: no
dnstap-log-resolver-response-messages: <yes or no>
Enable to log resolver response messages. These are replies from upstream servers to Unbound.
Default: no
dnstap-log-client-query-messages: <yes or no>
Enable to log client query messages. These are client queries to Unbound.
Default: no
dnstap-log-client-response-messages: <yes or no>
Enable to log client response messages. These are responses from Unbound to clients.
Default: no
dnstap-log-forwarder-query-messages: <yes or no>
Enable to log forwarder query messages.
Default: no
dnstap-log-forwarder-response-messages: <yes or no>
Enable to log forwarder response messages.
Default: no
Response Policy Zone Options
Response Policy Zones are configured with rpz:, and each one must have a name attribute. There can be multiple ones, by listing multiple RPZ
clauses, each with a different name. RPZ clauses are applied in order of configuration and any match from an earlier RPZ zone will terminate the
RPZ lookup. Note that a PASSTHRU action is still considered a match. The respip module needs to be added to the module-config, e.g.:
module-config: "respip validator iterator"
QNAME, Response IP Address, nsdname, nsip and clientip triggers are supported. Supported actions are: NXDOMAIN, NODATA, PASSTHRU, DROP, Local
Data, tcp-only and drop. RPZ QNAME triggers are applied after any local-zone and before any auth-zone.
The RPZ zone is a regular DNS zone formatted with a SOA start record as usual. The items in the zone are entries, that specify what to act on (the
trigger) and what to do (the action). The trigger to act on is recorded in the name, the action to do is recorded as the resource record. The
names all end in the zone name, so you could type the trigger names without a trailing dot in the zonefile.
An example RPZ record, that answers example.com with NXDOMAIN:
example.com CNAME .
The triggers are encoded in the name on the left
name query name
netblock.rpz-client-ip client IP address
netblock.rpz-ip response IP address in the answer
name.rpz-nsdname nameserver name
netblock.rpz-nsip nameserver IP address
The netblock is written as <netblocklen>.<ip address in reverse>. For IPv6 use 'zz' for '::'. Specify individual addresses with scope length of
32 or 128. For example, 24.10.100.51.198.rpz-ip is 198.51.100.10/24 and 32.10.zz.db8.2001.rpz-ip is 2001:db8:0:0:0:0:0:10/32.
The actions are specified with the record on the right
CNAME . nxdomain reply
CNAME *. nodata reply
CNAME rpz-passthru. do nothing, allow to continue
CNAME rpz-drop. the query is dropped
CNAME rpz-tcp-only. answer over TCP
A 192.0.2.1 answer with this IP address
Other records like AAAA, TXT and other CNAMEs (not rpz-..) can also be used to answer queries with that content.
The RPZ zones can be configured in the config file with these settings in the rpz: block.
name: <zone name>
Name of the authority zone.
primary: <IP address or host name>
Where to download a copy of the zone from, with AXFR and IXFR. Multiple primaries can be specified. They are all tried if one fails.
To use a non-default port for DNS communication append '@' with the port number.
You can append a '#' and a name, then AXFR over TLS can be used and the TLS authentication certificates will be checked with that name.
If you combine the '@' and '#', the '@' comes first. If you point it at another Unbound instance, it would not work because that does not
support AXFR/IXFR for the zone, but if you used url to download the zonefile as a text file from a webserver that would work.
If you specify the hostname, you cannot use the domain from the zonefile, because it may not have that when retrieving that data, instead
use a plain IP address to avoid a circular dependency on retrieving that IP address.
master: <IP address or host name>
Alternate syntax for primary.
url: <url to zonefile>
Where to download a zonefile for the zone. With HTTP or HTTPS. An example for the url is:
http://www.example.com/example.org.zone
Multiple url statements can be given, they are tried in turn.
If only urls are given the SOA refresh timer is used to wait for making new downloads. If also primaries are listed, the primaries are
first probed with UDP SOA queries to see if the SOA serial number has changed, reducing the number of downloads. If none of the URLs work,
the primaries are tried with IXFR and AXFR.
For HTTPS, the tls-cert-bundle and the hostname from the url are used to authenticate the connection.
allow-notify: <IP address or host name or netblockIP/prefix>
With allow-notify you can specify additional sources of notifies. When notified, the server attempts to first probe and then zone transfer.
If the notify is from a primary, it first attempts that primary. Otherwise other primaries are attempted. If there are no primaries, but
only urls, the file is downloaded when notified.
NOTE:
The primaries from primary and url statements are allowed notify by default.
zonefile: <filename>
The filename where the zone is stored. If not given then no zonefile is used. If the file does not exist or is empty, Unbound will attempt
to fetch zone data (eg. from the primary servers).
rpz-action-override: <action>
Always use this RPZ action for matching triggers from this zone. Possible actions are: nxdomain, nodata, passthru, drop, disabled and
cname.
rpz-cname-override: <domain>
The CNAME target domain to use if the cname action is configured for rpz-action-override.
rpz-log: <yes or no>
Log all applied RPZ actions for this RPZ zone.
Default: no
rpz-log-name: <name>
Specify a string to be part of the log line, for easy referencing.
rpz-signal-nxdomain-ra: <yes or no>
Signal when a query is blocked by the RPZ with NXDOMAIN with an unset RA flag. This allows certain clients, like dnsmasq, to infer that the
domain is externally blocked.
Default: no
for-downstream: <yes or no>
If enabled the zone is authoritatively answered for and queries for the RPZ zone information are answered to downstream clients. This is
useful for monitoring scripts, that can then access the SOA information to check if the RPZ information is up to date.
Default: no
tags: "<list of tags>"
Limit the policies from this RPZ clause to clients with a matching tag.
Tags need to be defined in define-tag and can be assigned to client addresses using access-control-tag or interface-tag. Enclose list of
tags in quotes ("") and put spaces between tags.
If no tags are specified the policies from this clause will be applied for all clients.
MEMORY CONTROL EXAMPLE
In the example config settings below memory usage is reduced. Some service levels are lower, notable very large data and a high TCP load are no
longer supported. Very large data and high TCP loads are exceptional for the DNS. DNSSEC validation is enabled, just add trust anchors. If you
do not have to worry about programs using more than 3 Mb of memory, the below example is not for you. Use the defaults to receive full service,
which on BSD-32bit tops out at 30-40 Mb after heavy usage.
# example settings that reduce memory usage
server:
longer supported. Very large data and high TCP loads are exceptional for the DNS. DNSSEC validation is enabled, just add trust anchors. If you
do not have to worry about programs using more than 3 Mb of memory, the below example is not for you. Use the defaults to receive full service,
which on BSD-32bit tops out at 30-40 Mb after heavy usage.
# example settings that reduce memory usage
server:
num-threads: 1
outgoing-num-tcp: 1 # this limits TCP service, uses less buffers.
incoming-num-tcp: 1
outgoing-range: 60 # uses less memory, but less performance.
msg-buffer-size: 8192 # note this limits service, 'no huge stuff'.
msg-cache-size: 100k
msg-cache-slabs: 1
rrset-cache-size: 100k
rrset-cache-slabs: 1
infra-cache-numhosts: 200
infra-cache-slabs: 1
key-cache-size: 100k
key-cache-slabs: 1
neg-cache-size: 10k
num-queries-per-thread: 30
target-fetch-policy: "2 1 0 0 0 0"
harden-large-queries: "yes"
harden-short-bufsize: "yes"
FILES
/etc/unbound
default Unbound working directory.
/etc/unbound
default chroot(2) location.
/etc/unbound/unbound.conf
Unbound configuration file.
/run/unbound.pid
default Unbound pidfile with process ID of the running daemon.
unbound.log
Unbound log file. Default is to log to syslog(3).
SEE ALSO
unbound(8), unbound-checkonf(8).
AUTHOR
Unbound developers are mentioned in the CREDITS file in the distribution.
COPYRIGHT
1999-2025, NLnet Labs
1.24.2 Dec 14, 2025 UNBOUND.CONF(5)
Resolver Konfigurationsdatei Syntax Prüftool unbound-checkconf
Zum Überprüfen der Konfiguration /etc/unbound.conf die wir später noch erstellen werden, befindet sich in dem ArchLinux-Paket das Hilfsprogramm unbound-checkconf. Die manpage des Programms liefert eine entsprechende Hilfe und zeigt auch die entsprechenden Optionen auf, mit deren Hilfe umfangreiche Tests durchgeführt werden können.
# man unbound-checkconf
UNBOUND-CHECKCONF(8) Unbound UNBOUND-CHECKCONF(8)
NAME
unbound-checkconf - Check Unbound 1.24.2 configuration file for errors.
SYNOPSIS
unbound-checkconf [-hf] [-o option] [cfgfile]
DESCRIPTION
unbound-checkconf checks the configuration file for the unbound(8) DNS resolver for syntax and other errors. The config file syntax is described
in unbound.conf(5).
The available options are:
-h Show the version and commandline option help.
-f Print full pathname, with chroot applied to it. Use with the -o option.
-q Make the operation quiet, suppress output on success.
-o <option>
If given, after checking the config file the value of this option is printed to stdout. For "" (disabled) options an empty line is printed.
cfgfile
The config file to read with settings for Unbound. It is checked. If omitted, the config file at the default location is checked.
EXIT CODE
The unbound-checkconf program exits with status code 1 on error, 0 for a correct config file.
FILES
/etc/unbound/unbound.conf
Unbound configuration file.
SEE ALSO
unbound.conf(5), unbound(8).
AUTHOR
Unbound developers are mentioned in the CREDITS file in the distribution.
COPYRIGHT
1999-2025, NLnet Labs
1.24.2 Dec 14, 2025 UNBOUND-CHECKCONF(8)
Hauptvertrauensankers für die DNSSEC-Validierung mit Hilfe von unbound-anchor
unbound-anchor führt die Einrichtung oder Aktualisierung des Hauptvertrauensankers für die DNSSEC-Validierung aus. Die manpage des Programms liefert eine entsprechende Hilfe und zeigt auch die entsprechenden Optionen auf, mit deren Hilfe umfangreiche Tests durchgeführt werden können.
# man unbound-anchor
UNBOUND-ANCHOR(8) Unbound UNBOUND-ANCHOR(8)
NAME
unbound-anchor - Unbound 1.24.2 anchor utility.
SYNOPSIS
unbound-anchor [opts]
DESCRIPTION
unbound-anchor performs setup or update of the root trust anchor for DNSSEC validation. The program fetches the trust anchor with the method from
RFC 7958 when regular RFC 5011 update fails to bring it up to date. It can be run (as root) from the commandline, or run as part of startup
scripts. Before you start the unbound(8) DNS server.
Suggested usage:
# in the init scripts.
# provide or update the root anchor (if necessary)
unbound-anchor -a "/etc/trusted-key.key"
# Please note usage of this root anchor is at your own risk
# and under the terms of our LICENSE (see source).
#
# start validating resolver
# the unbound.conf contains:
# auto-trust-anchor-file: "/etc/trusted-key.key"
unbound -c unbound.conf
This tool provides builtin default contents for the root anchor and root update certificate files.
It tests if the root anchor file works, and if not, and an update is possible, attempts to update the root anchor using the root update certifi‐
cate. It performs a https fetch of root-anchors.xml and checks the results (RFC 7958); if all checks are successful, it updates the root anchor
file. Otherwise the root anchor file is unchanged. It performs RFC 5011 tracking if the DNSSEC information available via the DNS makes that pos‐
sible.
It does not perform an update if the certificate is expired, if the network is down or other errors occur.
The available options are:
-a <file>
The root anchor key file, that is read in and written out. Default is /etc/trusted-key.key. If the file does not exist, or is empty, a
builtin root key is written to it.
-c <file>
The root update certificate file, that is read in. Default is /etc/unbound/icannbundle.pem. If the file does not exist, or is empty, a
builtin certificate is used.
-l List the builtin root key and builtin root update certificate on stdout.
-u <name>
The server name, it connects to https://name. Specify without https:// prefix. The default is "data.iana.org". It connects to the port
specified with -P. You can pass an IPv4 address or IPv6 address (no brackets) if you want.
-S Do not use SNI for the HTTPS connection. Default is to use SNI.
-b <address>
The source address to bind to for domain resolution and contacting the server on https. May be either an IPv4 address or IPv6 address (no
brackets).
-x <path>
The pathname to the root-anchors.xml file on the server. (forms URL with -u). The default is /root-anchors/root-anchors.xml.
-s <path>
The pathname to the root-anchors.p7s file on the server. (forms URL with -u). The default is /root-anchors/root-anchors.p7s. This file
has to be a PKCS7 signature over the xml file, using the pem file (-c) as trust anchor.
-n <name>
The emailAddress for the Subject of the signer's certificate from the p7s signature file. Only signatures from this name are allowed. The
default is dnssec@iana.org. If you pass "" then the emailAddress is not checked.
-4 Use IPv4 for domain resolution and contacting the server on https. Default is to use IPv4 and IPv6 where appropriate.
-6 Use IPv6 for domain resolution and contacting the server on https. Default is to use IPv4 and IPv6 where appropriate.
-f <resolv.conf>
Use the given resolv.conf file. Not enabled by default, but you could try to pass /etc/resolv.conf on some systems. It contains the IP ad‐
dresses of the recursive nameservers to use. However, since this tool could be used to bootstrap that very recursive nameserver, it would
not be useful (since that server is not up yet, since we are bootstrapping it). It could be useful in a situation where you know an up‐
stream cache is deployed (and running) and in captive portal situations.
-r <root.hints>
Use the given root.hints file (same syntax as the BIND and Unbound root hints file) to bootstrap domain resolution. By default a list of
builtin root hints is used. unbound-anchor goes to the network itself for these roots, to resolve the server (-u option) and to check the
root DNSKEY records. It does so, because the tool when used for bootstrapping the recursive resolver, cannot use that recursive resolver
itself because it is bootstrapping that server.
-R Allow fallback from -f <resolv.conf> file to direct root servers query. It allows you to prefer local resolvers, but fallback automatically
to direct root query if they do not respond or do not support DNSSEC.
-v More verbose. Once prints informational messages, multiple times may enable large debug amounts (such as full certificates or byte-dumps of
downloaded files). By default it prints almost nothing. It also prints nothing on errors by default; in that case the original root anchor
file is simply left undisturbed, so that a recursive server can start right after it.
-C <unbound.conf>
Debug option to read <unbound.conf> into the resolver process used.
-P <port>
Set the port number to use for the https connection. The default is 443.
-F Debug option to force update of the root anchor through downloading the xml file and verifying it with the certificate. By default it first
tries to update by contacting the DNS, which uses much less bandwidth, is much faster (200 msec not 2 sec), and is nicer to the deployed in‐
frastructure. With this option, it still attempts to do so (and may verbosely tell you), but then ignores the result and goes on to use the
xml fallback method.
Set the port number to use for the https connection. The default is 443.
-F Debug option to force update of the root anchor through downloading the xml file and verifying it with the certificate. By default it first
tries to update by contacting the DNS, which uses much less bandwidth, is much faster (200 msec not 2 sec), and is nicer to the deployed in‐
frastructure. With this option, it still attempts to do so (and may verbosely tell you), but then ignores the result and goes on to use the
xml fallback method.
-h Show the version and commandline option help.
EXIT CODE
This tool exits with value 1 if the root anchor was updated using the certificate or if the builtin root-anchor was used. It exits with code 0 if
no update was necessary, if the update was possible with RFC 5011 tracking, or if an error occurred.
You can check the exit value in this manner:
unbound-anchor -a "root.key" || logger "Please check root.key"
Or something more suitable for your operational environment.
TRUST
The root keys and update certificate included in this tool are provided for convenience and under the terms of our license (see the LICENSE file in
the source distribution or https://github.com/NLnetLabs/unbound/blob/master/LICENSE and might be stale or not suitable to your purpose.
By running unbound-anchor -l the keys and certificate that are configured in the code are printed for your convenience.
The built-in configuration can be overridden by providing a root-cert file and a rootkey file.
FILES
/etc/trusted-key.key
The root anchor file, updated with 5011 tracking, and read and written to. The file is created if it does not exist.
/etc/unbound/icannbundle.pem
The trusted self-signed certificate that is used to verify the downloaded DNSSEC root trust anchor. You can update it by fetching it from
https://data.iana.org/root-anchors/icannbundle.pem (and validate it). If the file does not exist or is empty, a builtin version is used.
https://data.iana.org/root-anchors/root-anchors.xml
Source for the root key information.
https://data.iana.org/root-anchors/root-anchors.p7s
Signature on the root key information.
SEE ALSO
unbound.conf(5), unbound(8).
AUTHOR
Unbound developers are mentioned in the CREDITS file in the distribution.
COPYRIGHT
1999-2025, NLnet Labs
1.24.2 Dec 14, 2025 UNBOUND-ANCHOR(8)
unbound Remote Server Control Utility unbound-control
unbound-control führt die Management des DNS-Resolvers unbound durch. Es liest die Konfigurationsdatei, kontaktiert den Unbound-Server über TLS, sendet den Befehl und zeigt das Ergebnis an. Die manpage des Programms liefert eine entsprechende Hilfe und zeigt auch die entsprechenden Optionen auf, mit deren Hilfe umfangreiche Tests durchgeführt werden können.
# man unbound-control
UNBOUND-CONTROL(8) Unbound UNBOUND-CONTROL(8)
NAME
unbound-control - Unbound 1.24.2 remote server control utility.
SYNOPSIS
unbound-control [-hq] [-c cfgfile] [-s server] command
DESCRIPTION
unbound-control performs remote administration on the unbound(8) DNS server. It reads the configuration file, contacts the Unbound server over TLS
sends the command and displays the result.
The available options are:
-h Show the version and commandline option help.
-c <cfgfile>
The config file to read with settings. If not given the default config file /etc/unbound/unbound.conf is used.
-s <server[@port]>
IPv4 or IPv6 address of the server to contact. If not given, the address is read from the config file.
-q Quiet, if the option is given it does not print anything if it works ok.
COMMANDS
There are several commands that the server understands.
start Start the server. Simply execs unbound(8). The unbound executable is searched for in the PATH set in the environment. It is started with
the config file specified using -c or the default config file.
stop Stop the server. The server daemon exits.
reload Reload the server. This flushes the cache and reads the config file fresh.
reload_keep_cache
Reload the server but try to keep the RRset and message cache if (re)configuration allows for it. That means the caches sizes and the num‐
ber of threads must not change between reloads.
fast_reload [+dpv]
Reload the server, but keep downtime to a minimum, so that user queries keep seeing service. This needs the code compiled with threads.
The config is loaded in a thread, and prepared, then it briefly pauses the existing server and updates config options. The intent is that
the pause does not impact the service of user queries. The cache is kept. Also user queries worked on are kept and continue, but with the
new config options.
NOTE:
This command is experimental at this time.
The amount of temporal memory needed during a fast_reload is twice the amount needed for configuration. This is because Unbound temporarily
needs to store both current configuration values and new ones while trying to fast_reload. Zones loaded from disk (authority zones and RPZ
zones) are included in such memory needs.
Options that can be changed are for forwards, stubs, views, authority zones, RPZ zones and local zones.
Also access-control and similar options, interface-action and similar options and tcp-connection-limit. It can reload some define-tag
changes, more on that below. Further options include insecure-lan-zones, domain-insecure, trust-anchor-file, trust-anchor,
trusted-keys-file, auto-trust-anchor-file, edns-client-string, ipset, log-identity, infra-cache-numhosts, msg-cache-size, rrset-cache-size,
key-cache-size, ratelimit-size, neg-cache-size, num-queries-per-thread, jostle-timeout, use-caps-for-id, unwanted-reply-threshold,
tls-use-sni, outgoing-tcp-mss, ip-dscp, max-reuse-tcp-queries, tcp-reuse-timeout, tcp-auth-query-timeout, delay-close.
iter-scrub-promiscuous.
It does not work with interface and outgoing-interface changes, also not with remote control, outgoing-port-permit, outgoing-port-avoid,
msg-buffer-size, any *-slabs options and statistics-interval changes.
For dnstap these options can be changed: dnstap-log-resolver-query-messages, dnstap-log-resolver-response-messages,
dnstap-log-client-query-messages, dnstap-log-client-response-messages, dnstap-log-forwarder-query-messages and
dnstap-log-forwarder-response-messages.
It does not work with these options: dnstap-enable, dnstap-bidirectional, dnstap-socket-path, dnstap-ip, dnstap-tls, dnstap-tls-server-name,
dnstap-tls-cert-bundle, dnstap-tls-client-key-file and dnstap-tls-client-cert-file.
The options dnstap-send-identity, dnstap-send-version, dnstap-identity, and dnstap-version can be loaded when +p is not used.
The +v option makes the output verbose which includes the time it took to do the reload. With +vv it is more verbose which includes the
amount of memory that was allocated temporarily to perform the reload; this amount of memory can be big if the config has large contents.
In the timing output the 'reload' time is the time during which the server was paused.
The +p option makes the reload not pause threads, they keep running. Locks are acquired, but items are updated in sequence, so it is possi‐
ble for threads to see an inconsistent state with some options from the old and some options from the new config, such as cache TTL parame‐
ters from the old config and forwards from the new config. The stubs and forwards are updated at the same time, so that they are viewed
consistently, either old or new values together. The option makes the reload time take eg. 3 microseconds instead of 0.3 milliseconds dur‐
ing which the worker threads are interrupted. So, the interruption is much shorter, at the expense of some inconsistency. After the reload
itself, every worker thread is briefly contacted to make them release resources, this makes the delete timing a little longer, and takes up
time from the remote control servicing worker thread.
With the nopause option (+p), the reload does not work to reload some options, that fast reload works on without the nopause option:
val-bogus-ttl, val-override-date, val-sig-skew-min, val-sig-skew-max, val-max-restart, val-nsec3-keysize-iterations, target-fetch-policy,
outbound-msg-retry, max-sent-count, max-query-restarts, do-not-query-address, do-not-query-localhost, private-address, private-domain,
caps-exempt, nat64-prefix, do-nat64, infra-host-ttl, infra-keep-probing, ratelimit, ip-ratelimit, ip-ratelimit-cookie, wait-limit-netblock,
wait-limit-cookie-netblock, ratelimit-below-domain, ratelimit-for-domain.
The +d option makes the reload drop queries that the worker threads are working on. This is like flush_requestlist. Without it the queries
are kept so that users keep getting answers for those queries that are currently processed. The drop makes it so that queries during the
life time of the query processing see only old, or only new config options.
When there are changes to the config tags, from the define-tag option, then the +d option is implicitly turned on with a warning printout,
and queries are dropped. This is to stop references to the old tag information, by the old queries. If the number of tags is increased in
the newly loaded config, by adding tags at the end, then the implicit +d option is not needed.
For response ip, that is actions associated with IP addresses, and perhaps intersected with access control tag and action information, those
settings are stored with a query when it comes in based on its source IP address. The old information is kept with the query until the
queries are done. This is gone when those queries are resolved and finished, or it is possible to flush the requestlist with +d.
verbosity number
Change verbosity value for logging. Same values as the verbosity: keyword in unbound.conf(5). This new setting lasts until the server is
issued a reload (taken from config file again), or the next verbosity control command.
log_reopen
Reopen the logfile, close and open it. Useful for logrotation to make the daemon release the file it is logging to. If you are using sys‐
log it will attempt to close and open the syslog (which may not work if chrooted).
stats Print statistics. Resets the internal counters to zero, this can be controlled using the statistics-cumulative: config statement. Statis‐
tics are printed with one [name]: [value] per line.
stats_noreset
Peek at statistics. Prints them like the stats command does, but does not reset the internal counters to zero.
status Display server status. Exit code 3 if not running (the connection to the port is refused), 1 on error, 0 if running.
local_zone name type
Add new local zone with name and type. Like local-zone config statement. If the zone already exists, the type is changed to the given ar‐
gument.
local_zone_remove name
Remove the local zone with the given name. Removes all local data inside it. If the zone does not exist, the command succeeds.
local_data RR data...
Add new local data, the given resource record. Like local-data: keyword, except for when no covering zone exists. In that case this remote
control command creates a transparent zone with the same name as this record.
local_data_remove name
Remove all RR data from local name. If the name already has no items, nothing happens. Often results in NXDOMAIN for the name (in a static
zone), but if the name has become an empty nonterminal (there is still data in domain names below the removed name), NOERROR nodata answers
are the result for that name.
local_zones
Add local zones read from stdin of unbound-control. Input is read per line, with name space type on a line. For bulk additions.
local_zones_remove
Remove local zones read from stdin of unbound-control. Input is one name per line. For bulk removals.
local_datas
Add local data RRs read from stdin of unbound-control. Input is one RR per line. For bulk additions.
local_datas_remove
Remove local data RRs read from stdin of unbound-control. Input is one name per line. For bulk removals.
dump_cache
The contents of the cache is printed in a text format to stdout. You can redirect it to a file to store the cache in a file. Not supported
in remote Unbounds in multi-process operation.
load_cache
The contents of the cache is loaded from stdin. Uses the same format as dump_cache uses. Loading the cache with old, or wrong data can re‐
sult in old or wrong data returned to clients. Loading data into the cache in this way is supported in order to aid with debugging. Not
supported in remote Unbounds in multi-process operation.
cache_lookup [+t] names
Print to stdout the RRsets and messages that are in the cache. For every name listed the content at or under the name is printed. Several
names separated by spaces can be given, each is printed. When subnetcache is enabled, also matching entries from the subnet cache are
printed.
The +t option allows tld and root names. With it names like 'com' and '.' can be used, but it takes a lot of effort to look up in the
cache.
lookup name
Print to stdout the name servers that would be used to look up the name specified.
flush [+c] name
Remove the name from the cache. Removes the types A, AAAA, NS, SOA, CNAME, DNAME, MX, PTR, SRV, NAPTR, SVCB and HTTPS. Because that is
fast to do. Other record types can be removed using flush_type or flush_zone.
The +c option removes the items also from the cachedb cache. If cachedb is in use.
flush_type [+c] name type
Remove the name, type information from the cache.
The +c option removes the items also from the cachedb cache. If cachedb is in use.
flush_zone [+c] name
Remove all information at or below the name from the cache. The rrsets and key entries are removed so that new lookups will be performed.
This needs to walk and inspect the entire cache, and is a slow operation. The entries are set to expired in the implementation of this com‐
mand (so, with serve-expired enabled, it'll serve that information but schedule a prefetch for new information).
The +c option removes the items also from the cachedb cache. If cachedb is in use.
flush_bogus [+c]
Remove all bogus data from the cache.
The +c option removes the items also from the cachedb cache. If cachedb is in use.
flush_negative [+c]
Remove all negative data from the cache. This is nxdomain answers, nodata answers and servfail answers. Also removes bad key entries
(which could be due to failed lookups) from the dnssec key cache, and iterator last-resort lookup failures from the rrset cache.
The +c option removes the items also from the cachedb cache. If cachedb is in use.
flush_stats
Reset statistics to zero.
flush_requestlist
Drop the queries that are worked on. Stops working on the queries that the server is working on now. The cache is unaffected. No reply is
sent for those queries, probably making those users request again later. Useful to make the server restart working on queries with new set‐
tings, such as a higher verbosity level.
dump_requestlist
Show what is worked on. Prints all queries that the server is currently working on. Prints the time that users have been waiting. For in‐
ternal requests, no time is printed. And then prints out the module status. This prints the queries from the first thread, and not queries
that are being serviced from other threads.
flush_infra all|IP
If all then entire infra cache is emptied. If a specific IP address, the entry for that address is removed from the cache. It contains
EDNS, ping and lameness data.
dump_infra
Show the contents of the infra cache.
set_option opt: val
Set the option to the given value without a reload. The cache is therefore not flushed. The option must end with a ':' and whitespace must
be between the option and the value. Some values may not have an effect if set this way, the new values are not written to the config file,
not all options are supported. This is different from the set_option call in libunbound, where all values work because Unbound has not been
initialized.
The values that work are: statistics-interval, statistics-cumulative, do-not-query-localhost, harden-short-bufsize, harden-large-queries,
harden-glue, harden-dnssec-stripped, harden-below-nxdomain, harden-referral-path, prefetch, prefetch-key, log-queries, hide-identity,
hide-version, identity, version, val-log-level, val-log-squelch, ignore-cd-flag, add-holddown, del-holddown, keep-missing, tcp-upstream,
ssl-upstream, max-udp-size, ratelimit, ip-ratelimit, cache-max-ttl, cache-min-ttl, cache-max-negative-ttl.
get_option opt
Get the value of the option. Give the option name without a trailing ':'. The value is printed. If the value is "", nothing is printed
and the connection closes. On error 'error ...' is printed (it gives a syntax error on unknown option). For some options a list of values,
one on each line, is printed. The options are shown from the config file as modified with set_option. For some options an override may
have been taken that does not show up with this command, not results from e.g. the verbosity and forward control commands. Not all options
work, see list_stubs, list_forwards, list_local_zones and list_local_data for those.
list_stubs
List the stub zones in use. These are printed one by one to the output. This includes the root hints in use.
list_forwards
List the forward zones in use. These are printed zone by zone to the output.
list_insecure
List the zones with domain-insecure.
list_local_zones
List the local zones in use. These are printed one per line with zone type.
list_local_data
List the local data RRs in use. The resource records are printed.
insecure_add zone
Add a domain-insecure for the given zone, like the statement in unbound.conf. Adds to the running Unbound without affecting the cache con‐
tents (which may still be bogus, use flush_zone to remove it), does not affect the config file.
insecure_remove zone
Removes domain-insecure for the given zone.
forward_add [+it] zone addr ...
Add a new forward zone to running Unbound. With +i option also adds a domain-insecure for the zone (so it can resolve insecurely if you
have a DNSSEC root trust anchor configured for other names). The addr can be IP4, IP6 or nameserver names, like forward-zone config in un‐
bound.conf. The +t option sets it to use TLS upstream, like forward-tls-upstream: yes.
forward_remove [+i] zone
Remove a forward zone from running Unbound. The +i also removes a domain-insecure for the zone.
stub_add [+ipt] zone addr ...
Add a new stub zone to running Unbound. With +i option also adds a domain-insecure for the zone. With +p the stub zone is set to prime,
without it it is set to notprime. The addr can be IP4, IP6 or nameserver names, like the stub-zone: config in unbound.conf. The +t option
sets it to use TLS upstream, like stub-tls-upstream: yes.
stub_remove [+i] zone
Remove a stub zone from running Unbound. The +i also removes a domain-insecure for the zone.
forward [off | addr ... ]
Setup forwarding mode. Configures if the server should ask other upstream nameservers, should go to the internet root nameservers itself,
or show the current config. You could pass the nameservers after a DHCP update.
Without arguments the current list of addresses used to forward all queries to is printed. On startup this is from the forward-zone "."
configuration. Afterwards it shows the status. It prints off when no forwarding is used.
If off is passed, forwarding is disabled and the root nameservers are used. This can be used to avoid to avoid buggy or non-DNSSEC support‐
ing nameservers returned from DHCP. But may not work in hotels or hotspots.
If one or more IPv4 or IPv6 addresses are given, those are then used to forward queries to. The addresses must be separated with spaces.
With '@port' the port number can be set explicitly (default port is 53 (DNS)).
By default the forwarder information from the config file for the root "." is used. The config file is not changed, so after a reload these
changes are gone. Other forward zones from the config file are not affected by this command.
ratelimit_list [+a]
List the domains that are ratelimited. Printed one per line with current estimated qps and qps limit from config. With +a it prints all
domains, not just the ratelimited domains, with their estimated qps. The ratelimited domains return an error for uncached (new) queries,
but cached queries work as normal.
ip_ratelimit_list [+a]
List the ip addresses that are ratelimited. Printed one per line with current estimated qps and qps limit from config. With +a it prints
all ips, not just the ratelimited ips, with their estimated qps. The ratelimited ips are dropped before checking the cache.
list_auth_zones
List the auth zones that are configured. Printed one per line with a status, indicating if the zone is expired and current serial number.
Configured RPZ zones are included.
auth_zone_reload zone
Reload the auth zone (or RPZ zone) from zonefile. The zonefile is read in overwriting the current contents of the zone in memory. This
changes the auth zone contents itself, not the cache contents. Such cache contents exists if you set Unbound to validate with for-upstream:
yes and that can be cleared with flush_zone zone.
auth_zone_transfer zone
Transfer the auth zone (or RPZ zone) from master. The auth zone probe sequence is started, where the masters are probed to see if they have
an updated zone (with the SOA serial check). And then the zone is transferred for a newer zone version.
rpz_enable zone
Enable the RPZ zone if it had previously been disabled.
rpz_disable zone
Disable the RPZ zone.
view_list_local_zones view
list_local_zones for given view.
view_local_zone view name type
local_zone for given view.
view_local_zone_remove view name
local_zone_remove for given view.
view_list_local_data view
list_local_data for given view.
view_local_data view RR data...
local_data for given view.
view_local_data_remove view name
local_data_remove for given view.
view_local_datas_remove view
Remove a list of local_data for given view from stdin. Like local_datas_remove.
view_local_datas view
Add a list of local_data for given view from stdin. Like local_datas.
add_cookie_secret secret
Add or replace a cookie secret persistently. secret needs to be an 128 bit hex string.
Cookie secrets can be either active or staging. Active cookie secrets are used to create DNS Cookies, but verification of a DNS Cookie suc‐
ceeds with any of the active or staging cookie secrets. The state of the current cookie secrets can be printed with the
print_cookie_secrets command.
When there are no cookie secrets configured yet, the secret is added as active. If there is already an active cookie secret, the secret is
added as staging or replacing an existing staging secret.
To "roll" a cookie secret used in an anycast set. The new secret has to be added as staging secret to all nodes in the anycast set. When
all nodes can verify DNS Cookies with the new secret, the new secret can be activated with the activate_cookie_secret command. After all
nodes have the new secret active for at least one hour, the previous secret can be dropped with the drop_cookie_secret command.
Persistence is accomplished by writing to a file which is configured with the cookie-secret-file option in the server section of the config
file. This is disabled by default, "".
drop_cookie_secret
Drop the staging cookie secret.
activate_cookie_secret
Make the current staging cookie secret active, and the current active cookie secret staging.
print_cookie_secrets
Show the current configured cookie secrets with their status.
EXIT CODE
The unbound-control program exits with status code 1 on error, 0 on success.
SET UP
The setup requires a self-signed certificate and private keys for both the server and client. The script unbound-control-setup generates these in
the default run directory, or with -d in another directory. If you change the access control permissions on the key files you can decide who can
use unbound-control, by default owner and group but not all users. Run the script under the same username as you have configured in unbound.conf
or as root, so that the daemon is permitted to read the files, for example with:
sudo -u unbound unbound-control-setup
If you have not configured a username in unbound.conf, the keys need read permission for the user credentials under which the daemon is started.
The script preserves private keys present in the directory. After running the script as root, turn on control-enable in unbound.conf.
STATISTIC COUNTERS
The stats and stats_noreset commands show a number of statistic counters:
threadX.num.queries
number of queries received by thread
threadX.num.queries_ip_ratelimited
number of queries rate limited by thread
threadX.num.queries_cookie_valid
number of queries with a valid DNS Cookie by thread
threadX.num.queries_cookie_client
number of queries with a client part only DNS Cookie by thread
threadX.num.queries_cookie_invalid
number of queries with an invalid DNS Cookie by thread
threadX.num.queries_discard_timeout
number of queries removed due to discard-timeout by thread
threadX.num.queries_wait_limit
number of queries removed due to wait-limit by thread
threadX.num.cachehits
number of queries that were successfully answered using a cache lookup
threadX.num.cachemiss
number of queries that needed recursive processing
threadX.num.dnscrypt.crypted
number of queries that were encrypted and successfully decapsulated by dnscrypt.
threadX.num.dnscrypt.cert
number of queries that were requesting dnscrypt certificates.
threadX.num.dnscrypt.cleartext
number of queries received on dnscrypt port that were cleartext and not a request for certificates.
threadX.num.dnscrypt.malformed
number of request that were neither cleartext, not valid dnscrypt messages.
threadX.num.dns_error_reports
number of DNS Error Reports generated by thread
threadX.num.prefetch
number of cache prefetches performed. This number is included in cachehits, as the original query had the unprefetched answer from cache,
and resulted in recursive processing, taking a slot in the requestlist. Not part of the recursivereplies (or the histogram thereof) or ca‐
chemiss, as a cache response was sent.
threadX.num.expired
number of replies that served an expired cache entry.
threadX.num.queries_timed_out
number of queries that are dropped because they waited in the UDP socket buffer for too long.
threadX.query.queue_time_us.max
The maximum wait time for packets in the socket buffer, in microseconds. This is only reported when sock-queue-timeout is enabled.
threadX.num.recursivereplies
The number of replies sent to queries that needed recursive processing. Could be smaller than threadX.num.cachemiss if due to timeouts no
replies were sent for some queries.
threadX.requestlist.avg
The average number of requests in the internal recursive processing request list on insert of a new incoming recursive processing query.
threadX.requestlist.max
Maximum size attained by the internal recursive processing request list.
threadX.requestlist.overwritten
Number of requests in the request list that were overwritten by newer entries. This happens if there is a flood of queries that recursive
processing and the server has a hard time.
threadX.requestlist.exceeded
Queries that were dropped because the request list was full. This happens if a flood of queries need recursive processing, and the server
can not keep up.
threadX.requestlist.current.all
Current size of the request list, includes internally generated queries (such as priming queries and glue lookups).
threadX.requestlist.current.user
Current size of the request list, only the requests from client queries.
threadX.recursion.time.avg
Average time it took to answer queries that needed recursive processing. Note that queries that were answered from the cache are not in
this average.
threadX.recursion.time.median
The median of the time it took to answer queries that needed recursive processing. The median means that 50% of the user queries were an‐
swered in less than this time. Because of big outliers (usually queries to non responsive servers), the average can be bigger than the me‐
dian. This median has been calculated by interpolation from a histogram.
threadX.tcpusage
The currently held tcp buffers for incoming connections. A spot value on the time of the request. This helps you spot if the incom‐
ing-num-tcp buffers are full.
total.num.queries
summed over threads.
total.num.queries_ip_ratelimited
summed over threads.
total.num.queries_cookie_valid
summed over threads.
total.num.queries_cookie_client
summed over threads.
total.num.queries_cookie_invalid
summed over threads.
total.num.queries_discard_timeout
summed over threads.
total.num.queries_wait_limit
summed over threads.
total.num.cachehits
summed over threads.
total.num.cachemiss
summed over threads.
total.num.dnscrypt.crypted
summed over threads.
total.num.dnscrypt.cert
summed over threads.
total.num.dnscrypt.cleartext
summed over threads.
total.num.dnscrypt.malformed
summed over threads.
total.num.dns_error_reports
summed over threads.
total.num.prefetch
summed over threads.
total.num.expired
summed over threads.
total.num.queries_timed_out
summed over threads.
total.query.queue_time_us.max
the maximum of the thread values.
total.num.recursivereplies
summed over threads.
total.requestlist.avg
averaged over threads.
total.requestlist.max
the maximum of the thread requestlist.max values.
total.requestlist.overwritten
summed over threads.
total.requestlist.exceeded
summed over threads.
total.requestlist.current.all
summed over threads.
total.recursion.time.median
averaged over threads.
total.tcpusage
summed over threads.
time.now
current time in seconds since 1970.
time.up
uptime since server boot in seconds.
time.elapsed
time since last statistics printout, in seconds.
EXTENDED STATISTICS
mem.cache.rrset
Memory in bytes in use by the RRset cache.
mem.cache.message
Memory in bytes in use by the message cache.
mem.cache.dnscrypt_shared_secret
Memory in bytes in use by the dnscrypt shared secrets cache.
mem.cache.dnscrypt_nonce
Memory in bytes in use by the dnscrypt nonce cache.
mem.mod.iterator
Memory in bytes in use by the iterator module.
mem.mod.validator
Memory in bytes in use by the validator module. Includes the key cache and negative cache.
mem.streamwait
Memory in bytes in used by the TCP and TLS stream wait buffers. These are answers waiting to be written back to the clients.
mem.http.query_buffer
Memory in bytes used by the HTTP/2 query buffers. Containing (partial) DNS queries waiting for request stream completion.
mem.http.response_buffer
Memory in bytes used by the HTTP/2 response buffers. Containing DNS responses waiting to be written back to the clients.
mem.quic
Memory in bytes used by QUIC. Containing connection information, stream information, queries read and responses written back to the
clients.
histogram.<sec>.<usec>.to.<sec>.<usec>
Shows a histogram, summed over all threads. Every element counts the recursive queries whose reply time fit between the lower and upper
bound. Times larger or equal to the lowerbound, and smaller than the upper bound. There are 40 buckets, with bucket sizes doubling.
num.query.type.A
The total number of queries over all threads with query type A. Printed for the other query types as well, but only for the types for which
queries were received, thus =0 entries are omitted for brevity.
num.query.type.other
Number of queries with query types 256-65535.
num.query.class.IN
The total number of queries over all threads with query class IN (internet). Also printed for other classes (such as CH (CHAOS) sometimes
used for debugging), or NONE, ANY, used by dynamic update. num.query.class.other is printed for classes 256-65535.
num.query.opcode.QUERY
The total number of queries over all threads with query opcode QUERY. Also printed for other opcodes, UPDATE, ...
num.query.tcp
Number of queries that were made using TCP towards the Unbound server.
num.query.tcpout
Number of queries that the Unbound server made using TCP outgoing towards other servers.
num.query.udpout
Number of queries that the Unbound server made using UDP outgoing towards other servers.
num.query.tls
Number of queries that were made using TLS towards the Unbound server. These are also counted in num.query.tcp, because TLS uses TCP.
num.query.tls.resume
Number of TLS session resumptions, these are queries over TLS towards the Unbound server where the client negotiated a TLS session resump‐
tion key.
num.query.https
Number of queries that were made using HTTPS towards the Unbound server. These are also counted in num.query.tcp and num.query.tls, because
HTTPS uses TLS and TCP.
num.query.quic
Number of queries that were made using QUIC towards the Unbound server. These are also counted in num.query.tls, because TLS is used for
these queries.
num.query.ipv6
Number of queries that were made using IPv6 towards the Unbound server.
num.query.flags.RD
The number of queries that had the RD flag set in the header. Also printed for flags QR, AA, TC, RA, Z, AD, CD. Note that queries with
flags QR, AA or TC may have been rejected because of that.
num.query.edns.present
number of queries that had an EDNS OPT record present.
num.query.edns.DO
number of queries that had an EDNS OPT record with the DO (DNSSEC OK) bit set. These queries are also included in the
num.query.edns.present number.
num.query.ratelimited
The number of queries that are turned away from being send to nameserver due to ratelimiting.
num.query.dnscrypt.shared_secret.cachemiss
The number of dnscrypt queries that did not find a shared secret in the cache. This can be use to compute the shared secret hitrate.
num.query.dnscrypt.replay
The number of dnscrypt queries that found a nonce hit in the nonce cache and hence are considered a query replay.
num.answer.rcode.NXDOMAIN
The number of answers to queries, from cache or from recursion, that had the return code NXDOMAIN. Also printed for the other return codes.
num.answer.rcode.nodata
The number of answers to queries that had the pseudo return code nodata. This means the actual return code was NOERROR, but additionally,
no data was carried in the answer (making what is called a NOERROR/NODATA answer). These queries are also included in the num.an‐
swer.rcode.NOERROR number. Common for AAAA lookups when an A record exists, and no AAAA.
num.answer.secure
Number of answers that were secure. The answer validated correctly. The AD bit might have been set in some of these answers, where the
client signalled (with DO or AD bit in the query) that they were ready to accept the AD bit in the answer.
num.answer.bogus
Number of answers that were bogus. These answers resulted in SERVFAIL to the client because the answer failed validation.
num.rrset.bogus
The number of rrsets marked bogus by the validator. Increased for every RRset inspection that fails.
num.valops
The number of validation operations performed by the validator. Increased for every RRSIG verification operation regardless of the valida‐
tion result. The RRSIG and key combination needs to first pass some sanity checks before Unbound even performs the verification, e.g.,
length/protocol checks.
unwanted.queries
Number of queries that were refused or dropped because they failed the access control settings.
unwanted.replies
Replies that were unwanted or unsolicited. Could have been random traffic, delayed duplicates, very late answers, or could be spoofing at‐
tempts. Some low level of late answers and delayed duplicates are to be expected with the UDP protocol. Very high values could indicate a
threat (spoofing).
msg.cache.count
The number of items (DNS replies) in the message cache.
rrset.cache.count
The number of RRsets in the rrset cache. This includes rrsets used by the messages in the message cache, but also delegation information.
infra.cache.count
The number of items in the infra cache. These are IP addresses with their timing and protocol support information.
key.cache.count
The number of items in the key cache. These are DNSSEC keys, one item per delegation point, and their validation status.
msg.cache.max_collisions
The maximum number of hash table collisions in the msg cache. This is the number of hashes that are identical when a new element is in‐
serted in the hash table. If the value is very large, like hundreds, something is wrong with the performance of the hash table, hash values
are incorrect or malicious.
rrset.cache.max_collisions
The maximum number of hash table collisions in the rrset cache. This is the number of hashes that are identical when a new element is in‐
serted in the hash table. If the value is very large, like hundreds, something is wrong with the performance of the hash table, hash values
are incorrect or malicious.
dnscrypt_shared_secret.cache.count
The number of items in the shared secret cache. These are precomputed shared secrets for a given client public key/server secret key pair.
Shared secrets are CPU intensive and this cache allows Unbound to avoid recomputing the shared secret when multiple dnscrypt queries are
sent from the same client.
dnscrypt_nonce.cache.count
The number of items in the client nonce cache. This cache is used to prevent dnscrypt queries replay. The client nonce must be unique for
each client public key/server secret key pair. This cache should be able to host QPS * replay window interval keys to prevent replay of a
query during replay window seconds.
num.query.authzone.up
The number of queries answered from auth-zone data, upstream queries. These queries would otherwise have been sent (with fallback enabled)
to the internet, but are now answered from the auth zone.
num.query.authzone.down
The number of queries for downstream answered from auth-zone data. These queries are from downstream clients, and have had an answer from
the data in the auth zone.
num.query.aggressive.NOERROR
The number of queries answered using cached NSEC records with NODATA RCODE. These queries would otherwise have been sent to the internet,
but are now answered using cached data.
num.query.aggressive.NXDOMAIN
The number of queries answered using cached NSEC records with NXDOMAIN RCODE. These queries would otherwise have been sent to the internet,
but are now answered using cached data.
num.query.subnet
Number of queries that got an answer that contained EDNS client subnet data.
num.query.subnet_cache
Number of queries answered from the edns client subnet cache. These are counted as cachemiss by the main counters, but hit the client sub‐
net specific cache after getting processed by the edns client subnet module.
num.query.cachedb
Number of queries answered from the external cache of cachedb. These are counted as cachemiss by the main counters, but hit the cachedb ex‐
ternal cache after getting processed by the cachedb module.
num.rpz.action.<rpz_action>
Number of queries answered using configured RPZ policy, per RPZ action type. Possible actions are: nxdomain, nodata, passthru, drop,
tcp-only, local-data, disabled, and cname-override.
FILES
/etc/unbound/unbound.conf
Unbound configuration file.
/etc/unbound
directory with private keys (unbound_server.key and unbound_control.key) and self-signed certificates (unbound_server.pem and unbound_con‐
trol.pem).
SEE ALSO
unbound.conf(5), unbound(8).
AUTHOR
Unbound developers are mentioned in the CREDITS file in the distribution.
COPYRIGHT
1999-2025, NLnet Labs
1.24.2 Dec 14, 2025 UNBOUND-CONTROL(8)
Paketinstallation
Die Installation und Konfiguration des DNS-Resolvers unbound gestaltet sich relativ einfach. Zur Installation des Paketes verwenden wir unter Arch Linux den Paketmanager pacman.
- Als User:
$ sudo pacman -S unbound
- Als Nutzer mit Root-Rechten entsprechend:
# pacman -S unbound
Was uns das Paket unbound alles in das System unseres Arch Linux Server gebracht hat, können wir wie folgt abfragen:
# pacman -Qil unbound
Name : unbound
Version : 1.24.2-2
Description : Validating, recursive, and caching DNS resolver
Architecture : x86_64
URL : https://unbound.net/
Licenses : 0BSD BSD-3-Clause
Groups : None
Provides : libunbound.so=8-64
Depends On : dnssec-anchors fstrm glibc hiredis ldns libnghttp2 libngtcp2 libsodium
libevent libevent-2.1.so=7-64 openssl libcrypto.so=3-64 libssl.so=3-64
protobuf-c libprotobuf-c.so=1-64 systemd-libs libsystemd.so=0-64
Optional Deps : expat: for unbound-anchor [installed]
sh: for unbound-control-setup [installed]
python: for python-bindings [installed]
Required By : None
Optional For : None
Conflicts With : None
Replaces : None
Installed Size : 4.33 MiB
Packager : Jelle van der Waa <jelle@archlinux.org>
Build Date : Sun 14 Dec 2025 07:34:11 PM CET
Install Date : Fri 16 Jan 2026 03:28:06 PM CET
Install Reason : Explicitly installed
Install Script : No
Validated By : Signature
unbound /etc/
unbound /etc/unbound/
unbound /etc/unbound/unbound.conf
unbound /usr/
unbound /usr/bin/
unbound /usr/bin/unbound
unbound /usr/bin/unbound-anchor
unbound /usr/bin/unbound-checkconf
unbound /usr/bin/unbound-control
unbound /usr/bin/unbound-control-setup
unbound /usr/bin/unbound-host
unbound /usr/include/
unbound /usr/include/unbound.h
unbound /usr/lib/
unbound /usr/lib/libunbound.so
unbound /usr/lib/libunbound.so.8
unbound /usr/lib/libunbound.so.8.1.34
unbound /usr/lib/pkgconfig/
unbound /usr/lib/pkgconfig/libunbound.pc
unbound /usr/lib/python3.14/
unbound /usr/lib/python3.14/site-packages/
unbound /usr/lib/python3.14/site-packages/_unbound.so
unbound /usr/lib/python3.14/site-packages/unbound.py
unbound /usr/lib/systemd/
unbound /usr/lib/systemd/system/
unbound /usr/lib/systemd/system/unbound.service
unbound /usr/lib/sysusers.d/
unbound /usr/lib/sysusers.d/unbound.conf
unbound /usr/lib/tmpfiles.d/
unbound /usr/lib/tmpfiles.d/unbound.conf
unbound /usr/share/
unbound /usr/share/libalpm/
unbound /usr/share/libalpm/hooks/
unbound /usr/share/libalpm/hooks/unbound-trusted-key.hook
unbound /usr/share/licenses/
unbound /usr/share/licenses/unbound/
unbound /usr/share/licenses/unbound/0BSD.txt
unbound /usr/share/licenses/unbound/LICENSE
unbound /usr/share/man/
unbound /usr/share/man/man1/
unbound /usr/share/man/man1/unbound-host.1.gz
unbound /usr/share/man/man3/
unbound /usr/share/man/man3/libunbound.3.gz
unbound /usr/share/man/man3/ub_cancel.3.gz
unbound /usr/share/man/man3/ub_ctx.3.gz
unbound /usr/share/man/man3/ub_ctx_add_ta.3.gz
unbound /usr/share/man/man3/ub_ctx_add_ta_file.3.gz
unbound /usr/share/man/man3/ub_ctx_async.3.gz
unbound /usr/share/man/man3/ub_ctx_config.3.gz
unbound /usr/share/man/man3/ub_ctx_create.3.gz
unbound /usr/share/man/man3/ub_ctx_data_add.3.gz
unbound /usr/share/man/man3/ub_ctx_data_remove.3.gz
unbound /usr/share/man/man3/ub_ctx_debuglevel.3.gz
unbound /usr/share/man/man3/ub_ctx_debugout.3.gz
unbound /usr/share/man/man3/ub_ctx_delete.3.gz
unbound /usr/share/man/man3/ub_ctx_get_option.3.gz
unbound /usr/share/man/man3/ub_ctx_hosts.3.gz
unbound /usr/share/man/man3/ub_ctx_print_local_zones.3.gz
unbound /usr/share/man/man3/ub_ctx_resolvconf.3.gz
unbound /usr/share/man/man3/ub_ctx_set_fwd.3.gz
unbound /usr/share/man/man3/ub_ctx_set_option.3.gz
unbound /usr/share/man/man3/ub_ctx_trustedkeys.3.gz
unbound /usr/share/man/man3/ub_ctx_zone_add.3.gz
unbound /usr/share/man/man3/ub_ctx_zone_remove.3.gz
unbound /usr/share/man/man3/ub_fd.3.gz
unbound /usr/share/man/man3/ub_poll.3.gz
unbound /usr/share/man/man3/ub_process.3.gz
unbound /usr/share/man/man3/ub_resolve.3.gz
unbound /usr/share/man/man3/ub_resolve_async.3.gz
unbound /usr/share/man/man3/ub_resolve_free.3.gz
unbound /usr/share/man/man3/ub_result.3.gz
unbound /usr/share/man/man3/ub_strerror.3.gz
unbound /usr/share/man/man3/ub_wait.3.gz
unbound /usr/share/man/man5/
unbound /usr/share/man/man5/unbound.conf.5.gz
unbound /usr/share/man/man8/
unbound /usr/share/man/man8/unbound-anchor.8.gz
unbound /usr/share/man/man8/unbound-checkconf.8.gz
unbound /usr/share/man/man8/unbound-control-setup.8.gz
unbound /usr/share/man/man8/unbound-control.8.gz
unbound /usr/share/man/man8/unbound.8.gz
Grund-Konfiguration
Firewall/Paketfilter - firewalld
Bevor wir nun unseren unbound Resolver konfigurieren und starten müssen wir natürlich sicherstellen, dass auf dem betreffendem Host auch die Kommunikationsbeziehungen entsprechend erlaubt sind.
Wie auch schon früher bei CentOS ab Release 7 bzw. den nachfolgenden Release-Kandidaten Stream von RHEL nutzen wir auch unter Arch Linux den dynamischen firewalld Service. Ein grosser Vorteil der dynamischen Paketfilterregeln ist unter anderem, dass zur Aktivierung der neuen Firewall-Regel(n) nicht der Daemon durchgestartet werden muss und somit alle aktiven Verbindungen kurz getrennt werden. Sondern unsere Änderungen können on-the-fly aktiviert oder auch wieder deaktiviert werden.
In folgendem Konfigurationsbeispiel gehen wir von einem Host aus, der zwei Firewall-Zonen hält, einmal die Zone idmz und einmal die Zone intra. In beiden Zonen sollen später die DNS-Anfragen der Clients entsprechend beantworten werden.
Damit unsere Clients Verbindungen zu dem geöffneten 53/UDP- und 53/TCP-Ports des Unbound-Resolvers aufbauen können, müssen wir für diese noch Änderungen am Paketfilter firewalld vornehmen.
Mit Hilfe des Programms firewall-cmd legen wir nun jeweils eine permanente Regel in den beiden Zonen idmz und intra an. Genug der Vorrede, mit nachfolgendem Befehl werden die Ports für den Service dns geöffnet.
# firewall-cmd --permanent --zone=idmz --add-service=dns
success
# firewall-cmd --permanent --zone=intra --add-service=dns
success
Anschliessend können wir den Firewall-Daemon einmal neu laden und überprüfen, ob die Regeln auch entsprechend unserer Definition, gezogen haben.
# firewall-cmd --reload
success
Werfen wir noch kurz einen Blick in die Zone idmz:
# firewall-cmd --zone=idmz --list-services
dhcp dhcpv6 dns ssh
Gleiches gilt natürlich für die Zone intra:
# firewall-cmd --zone=intra --list-services
dhcp dhcpv6 dns ssh
Firewall/Paketfilter - firewalld auf einem Transitknoten (FWB)
# firewall-cmd --permanent --policy=edmz_2_idmz --add-rich-rule='rule family="ipv4" destination address="10.0.0.110" port port=53 protocol=tcp accept' # firewall-cmd --permanent --policy=edmz_2_idmz --add-rich-rule='rule family="ipv4" destination address="10.0.0.110" port port=53 protocol=udp accept' # firewall-cmd --permanent --policy=edmz_2_idmz --add-rich-rule='rule family="ipv6" destination address="fd00::3:10:0:0:110" port port=53 protocol=tcp accept' # firewall-cmd --permanent --policy=edmz_2_idmz --add-rich-rule='rule family="ipv6" destination address="fd00::3:10:0:0:110" port port=53 protocol=udp accept'
# firewall-cmd --permanent --policy=edmz_2_idmz --add-rich-rule='rule family="ipv6" destination address="2003:a:e0d:7603:10::110" port port=53 protocol=tcp accept' # firewall-cmd --permanent --policy=edmz_2_idmz --add-rich-rule='rule family="ipv6" destination address="2003:a:e0d:7603:10::110" port port=53 protocol=udp accept'
jeweils success
# firewall-cmd --reload success
# firewall-cmd --policy=edmz_2_idmz --list-all
edmz_2_idmz (active) priority: -1 target: REJECT ingress-zones: edmz egress-zones: idmz services: ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family="ipv6" destination address="2003:a:e0d:7603:10::110" icmp-type name="echo-request" accept rule family="ipv4" destination address="10.0.0.110" port port="53" protocol="tcp" accept rule family="ipv4" destination address="10.0.0.110" port port="53" protocol="udp" accept rule family="ipv6" destination address="fd00::3:10:0:0:110" port port="53" protocol="tcp" accept rule family="ipv6" destination address="fd00::3:10:0:0:110" port port="53" protocol="udp" accept
automatischer Start des Daemon
Damit der unbound-Servicedaemon namens unbound automatisch bei jedem Systemstart startet, kann die Einrichtung eines Start-Scriptes über folgenden Befehl erreicht werden:
# systemctl enable unbound.service
Created symlink '/etc/systemd/system/multi-user.target.wants/unbound.service' → '/usr/lib/systemd/system/unbound.service'.
Ein Überprüfung ob der Dienste (Daemon) named wirklich bei jedem Systemstart automatisch mit gestartet wird, kann durch folgenden Befehl erreicht werden:
# systemctl is-enabled unbound.service
enabled
Starten werden wir den Dienst aber jetzt noch nicht, da wir zunächst den Resolver noch konfigurieren und die zugehörigen Zonen-Dateien anlegen müssen!
Basis-Konfiguration
Die Konfiguration unseres DNS Resolvers und dessen auch des Controll-Agenten erfolgt über Konfigurationsdateien im Verzeichnis /etc/unbound/.
Management mit Hilfe von remote-control
Unser unbound DNS-Resolver soll eine Management-Möglichkeit bereitstellen, welche wir mit Hilfe des Befehls unbound-control nun einrichten werden. Zur Generierung des nötigen Schlüsselmaterials rufen wir das Programm unbound-control-setup ohne weitere Optionen auf.
Es wird die mitgelieferte Standard-Konfigurationsdatei /etc/unbound/unbound.conf gelesen und die Schlüsseldateien im Konfigurationsverzeichnis /etc/unbound/ abgelegt.
# unbound-control-setup
setup in directory /etc/unbound Certificate request self-signature ok subject=CN=unbound-control removing artifacts Setup success. Certificates created. Enable in unbound.conf file to use
# ls -l /etc/unbound/unbound_*
-rw-r----- 1 root root 2484 Jan 27 18:24 /etc/unbound/unbound_control.key -rw-r----- 1 root root 1501 Jan 27 18:24 /etc/unbound/unbound_control.pem -rw------- 1 root root 2484 Jan 27 18:24 /etc/unbound/unbound_server.key -rw-r----- 1 root root 1549 Jan 27 18:24 /etc/unbound/unbound_server.pem
DNS-Rootserver - root.hints
Wie auch schon bei der Konfiguration unseres eigenen Nameservers, werden wir auch hier nicht einen x-beliebigen externen Nameserver wie z.B. den des Anschlußnetzbetreibers verwenden, sondern werden hier die offiziellen Root-Name-Server „top-down“ befragen.
Damit unser unbound ordnungsgemäß solche DNS-Anfragen durchführen kann, muß dieser natürlich Kenntnis von den 13 Root Nameservern haben. Bei der Installation des ArchLinux Pakets unbound keine Default-Konfigurationsdatei mit diesen Informationen mitgeliefert wurde, werden wir uns nun die betreffenden Informationen besorgen und in der Datei /var/named/named.root ablegen.
# curl --output /etc/unbound/root.hints https://www.internic.net/domain/named.cache
Wir haben nun die nötigen Informationen vorliegen:
# ll /etc/unbound/root.hints
-rw-r--r-- 1 root root 3313 Jan 28 10:17 /etc/unbound/root.hints
Diese Datei hat nun folgenden Inhalt.
# bat /etc/unbound/root.hints
Inhalt der erzeugten Konfigurationsdatei /var/named/root.hints
─────┬──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
│ File: /etc/unbound/root.hints
─────┼──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
1 │ ; This file holds the information on root name servers needed to
2 │ ; initialize cache of Internet domain name servers
3 │ ; (e.g. reference this file in the "cache . <file>"
4 │ ; configuration file of BIND domain name servers).
5 │ ;
6 │ ; This file is made available by InterNIC
7 │ ; under anonymous FTP as
8 │ ; file /domain/named.cache
9 │ ; on server FTP.INTERNIC.NET
10 │ ; -OR- RS.INTERNIC.NET
11 │ ;
12 │ ; last update: January 22, 2026
13 │ ; related version of root zone: 2026012201
14 │ ;
15 │ ; FORMERLY NS.INTERNIC.NET
16 │ ;
17 │ . 3600000 NS A.ROOT-SERVERS.NET.
18 │ A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
19 │ A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30
20 │ ;
21 │ ; FORMERLY NS1.ISI.EDU
22 │ ;
23 │ . 3600000 NS B.ROOT-SERVERS.NET.
24 │ B.ROOT-SERVERS.NET. 3600000 A 170.247.170.2
25 │ B.ROOT-SERVERS.NET. 3600000 AAAA 2801:1b8:10::b
26 │ ;
27 │ ; FORMERLY C.PSI.NET
28 │ ;
29 │ . 3600000 NS C.ROOT-SERVERS.NET.
30 │ C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
31 │ C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c
32 │ ;
33 │ ; FORMERLY TERP.UMD.EDU
34 │ ;
35 │ . 3600000 NS D.ROOT-SERVERS.NET.
36 │ D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13
37 │ D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d
38 │ ;
39 │ ; FORMERLY NS.NASA.GOV
40 │ ;
41 │ . 3600000 NS E.ROOT-SERVERS.NET.
42 │ E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
43 │ E.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:a8::e
44 │ ;
45 │ ; FORMERLY NS.ISC.ORG
46 │ ;
47 │ . 3600000 NS F.ROOT-SERVERS.NET.
48 │ F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
49 │ F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
50 │ ;
51 │ ; FORMERLY NS.NIC.DDN.MIL
52 │ ;
53 │ . 3600000 NS G.ROOT-SERVERS.NET.
54 │ G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
55 │ G.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:12::d0d
56 │ ;
57 │ ; FORMERLY AOS.ARL.ARMY.MIL
58 │ ;
59 │ . 3600000 NS H.ROOT-SERVERS.NET.
60 │ H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53
61 │ H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53
62 │ ;
63 │ ; FORMERLY NIC.NORDU.NET
64 │ ;
65 │ . 3600000 NS I.ROOT-SERVERS.NET.
66 │ I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
67 │ I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53
68 │ ;
69 │ ; OPERATED BY VERISIGN, INC.
70 │ ;
71 │ . 3600000 NS J.ROOT-SERVERS.NET.
72 │ J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
73 │ J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30
74 │ ;
75 │ ; OPERATED BY RIPE NCC
76 │ ;
77 │ . 3600000 NS K.ROOT-SERVERS.NET.
78 │ K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
79 │ K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
80 │ ;
81 │ ; OPERATED BY ICANN
82 │ ;
83 │ . 3600000 NS L.ROOT-SERVERS.NET.
84 │ L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
85 │ L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42
86 │ ;
87 │ ; OPERATED BY WIDE
88 │ ;
89 │ . 3600000 NS M.ROOT-SERVERS.NET.
90 │ M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
91 │ M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
92 │ ; End of file
─────┴──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Gesetzt den Fall bei den 13 Root-Nameservern würde sich an den Adressen etwas ändern, möchten wir natürlich auch sicherstellen daß das zuvor manuell heruntergeladene File auch aktuell gehalten werden kann. HIerzu legen wir uns einen systemd-Timer an, der 1x im Monat die Datei neu holt und den Resolver anschließend neu startet, damit der Resolver Kenntnis von der neuen Datei hat.
# vim /etc/systemd/system/root-hints.timer
- /etc/systemd/system/root-hints.timer
[Unit] Description=Run root-hints monthly to get actual root.hints [Timer] OnCalendar=monthly Persistent=true Unit=root-hints.service [Install] WantedBy=multi-user.target
# vim /etc/systemd/system/root-hints.service
- /etc/systemd/system/root-hints.service
[Unit] Description=Update root hints for unbound After=network.target [Service] ExecStart=/usr/bin/curl -o /etc/unbound/root.hints https://www.internic.net/domain/named.cache && systemctl restart unbound.service
Anschließend Starten wir den Timer und enablen diesen, so daß disser auch nach einem Neustart der Maschine aktiv ist.
# systemctl start root-hints.timer
# systemctl enable root-hints.timer
Created symlink '/etc/systemd/system/timers.target.wants/root-hints.timer' → '/etc/systemd/system/root-hints.timer'.
DNSSEC-Schlüsselmaterial des hidden-master DNS-Daemon
Damit unser DNS-Resolver unbound die Antworten des hidden masters, also unseres DNS-Daemons auf Basis von ISC Bind unter Arch Linux entsprechend validieren kann, benötigt unser Resolver entsprechendes Schlüsselmaterial. Hierzu legen wir als erstes das entsprechende Zielverzeichnis an:
# mkdir -p /etc/unbound/keys
Hier passen wir nun die Dateirechte an, so dass nur och unser Resolver seklbst darauf zugreifen kann.
# chmod 770 /etc/unbound/keys/ # chown unbound /etc/unbound/keys
Anschließend kopieren wir das nötige Schlüsselmaterial, welches wir bei der DNSSEC-Konfiguration unseres ISC-BIND DNS-Daemon erzeugt hatten.
# cp -av /var/named/keys/*.key /etc/unbound/keys
Auch hier passen wir die Rechte entsprechend an.
# chown unbound /etc/unbound/keys/*.key # chmod 640 /etc/unbound/keys/*.key
Bei Bedarf können wir uns noch anzeigen lassen, welche Dateien kopiert wurden. Hierzu rufen wir auf:
# ll /etc/unbound/keys
Ausgabe des Befehlsaufrufes ls -al /etc/unbound/keys
total 68 drwxrw---- 2 unbound unbound 4096 Jan 28 20:45 ./ drwxr-xr-x 5 root root 4096 Jan 28 17:24 ../ -rw-rw---- 1 unbound root 461 Jan 28 20:40 K0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa.+013+38559.key -rw-rw---- 1 unbound root 419 Jan 28 20:40 K0.0.10.in-addr.arpa.+013+16262.key -rw-rw---- 1 unbound root 421 Jan 28 20:40 K10.0.10.in-addr.arpa.+013+28549.key -rw-rw---- 1 unbound root 425 Jan 28 20:40 K13.92.217.in-addr.arpa.+013+11479.key -rw-rw---- 1 unbound root 423 Jan 28 20:40 K2.17.172.in-addr.arpa.+013+51313.key -rw-rw---- 1 unbound root 460 Jan 28 20:40 K3.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa.+013+02684.key -rw-rw---- 1 unbound root 461 Jan 28 20:40 K3.0.6.7.d.0.e.0.a.0.0.0.3.0.0.2.ip6.arpa.+013+27416.key -rw-rw---- 1 unbound root 461 Jan 28 20:40 K7.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa.+013+34197.key -rw-rw---- 1 unbound root 439 Jan 28 20:40 Kebersberger-liedersammlung.de.+013+20307.key -rw-rw---- 1 unbound root 410 Jan 28 20:40 Kedmz.nausch.org.+013+04478.key -rw-rw---- 1 unbound root 411 Jan 28 20:40 Kidmz.nausch.org.+013+39890.key -rw-rw---- 1 unbound root 413 Jan 28 20:40 Kintra.nausch.org.+013+42787.key -rw-rw---- 1 unbound root 401 Jan 28 20:40 Knausch.org.+013+53813.key -rw-rw---- 1 unbound root 401 Jan 28 20:40 Komni128.de.+013+34323.key -rw-rw---- 1 unbound root 435 Jan 28 20:40 Kwetterstation-pliening.info.+013+29841.key
Konfiguration des Resolvers - unbound.conf
Die Konfiguration des Resolvers erfolgt über die Datei /etc/unbound/unbound.conf die uns bei der Paketinstallation mitgeliefert wurde. Damit wir Änderungen, die beim Updaten des installierten Paketes ggf. neu hinzukommen oder wegfallen, besser von der Originaldatei unterscheiden können kopieren wir uns als erstes diese Datei.
# cp -av /etc/unbound/unbound.conf /etc/unbound/unbound.conf.orig
Die Konfigurationsdatei des Resolvers ist außerordentlich gut dokumentiert, was diese auf eine stattliche Zahl von 1424 Zeilen anwachsen ließ. Werfen wir einen kurzen Blick mal in diese Konfigurationsdatei.
# bat /etc/unbound/unbound.conf
Ausgabe des Befehlsaufrufes bat unbound.conf
│ File: unbound.conf.template2
─────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
1 │ #
2 │ # Example configuration file.
3 │ #
4 │ # See unbound.conf(5) man page, version 1.24.2.
5 │ #
6 │ # this is a comment.
7 │
8 │ # Use this anywhere in the file to include other text into this file.
9 │ #include: "otherfile.conf"
10 │
11 │ # Use this anywhere in the file to include other text, that explicitly starts a
12 │ # clause, into this file. Text after this directive needs to start a clause.
13 │ #include-toplevel: "otherfile.conf"
14 │
15 │ # The server clause sets the main parameters.
16 │ server:
17 │ # whitespace is not necessary, but looks cleaner.
18 │
19 │ # verbosity number, 0 is least verbose. 1 is default.
20 │ # verbosity: 1
21 │
22 │ # print statistics to the log (for every thread) every N seconds.
23 │ # Set to "" or 0 to disable. Default is disabled.
24 │ # statistics-interval: 0
25 │
26 │ # enable shm for stats, default no. if you enable also enable
27 │ # statistics-interval, every time it also writes stats to the
28 │ # shared memory segment keyed with shm-key.
29 │ # shm-enable: no
30 │
31 │ # shm for stats uses this key, and key+1 for the shared mem segment.
32 │ # shm-key: 11777
33 │
34 │ # enable cumulative statistics, without clearing them after printing.
35 │ # statistics-cumulative: no
36 │
37 │ # enable extended statistics (query types, answer codes, status)
38 │ # printed from unbound-control. Default off, because of speed.
39 │ # extended-statistics: no
40 │
41 │ # Inhibits selected extended statistics (qtype, qclass, qopcode, rcode,
42 │ # rpz-actions) from printing if their value is 0.
43 │ # Default on.
44 │ # statistics-inhibit-zero: yes
45 │
46 │ # number of threads to create. 1 disables threading.
47 │ # num-threads: 1
48 │
49 │ # specify the interfaces to answer queries from by ip-address.
50 │ # The default is to listen to localhost (127.0.0.1 and ::1).
51 │ # specify 0.0.0.0 and ::0 to bind to all available interfaces.
52 │ # specify every interface[@port] on a new 'interface:' labelled line.
53 │ # The listen interfaces are not changed on reload, only on restart.
54 │ # interface: 192.0.2.153
55 │ # interface: 192.0.2.154
56 │ # interface: 192.0.2.154@5003
57 │ # interface: 2001:DB8::5
58 │ # interface: eth0@5003
59 │
60 │ # enable this feature to copy the source address of queries to reply.
61 │ # Socket options are not supported on all platforms. experimental.
62 │ # interface-automatic: no
63 │
64 │ # instead of the default port, open additional ports separated by
65 │ # spaces when interface-automatic is enabled, by listing them here.
66 │ # interface-automatic-ports: ""
67 │
68 │ # port to answer queries from
69 │ # port: 53
70 │
71 │ # specify the interfaces to send outgoing queries to authoritative
72 │ # server from by ip-address. If none, the default (all) interface
73 │ # is used. Specify every interface on a 'outgoing-interface:' line.
74 │ # outgoing-interface: 192.0.2.153
75 │ # outgoing-interface: 2001:DB8::5
76 │ # outgoing-interface: 2001:DB8::6
77 │
78 │ # Specify a netblock to use remainder 64 bits as random bits for
79 │ # upstream queries. Uses freebind option (Linux).
80 │ # outgoing-interface: 2001:DB8::/64
81 │ # Also (Linux:) ip -6 addr add 2001:db8::/64 dev lo
82 │ # And: ip -6 route add local 2001:db8::/64 dev lo
83 │ # And set prefer-ip6: yes to use the ip6 randomness from a netblock.
84 │ # Set this to yes to prefer ipv6 upstream servers over ipv4.
85 │ # prefer-ip6: no
86 │
87 │ # Prefer ipv4 upstream servers, even if ipv6 is available.
88 │ # prefer-ip4: no
89 │
90 │ # number of ports to allocate per thread, determines the size of the
91 │ # port range that can be open simultaneously. About double the
92 │ # num-queries-per-thread, or, use as many as the OS will allow you.
93 │ # outgoing-range: 4096
94 │
95 │ # permit Unbound to use this port number or port range for
96 │ # making outgoing queries, using an outgoing interface.
97 │ # outgoing-port-permit: 32768
98 │
99 │ # deny Unbound the use this of port number or port range for
100 │ # making outgoing queries, using an outgoing interface.
101 │ # Use this to make sure Unbound does not grab a UDP port that some
102 │ # other server on this computer needs. The default is to avoid
103 │ # IANA-assigned port numbers.
104 │ # If multiple outgoing-port-permit and outgoing-port-avoid options
105 │ # are present, they are processed in order.
106 │ # outgoing-port-avoid: "3200-3208"
107 │
108 │ # number of outgoing simultaneous tcp buffers to hold per thread.
109 │ # outgoing-num-tcp: 10
110 │
111 │ # number of incoming simultaneous tcp buffers to hold per thread.
112 │ # incoming-num-tcp: 10
113 │
114 │ # buffer size for UDP port 53 incoming (SO_RCVBUF socket option).
115 │ # 0 is system default. Use 4m to catch query spikes for busy servers.
116 │ # so-rcvbuf: 0
117 │
118 │ # buffer size for UDP port 53 outgoing (SO_SNDBUF socket option).
119 │ # 0 is system default. Set larger to handle spikes on very busy servers.
120 │ # so-sndbuf: 4m
121 │
122 │ # use SO_REUSEPORT to distribute queries over threads.
123 │ # at extreme load it could be better to turn it off to distribute even.
124 │ # so-reuseport: yes
125 │
126 │ # use IP_TRANSPARENT so the interface: addresses can be non-local
127 │ # and you can config non-existing IPs that are going to work later on
128 │ # (uses IP_BINDANY on FreeBSD).
129 │ # ip-transparent: no
130 │
131 │ # use IP_FREEBIND so the interface: addresses can be non-local
132 │ # and you can bind to nonexisting IPs and interfaces that are down.
133 │ # Linux only. On Linux you also have ip-transparent that is similar.
134 │ # ip-freebind: no
135 │
136 │ # the value of the Differentiated Services Codepoint (DSCP)
137 │ # in the differentiated services field (DS) of the outgoing
138 │ # IP packets
139 │ # ip-dscp: 0
140 │
141 │ # EDNS reassembly buffer to advertise to UDP peers (the actual buffer
142 │ # is set with msg-buffer-size).
143 │ # edns-buffer-size: 1232
144 │
145 │ # Maximum UDP response size (not applied to TCP response).
146 │ # Suggested values are 512 to 4096. Default is 1232. 65536 disables it.
147 │ # max-udp-size: 1232
148 │
149 │ # max memory to use for stream(tcp and tls) waiting result buffers.
150 │ # stream-wait-size: 4m
151 │
152 │ # buffer size for handling DNS data. No messages larger than this
153 │ # size can be sent or received, by UDP or TCP. In bytes.
154 │ # msg-buffer-size: 65552
155 │
156 │ # the amount of memory to use for the message cache.
157 │ # plain value in bytes or you can append k, m or G. default is "4Mb".
158 │ # msg-cache-size: 4m
159 │
160 │ # the number of slabs to use for the message cache.
161 │ # the number of slabs must be a power of 2.
162 │ # more slabs reduce lock contention, but fragment memory usage.
163 │ # msg-cache-slabs: 4
164 │
165 │ # the number of queries that a thread gets to service.
166 │ # num-queries-per-thread: 2048
167 │
168 │ # if very busy, 50% queries run to completion, 50% get timeout in msec
169 │ # jostle-timeout: 200
170 │
171 │ # msec to wait before close of port on timeout UDP. 0 disables.
172 │ # delay-close: 0
173 │
174 │ # perform connect for UDP sockets to mitigate ICMP side channel.
175 │ # udp-connect: yes
176 │
177 │ # The number of retries, per upstream nameserver in a delegation, when
178 │ # a throwaway response (also timeouts) is received.
179 │ # outbound-msg-retry: 5
180 │
181 │ # Hard limit on the number of outgoing queries Unbound will make while
182 │ # resolving a name, making sure large NS sets do not loop.
183 │ # It resets on query restarts (e.g., CNAME) and referrals.
184 │ # max-sent-count: 32
185 │
186 │ # Hard limit on the number of times Unbound is allowed to restart a
187 │ # query upon encountering a CNAME record.
188 │ # max-query-restarts: 11
189 │
190 │ # Limit on number of NS records in NS RRset for incoming packets.
191 │ # iter-scrub-ns: 20
192 │
193 │ # Limit on number of CNAME, DNAME records for incoming packets.
194 │ # iter-scrub-cname: 11
195 │
196 │ # Limit on upstream queries for an incoming query and its recursion.
197 │ # max-global-quota: 200
198 │
199 │ # Should the scrubber remove promiscuous NS from positive answers,
200 │ # protects against poison attempts.
201 │ # iter-scrub-promiscuous: yes
202 │
203 │ # msec for waiting for an unknown server to reply. Increase if you
204 │ # are behind a slow satellite link, to eg. 1128.
205 │ # unknown-server-time-limit: 376
206 │
207 │ # msec before recursion replies are dropped. The work item continues.
208 │ # discard-timeout: 1900
209 │
210 │ # Max number of replies waiting for recursion per IP address.
211 │ # wait-limit: 1000
212 │
213 │ # Max replies waiting for recursion for IP address with cookie.
214 │ # wait-limit-cookie: 10000
215 │
216 │ # Apart from the default, the wait limit can be set for a netblock.
217 │ # wait-limit-netblock: 192.0.2.0/24 50000
218 │
219 │ # Apart from the default, the wait limit with cookie can be adjusted.
220 │ # wait-limit-cookie-netblock: 192.0.2.0/24 50000
221 │
222 │ # Defaults for loopback, it has no wait limit.
223 │ # wait-limit-netblock: 127.0.0.0/8 -1
224 │ # wait-limit-netblock: ::1/128 -1
225 │ # wait-limit-cookie-netblock: 127.0.0.0/8 -1
226 │ # wait-limit-cookie-netblock: ::1/128 -1
227 │
228 │ # the amount of memory to use for the RRset cache.
229 │ # plain value in bytes or you can append k, m or G. default is "4Mb".
230 │ # rrset-cache-size: 4m
231 │
232 │ # the number of slabs to use for the RRset cache.
233 │ # the number of slabs must be a power of 2.
234 │ # more slabs reduce lock contention, but fragment memory usage.
235 │ # rrset-cache-slabs: 4
236 │
237 │ # the time to live (TTL) value lower bound, in seconds. Default 0.
238 │ # If more than an hour could easily give trouble due to stale data.
239 │ # cache-min-ttl: 0
240 │
241 │ # the time to live (TTL) value cap for RRsets and messages in the
242 │ # cache. Items are not cached for longer. In seconds.
243 │ # cache-max-ttl: 86400
244 │
245 │ # the time to live (TTL) value cap for negative responses in the cache
246 │ # cache-max-negative-ttl: 3600
247 │
248 │ # the time to live (TTL) value lower bound, in seconds. Default 0.
249 │ # For negative responses in the cache. If disabled, default,
250 │ # cache-min-ttl applies if configured.
251 │ # cache-min-negative-ttl: 0
252 │
253 │ # the time to live (TTL) value for cached roundtrip times, lameness and
254 │ # EDNS version information for hosts. In seconds.
255 │ # infra-host-ttl: 900
256 │
257 │ # minimum wait time for responses, increase if uplink is long. In msec.
258 │ # infra-cache-min-rtt: 50
259 │
260 │ # maximum wait time for responses. In msec.
261 │ # infra-cache-max-rtt: 120000
262 │
263 │ # enable to make server probe down hosts more frequently.
264 │ # infra-keep-probing: no
265 │
266 │ # the number of slabs to use for the Infrastructure cache.
267 │ # the number of slabs must be a power of 2.
268 │ # more slabs reduce lock contention, but fragment memory usage.
269 │ # infra-cache-slabs: 4
270 │
271 │ # the maximum number of hosts that are cached (roundtrip, EDNS, lame).
272 │ # infra-cache-numhosts: 10000
273 │
274 │ # define a number of tags here, use with local-zone, access-control,
275 │ # interface-*.
276 │ # repeat the define-tag statement to add additional tags.
277 │ # define-tag: "tag1 tag2 tag3"
278 │
279 │ # Enable IPv4, "yes" or "no".
280 │ # do-ip4: yes
281 │
282 │ # Enable IPv6, "yes" or "no".
283 │ # do-ip6: yes
284 │
285 │ # If running unbound on an IPv6-only host, domains that only have
286 │ # IPv4 servers would become unresolvable. If NAT64 is available in
287 │ # the network, unbound can use NAT64 to reach these servers with
288 │ # the following option. This is NOT needed for enabling DNS64 on a
289 │ # system that has IPv4 connectivity.
290 │ # Consider also enabling prefer-ip6 to prefer native IPv6 connections
291 │ # to nameservers.
292 │ # do-nat64: no
293 │
294 │ # NAT64 prefix. Defaults to using dns64-prefix value.
295 │ # nat64-prefix: 64:ff9b::0/96
296 │
297 │ # Enable UDP, "yes" or "no".
298 │ # do-udp: yes
299 │
300 │ # Enable TCP, "yes" or "no".
301 │ # do-tcp: yes
302 │
303 │ # upstream connections use TCP only (and no UDP), "yes" or "no"
304 │ # useful for tunneling scenarios, default no.
305 │ # tcp-upstream: no
306 │
307 │ # upstream connections also use UDP (even if do-udp is no).
308 │ # useful if if you want UDP upstream, but don't provide UDP downstream.
309 │ # udp-upstream-without-downstream: no
310 │
311 │ # Maximum segment size (MSS) of TCP socket on which the server
312 │ # responds to queries. Default is 0, system default MSS.
313 │ # tcp-mss: 0
314 │
315 │ # Maximum segment size (MSS) of TCP socket for outgoing queries.
316 │ # Default is 0, system default MSS.
317 │ # outgoing-tcp-mss: 0
318 │
319 │ # Idle TCP timeout, connection closed in milliseconds
320 │ # tcp-idle-timeout: 30000
321 │
322 │ # Enable EDNS TCP keepalive option.
323 │ # edns-tcp-keepalive: no
324 │
325 │ # Timeout for EDNS TCP keepalive, in msec. Overrides tcp-idle-timeout
326 │ # if edns-tcp-keepalive is set.
327 │ # edns-tcp-keepalive-timeout: 120000
328 │
329 │ # UDP queries that have waited in the socket buffer for a long time
330 │ # can be dropped. Default is 0, disabled. In seconds, such as 3.
331 │ # sock-queue-timeout: 0
332 │
333 │ # Use systemd socket activation for UDP, TCP, and control sockets.
334 │ # use-systemd: no
335 │
336 │ # Detach from the terminal, run in background, "yes" or "no".
337 │ # Set the value to "no" when Unbound runs as systemd service.
338 │ # do-daemonize: yes
339 │
340 │ # control which clients are allowed to make (recursive) queries
341 │ # to this server. Specify classless netblocks with /size and action.
342 │ # By default everything is refused, except for localhost.
343 │ # Choose deny (drop message), refuse (polite error reply),
344 │ # allow (recursive ok), allow_setrd (recursive ok, rd bit is forced on),
345 │ # allow_snoop (recursive and nonrecursive ok)
346 │ # allow_cookie (allow UDP with valid cookie or stateful transport)
347 │ # deny_non_local (drop queries unless can be answered from local-data)
348 │ # refuse_non_local (like deny_non_local but polite error reply).
349 │ # access-control: 127.0.0.0/8 allow
350 │ # access-control: ::1 allow
351 │ # access-control: ::ffff:127.0.0.1 allow
352 │
353 │ # tag access-control with list of tags (in "" with spaces between)
354 │ # Clients using this access control element use localzones that
355 │ # are tagged with one of these tags.
356 │ # access-control-tag: 192.0.2.0/24 "tag2 tag3"
357 │
358 │ # set action for particular tag for given access control element.
359 │ # if you have multiple tag values, the tag used to lookup the action
360 │ # is the first tag match between access-control-tag and local-zone-tag
361 │ # where "first" comes from the order of the define-tag values.
362 │ # access-control-tag-action: 192.0.2.0/24 tag3 refuse
363 │
364 │ # set redirect data for particular tag for access control element
365 │ # access-control-tag-data: 192.0.2.0/24 tag2 "A 127.0.0.1"
366 │
367 │ # Set view for access control element
368 │ # access-control-view: 192.0.2.0/24 viewname
369 │
370 │ # Similar to 'access-control:' but for interfaces.
371 │ # Control which listening interfaces are allowed to accept (recursive)
372 │ # queries for this server.
373 │ # The specified interfaces should be the same as the ones specified in
374 │ # 'interface:' followed by the action.
375 │ # The actions are the same as 'access-control:' above.
376 │ # By default all the interfaces configured are refused.
377 │ # Note: any 'access-control*:' setting overrides all 'interface-*:'
378 │ # settings for targeted clients.
379 │ # interface-action: 192.0.2.153 allow
380 │ # interface-action: 192.0.2.154 allow
381 │ # interface-action: 192.0.2.154@5003 allow
382 │ # interface-action: 2001:DB8::5 allow
383 │ # interface-action: eth0@5003 allow
384 │
385 │ # Similar to 'access-control-tag:' but for interfaces.
386 │ # Tag interfaces with a list of tags (in "" with spaces between).
387 │ # Interfaces using these tags use localzones that are tagged with one
388 │ # of these tags.
389 │ # The specified interfaces should be the same as the ones specified in
390 │ # 'interface:' followed by the list of tags.
391 │ # Note: any 'access-control*:' setting overrides all 'interface-*:'
392 │ # settings for targeted clients.
393 │ # interface-tag: eth0@5003 "tag2 tag3"
394 │
395 │ # Similar to 'access-control-tag-action:' but for interfaces.
396 │ # Set action for particular tag for a given interface element.
397 │ # If you have multiple tag values, the tag used to lookup the action
398 │ # is the first tag match between interface-tag and local-zone-tag
399 │ # where "first" comes from the order of the define-tag values.
400 │ # The specified interfaces should be the same as the ones specified in
401 │ # 'interface:' followed by the tag and action.
402 │ # Note: any 'access-control*:' setting overrides all 'interface-*:'
403 │ # settings for targeted clients.
404 │ # interface-tag-action: eth0@5003 tag3 refuse
405 │
406 │ # Similar to 'access-control-tag-data:' but for interfaces.
407 │ # Set redirect data for a particular tag for an interface element.
408 │ # The specified interfaces should be the same as the ones specified in
409 │ # 'interface:' followed by the tag and the redirect data.
410 │ # Note: any 'access-control*:' setting overrides all 'interface-*:'
411 │ # settings for targeted clients.
412 │ # interface-tag-data: eth0@5003 tag2 "A 127.0.0.1"
413 │
414 │ # Similar to 'access-control-view:' but for interfaces.
415 │ # Set view for an interface element.
416 │ # The specified interfaces should be the same as the ones specified in
417 │ # 'interface:' followed by the view name.
418 │ # Note: any 'access-control*:' setting overrides all 'interface-*:'
419 │ # settings for targeted clients.
420 │ # interface-view: eth0@5003 viewname
421 │
422 │ # if given, a chroot(2) is done to the given directory.
423 │ # i.e. you can chroot to the working directory, for example,
424 │ # for extra security, but make sure all files are in that directory.
425 │ #
426 │ # If chroot is enabled, you should pass the configfile (from the
427 │ # commandline) as a full path from the original root. After the
428 │ # chroot has been performed the now defunct portion of the config
429 │ # file path is removed to be able to reread the config after a reload.
430 │ #
431 │ # All other file paths (working dir, logfile, roothints, and
432 │ # key files) can be specified in several ways:
433 │ # o as an absolute path relative to the new root.
434 │ # o as a relative path to the working directory.
435 │ # o as an absolute path relative to the original root.
436 │ # In the last case the path is adjusted to remove the unused portion.
437 │ #
438 │ # The pid file can be absolute and outside of the chroot, it is
439 │ # written just prior to performing the chroot and dropping permissions.
440 │ #
441 │ # Additionally, Unbound may need to access /dev/urandom (for entropy).
442 │ # How to do this is specific to your OS.
443 │ #
444 │ # If you give "" no chroot is performed. The path must not end in a /.
445 │ # chroot: "/etc/unbound"
446 │
447 │ # if given, user privileges are dropped (after binding port),
448 │ # and the given username is assumed. Default is user "unbound".
449 │ # If you give "" no privileges are dropped.
450 │ # username: "unbound"
451 │
452 │ # the working directory. The relative files in this config are
453 │ # relative to this directory. If you give "" the working directory
454 │ # is not changed.
455 │ # If you give a server: directory: dir before include: file statements
456 │ # then those includes can be relative to the working directory.
457 │ # directory: "/etc/unbound"
458 │
459 │ # the log file, "" means log to stderr.
460 │ # Use of this option sets use-syslog to "no".
461 │ # logfile: ""
462 │
463 │ # Log to syslog(3) if yes. The log facility LOG_DAEMON is used to
464 │ # log to. If yes, it overrides the logfile.
465 │ # use-syslog: yes
466 │
467 │ # Log identity to report. if empty, defaults to the name of argv[0]
468 │ # (usually "unbound").
469 │ # log-identity: ""
470 │
471 │ # print UTC timestamp in ascii to logfile, default is epoch in seconds.
472 │ # log-time-ascii: no
473 │
474 │ # log timestamp in ISO8601 format if also log-time-ascii is enabled.
475 │ # (y-m-dTh:m:s.msec[+-]tzhours:tzminutes)
476 │ # log-time-iso: no
477 │
478 │ # print one line with time, IP, name, type, class for every query.
479 │ # log-queries: no
480 │
481 │ # print one line per reply, with time, IP, name, type, class, rcode,
482 │ # timetoresolve, fromcache and responsesize.
483 │ # log-replies: no
484 │
485 │ # log with tag 'query' and 'reply' instead of 'info' for
486 │ # filtering log-queries and log-replies from the log.
487 │ # log-tag-queryreply: no
488 │
489 │ # log with destination address, port and type for log-replies.
490 │ # log-destaddr: no
491 │
492 │ # log the local-zone actions, like local-zone type inform is enabled
493 │ # also for the other local zone types.
494 │ # log-local-actions: no
495 │
496 │ # print log lines that say why queries return SERVFAIL to clients.
497 │ # log-servfail: no
498 │
499 │ # the pid file. Can be an absolute path outside of chroot/work dir.
500 │ # pidfile: "/run/unbound.pid"
501 │
502 │ # file to read root hints from.
503 │ # get one from https://www.internic.net/domain/named.cache
504 │ # root-hints: ""
505 │
506 │ # enable to not answer id.server and hostname.bind queries.
507 │ # hide-identity: no
508 │
509 │ # enable to not answer version.server and version.bind queries.
510 │ # hide-version: no
511 │
512 │ # enable to not answer trustanchor.unbound queries.
513 │ # hide-trustanchor: no
514 │
515 │ # enable to not set the User-Agent HTTP header.
516 │ # hide-http-user-agent: no
517 │
518 │ # the identity to report. Leave "" or default to return hostname.
519 │ # identity: ""
520 │
521 │ # the version to report. Leave "" or default to return package version.
522 │ # version: ""
523 │
524 │ # NSID identity (hex string, or "ascii_somestring"). default disabled.
525 │ # nsid: "aabbccdd"
526 │
527 │ # User-Agent HTTP header to use. Leave "" or default to use package name
528 │ # and version.
529 │ # http-user-agent: ""
530 │
531 │ # the target fetch policy.
532 │ # series of integers describing the policy per dependency depth.
533 │ # The number of values in the list determines the maximum dependency
534 │ # depth the recursor will pursue before giving up. Each integer means:
535 │ # -1 : fetch all targets opportunistically,
536 │ # 0: fetch on demand,
537 │ # positive value: fetch that many targets opportunistically.
538 │ # Enclose the list of numbers between quotes ("").
539 │ # target-fetch-policy: "3 2 1 0 0"
540 │
541 │ # Harden against very small EDNS buffer sizes.
542 │ # harden-short-bufsize: yes
543 │
544 │ # Harden against unseemly large queries.
545 │ # harden-large-queries: no
546 │
547 │ # Harden against out of zone rrsets, to avoid spoofing attempts.
548 │ # harden-glue: yes
549 │
550 │ # Harden against unverified (outside-zone, including sibling zone) glue rrsets
551 │ # harden-unverified-glue: no
552 │
553 │ # Harden against receiving dnssec-stripped data. If you turn it
554 │ # off, failing to validate dnskey data for a trustanchor will
555 │ # trigger insecure mode for that zone (like without a trustanchor).
556 │ # Default on, which insists on dnssec data for trust-anchored zones.
557 │ # harden-dnssec-stripped: yes
558 │
559 │ # Harden against queries that fall under dnssec-signed nxdomain names.
560 │ # harden-below-nxdomain: yes
561 │
562 │ # Harden the referral path by performing additional queries for
563 │ # infrastructure data. Validates the replies (if possible).
564 │ # Default off, because the lookups burden the server. Experimental
565 │ # implementation of draft-wijngaards-dnsext-resolver-side-mitigation.
566 │ # harden-referral-path: no
567 │
568 │ # Harden against algorithm downgrade when multiple algorithms are
569 │ # advertised in the DS record. If no, allows any algorithm
570 │ # to validate the zone which is the standard behavior for validators.
571 │ # Check the manpage for detailed information.
572 │ # harden-algo-downgrade: no
573 │
574 │ # Harden against unknown records in the authority section and the
575 │ # additional section.
576 │ # harden-unknown-additional: no
577 │
578 │ # Sent minimum amount of information to upstream servers to enhance
579 │ # privacy. Only sent minimum required labels of the QNAME and set QTYPE
580 │ # to A when possible.
581 │ # qname-minimisation: yes
582 │
583 │ # QNAME minimisation in strict mode. Do not fall-back to sending full
584 │ # QNAME to potentially broken nameservers. A lot of domains will not be
585 │ # resolvable when this option in enabled.
586 │ # This option only has effect when qname-minimisation is enabled.
587 │ # qname-minimisation-strict: no
588 │
589 │ # Aggressive NSEC uses the DNSSEC NSEC chain to synthesize NXDOMAIN
590 │ # and other denials, using information from previous NXDOMAINs answers.
591 │ # aggressive-nsec: yes
592 │
593 │ # Use 0x20-encoded random bits in the query to foil spoof attempts.
594 │ # This feature is an experimental implementation of draft dns-0x20.
595 │ # use-caps-for-id: no
596 │
597 │ # Domains (and domains in them) without support for dns-0x20 and
598 │ # the fallback fails because they keep sending different answers.
599 │ # caps-exempt: "licdn.com"
600 │ # caps-exempt: "senderbase.org"
601 │
602 │ # Enforce privacy of these addresses. Strips them away from answers.
603 │ # It may cause DNSSEC validation to additionally mark it as bogus.
604 │ # Protects against 'DNS Rebinding' (uses browser as network proxy).
605 │ # Only 'private-domain' and 'local-data' names are allowed to have
606 │ # these private addresses. No default.
607 │ # private-address: 10.0.0.0/8
608 │ # private-address: 172.16.0.0/12
609 │ # private-address: 192.168.0.0/16
610 │ # private-address: 169.254.0.0/16
611 │ # private-address: fd00::/8
612 │ # private-address: fe80::/10
613 │ # private-address: ::ffff:0:0/96
614 │
615 │ # Allow the domain (and its subdomains) to contain private addresses.
616 │ # local-data statements are allowed to contain private addresses too.
617 │ # private-domain: "example.com"
618 │
619 │ # If nonzero, unwanted replies are not only reported in statistics,
620 │ # but also a running total is kept per thread. If it reaches the
621 │ # threshold, a warning is printed and a defensive action is taken,
622 │ # the cache is cleared to flush potential poison out of it.
623 │ # A suggested value is 10000000, the default is 0 (turned off).
624 │ # unwanted-reply-threshold: 0
625 │
626 │ # Do not query the following addresses. No DNS queries are sent there.
627 │ # List one address per entry. List classless netblocks with /size,
628 │ # do-not-query-address: 127.0.0.1/8
629 │ # do-not-query-address: ::1
630 │
631 │ # if yes, the above default do-not-query-address entries are present.
632 │ # if no, localhost can be queried (for testing and debugging).
633 │ # do-not-query-localhost: yes
634 │
635 │ # if yes, perform prefetching of almost expired message cache entries.
636 │ # prefetch: no
637 │
638 │ # if yes, perform key lookups adjacent to normal lookups.
639 │ # prefetch-key: no
640 │
641 │ # deny queries of type ANY with an empty response.
642 │ # deny-any: no
643 │
644 │ # if yes, Unbound rotates RRSet order in response.
645 │ # rrset-roundrobin: yes
646 │
647 │ # if yes, Unbound doesn't insert authority/additional sections
648 │ # into response messages when those sections are not required.
649 │ # minimal-responses: yes
650 │
651 │ # true to disable DNSSEC lameness check in iterator.
652 │ # disable-dnssec-lame-check: no
653 │
654 │ # module configuration of the server. A string with identifiers
655 │ # separated by spaces. Syntax: "[dns64] [validator] iterator"
656 │ # most modules have to be listed at the beginning of the line,
657 │ # except cachedb(just before iterator), and python (at the beginning,
658 │ # or, just before the iterator).
659 │ # module-config: "validator iterator"
660 │
661 │ # File with trusted keys, kept uptodate using RFC5011 probes,
662 │ # initial file like trust-anchor-file, then it stores metadata.
663 │ # Use several entries, one per domain name, to track multiple zones.
664 │ #
665 │ # If you want to perform DNSSEC validation, run unbound-anchor before
666 │ # you start Unbound (i.e. in the system boot scripts).
667 │ # And then enable the auto-trust-anchor-file config item.
668 │ # Please note usage of unbound-anchor root anchor is at your own risk
669 │ # and under the terms of our LICENSE (see that file in the source).
670 │ # auto-trust-anchor-file: "/etc/trusted-key.key"
671 │
672 │ # trust anchor signaling sends a RFC8145 key tag query after priming.
673 │ # trust-anchor-signaling: yes
674 │
675 │ # Root key trust anchor sentinel (draft-ietf-dnsop-kskroll-sentinel)
676 │ # root-key-sentinel: yes
677 │
678 │ # File with trusted keys for validation. Specify more than one file
679 │ # with several entries, one file per entry.
680 │ # Zone file format, with DS and DNSKEY entries.
681 │ # Note this gets out of date, use auto-trust-anchor-file please.
682 │ trust-anchor-file: "/etc/unbound/trusted-key.key"
683 │
684 │ # Trusted key for validation. DS or DNSKEY. specify the RR on a
685 │ # single line, surrounded by "". TTL is ignored. class is IN default.
686 │ # Note this gets out of date, use auto-trust-anchor-file please.
687 │ # (These examples are from August 2007 and may not be valid anymore).
688 │ # trust-anchor: "nlnetlabs.nl. DNSKEY 257 3 5 AQPzzTWMz8qSWIQlfRnPckx2BiVmkVN6LPupO3mbz7FhLSnm26n6iG9N Lby97Ji453aWZY3M5/xJBSOS2vWtco2t8C0+xeO1bc/d6ZTy32DHchpW 6rDH1vp86Ll+ha0tmwyy9QP7y2bVw5zSbFCrefk8qCUBgfHm9bHzMG1U BYtEIQ=="
689 │ # trust-anchor: "jelte.nlnetlabs.nl. DS 42860 5 1 14D739EB566D2B1A5E216A0BA4D17FA9B038BE4A"
690 │
691 │ # File with trusted keys for validation. Specify more than one file
692 │ # with several entries, one file per entry. Like trust-anchor-file
693 │ # but has a different file format. Format is BIND-9 style format,
694 │ # the trusted-keys { name flag proto algo "key"; }; clauses are read.
695 │ # you need external update procedures to track changes in keys.
696 │ # trusted-keys-file: ""
697 │
698 │ # Ignore chain of trust. Domain is treated as insecure.
699 │ # domain-insecure: "example.com"
700 │
701 │ # Override the date for validation with a specific fixed date.
702 │ # Do not set this unless you are debugging signature inception
703 │ # and expiration. "" or "0" turns the feature off. -1 ignores date.
704 │ # val-override-date: ""
705 │
706 │ # The time to live for bogus data, rrsets and messages. This avoids
707 │ # some of the revalidation, until the time interval expires. in secs.
708 │ # val-bogus-ttl: 60
709 │
710 │ # The signature inception and expiration dates are allowed to be off
711 │ # by 10% of the signature lifetime (expir-incep) from our local clock.
712 │ # This leeway is capped with a minimum and a maximum. In seconds.
713 │ # val-sig-skew-min: 3600
714 │ # val-sig-skew-max: 86400
715 │
716 │ # The maximum number the validator should restart validation with
717 │ # another authority in case of failed validation.
720 │ # Should additional section of secure message also be kept clean of
721 │ # unsecure data. Useful to shield the users of this validator from
722 │ # potential bogus data in the additional section. All unsigned data
723 │ # in the additional section is removed from secure messages.
724 │ # val-clean-additional: yes
725 │
726 │ # Turn permissive mode on to permit bogus messages. Thus, messages
727 │ # for which security checks failed will be returned to clients,
728 │ # instead of SERVFAIL. It still performs the security checks, which
729 │ # result in interesting log files and possibly the AD bit in
730 │ # replies if the message is found secure. The default is off.
731 │ # val-permissive-mode: no
732 │
733 │ # Ignore the CD flag in incoming queries and refuse them bogus data.
734 │ # Enable it if the only clients of Unbound are legacy servers (w2008)
735 │ # that set CD but cannot validate themselves.
736 │ # ignore-cd-flag: no
737 │
738 │ # Disable the DO flag in outgoing requests. It is helpful for upstream
739 │ # devices that cannot handle DNSSEC information. But do not enable it
740 │ # otherwise, because it would stop DNSSEC validation.
741 │ # disable-edns-do: no
742 │
743 │ # Serve expired responses from cache, with serve-expired-reply-ttl in
744 │ # the response. By default it first tries to refresh an expired answer.
745 │ # Can be configured with serve-expired-client-timeout.
746 │ # serve-expired: no
747 │ #
748 │ # Limit serving of expired responses to configured seconds after
749 │ # expiration. 0 disables the limit.
750 │ # serve-expired-ttl: 86400
751 │ #
752 │ # Set the TTL of expired records to the serve-expired-ttl value after a
753 │ # failed attempt to retrieve the record from upstream. This makes sure
754 │ # that the expired records will be served as long as there are queries
755 │ # for it.
756 │ # serve-expired-ttl-reset: no
757 │ #
758 │ # TTL value to use when replying with expired data.
759 │ # serve-expired-reply-ttl: 30
760 │ #
761 │ # Time in milliseconds before replying to the client with expired data.
762 │ # This essentially enables the serve-stale behavior as specified in
763 │ # RFC 8767 that first tries to resolve before immediately responding
764 │ # with expired data. 0 disables this behavior.
765 │ # serve-expired-client-timeout: 1800
766 │
767 │ # Return the original TTL as received from the upstream name server rather
768 │ # than the decrementing TTL as stored in the cache. Enabling this feature
769 │ # does not impact cache expiry, it only changes the TTL Unbound embeds in
770 │ # responses to queries. Note that enabling this feature implicitly disables
771 │ # enforcement of the configured minimum and maximum TTL.
772 │ # serve-original-ttl: no
773 │
774 │ # Have the validator log failed validations for your diagnosis.
775 │ # 0: off. 1: A line per failed user query. 2: With reason and bad IP.
776 │ # val-log-level: 0
777 │
778 │ # It is possible to configure NSEC3 maximum iteration counts per
779 │ # keysize. Keep this table very short, as linear search is done.
780 │ # A message with an NSEC3 with larger count is marked insecure.
781 │ # List in ascending order the keysize and count values.
782 │ # val-nsec3-keysize-iterations: "1024 150 2048 150 4096 150"
783 │
784 │ # if enabled, ZONEMD verification failures do not block the zone.
785 │ # zonemd-permissive-mode: no
786 │
787 │ # instruct the auto-trust-anchor-file probing to add anchors after ttl.
788 │ # add-holddown: 2592000 # 30 days
789 │
790 │ # instruct the auto-trust-anchor-file probing to del anchors after ttl.
791 │ # del-holddown: 2592000 # 30 days
792 │
793 │ # auto-trust-anchor-file probing removes missing anchors after ttl.
794 │ # If the value 0 is given, missing anchors are not removed.
795 │ # keep-missing: 31622400 # 366 days
796 │
797 │ # debug option that allows very small holddown times for key rollover,
798 │ # otherwise the RFC mandates probe intervals must be at least 1 hour.
799 │ # permit-small-holddown: no
800 │
801 │ # the amount of memory to use for the key cache.
802 │ # plain value in bytes or you can append k, m or G. default is "4Mb".
803 │ # key-cache-size: 4m
804 │
805 │ # the number of slabs to use for the key cache.
806 │ # the number of slabs must be a power of 2.
807 │ # more slabs reduce lock contention, but fragment memory usage.
808 │ # key-cache-slabs: 4
809 │
810 │ # the amount of memory to use for the negative cache.
811 │ # plain value in bytes or you can append k, m or G. default is "1Mb".
812 │ # neg-cache-size: 1m
813 │
814 │ # By default, for a number of zones a small default 'nothing here'
815 │ # reply is built-in. Query traffic is thus blocked. If you
816 │ # wish to serve such zone you can unblock them by uncommenting one
817 │ # of the nodefault statements below.
818 │ # You may also have to use domain-insecure: zone to make DNSSEC work,
819 │ # unless you have your own trust anchors for this zone.
820 │ # local-zone: "localhost." nodefault
821 │ # local-zone: "127.in-addr.arpa." nodefault
822 │ # local-zone: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." nodefault
823 │ # local-zone: "home.arpa." nodefault
824 │ # local-zone: "resolver.arpa." nodefault
825 │ # local-zone: "service.arpa." nodefault
826 │ # local-zone: "onion." nodefault
827 │ # local-zone: "test." nodefault
828 │ # local-zone: "invalid." nodefault
829 │ # local-zone: "10.in-addr.arpa." nodefault
830 │ # local-zone: "16.172.in-addr.arpa." nodefault
831 │ # local-zone: "17.172.in-addr.arpa." nodefault
832 │ # local-zone: "18.172.in-addr.arpa." nodefault
833 │ # local-zone: "19.172.in-addr.arpa." nodefault
834 │ # local-zone: "20.172.in-addr.arpa." nodefault
835 │ # local-zone: "21.172.in-addr.arpa." nodefault
836 │ # local-zone: "22.172.in-addr.arpa." nodefault
837 │ # local-zone: "23.172.in-addr.arpa." nodefault
838 │ # local-zone: "24.172.in-addr.arpa." nodefault
839 │ # local-zone: "25.172.in-addr.arpa." nodefault
840 │ # local-zone: "26.172.in-addr.arpa." nodefault
841 │ # local-zone: "27.172.in-addr.arpa." nodefault
842 │ # local-zone: "28.172.in-addr.arpa." nodefault
843 │ # local-zone: "29.172.in-addr.arpa." nodefault
844 │ # local-zone: "30.172.in-addr.arpa." nodefault
845 │ # local-zone: "31.172.in-addr.arpa." nodefault
846 │ # local-zone: "168.192.in-addr.arpa." nodefault
847 │ # local-zone: "0.in-addr.arpa." nodefault
848 │ # local-zone: "254.169.in-addr.arpa." nodefault
849 │ # local-zone: "2.0.192.in-addr.arpa." nodefault
850 │ # local-zone: "100.51.198.in-addr.arpa." nodefault
851 │ # local-zone: "113.0.203.in-addr.arpa." nodefault
852 │ # local-zone: "255.255.255.255.in-addr.arpa." nodefault
853 │ # local-zone: "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." nodefault
854 │ # local-zone: "d.f.ip6.arpa." nodefault
855 │ # local-zone: "8.e.f.ip6.arpa." nodefault
856 │ # local-zone: "9.e.f.ip6.arpa." nodefault
857 │ # local-zone: "a.e.f.ip6.arpa." nodefault
858 │ # local-zone: "b.e.f.ip6.arpa." nodefault
859 │ # local-zone: "8.b.d.0.1.0.0.2.ip6.arpa." nodefault
860 │ # And for 64.100.in-addr.arpa. to 127.100.in-addr.arpa.
861 │
862 │ # Add example.com into ipset
863 │ # local-zone: "example.com" ipset
864 │
865 │ # If Unbound is running service for the local host then it is useful
866 │ # to perform lan-wide lookups to the upstream, and unblock the
867 │ # long list of local-zones above. If this Unbound is a dns server
868 │ # for a network of computers, disabled is better and stops information
869 │ # leakage of local lan information.
870 │ # unblock-lan-zones: no
871 │
872 │ # The insecure-lan-zones option disables validation for
873 │ # these zones, as if they were all listed as domain-insecure.
874 │ # insecure-lan-zones: no
875 │
876 │ # a number of locally served zones can be configured.
877 │ # local-zone: <zone> <type>
878 │ # local-data: "<resource record string>"
879 │ # o deny serves local data (if any), else, drops queries.
880 │ # o refuse serves local data (if any), else, replies with error.
881 │ # o static serves local data, else, nxdomain or nodata answer.
882 │ # o transparent gives local data, but resolves normally for other names
883 │ # o redirect serves the zone data for any subdomain in the zone.
884 │ # o nodefault can be used to normally resolve AS112 zones.
885 │ # o typetransparent resolves normally for other types and other names
886 │ # o inform acts like transparent, but logs client IP address
887 │ # o inform_deny drops queries and logs client IP address
888 │ # o inform_redirect redirects queries and logs client IP address
889 │ # o always_transparent, always_refuse, always_nxdomain, always_nodata,
890 │ # always_deny resolve in that way but ignore local data for
891 │ # that name
892 │ # o block_a resolves all records normally but returns
893 │ # NODATA for A queries and ignores local data for that name
894 │ # o always_null returns 0.0.0.0 or ::0 for any name in the zone.
895 │ # o noview breaks out of that view towards global local-zones.
896 │ #
897 │ # defaults are localhost address, reverse for 127.0.0.1 and ::1
898 │ # and nxdomain for AS112 zones. If you configure one of these zones
899 │ # the default content is omitted, or you can omit it with 'nodefault'.
900 │ #
901 │ # If you configure local-data without specifying local-zone, by
902 │ # default a transparent local-zone is created for the data.
903 │ #
904 │ # You can add locally served data with
905 │ # local-zone: "local." static
906 │ # local-data: "mycomputer.local. IN A 192.0.2.51"
907 │ # local-data: 'mytext.local TXT "content of text record"'
908 │ #
909 │ # You can override certain queries with
910 │ # local-data: "adserver.example.com A 127.0.0.1"
911 │ #
912 │ # You can redirect a domain to a fixed address with
913 │ # (this makes example.com, www.example.com, etc, all go to 192.0.2.3)
914 │ # local-zone: "example.com" redirect
915 │ # local-data: "example.com A 192.0.2.3"
916 │ #
917 │ # Shorthand to make PTR records, "IPv4 name" or "IPv6 name".
918 │ # You can also add PTR records using local-data directly, but then
919 │ # you need to do the reverse notation yourself.
920 │ # local-data-ptr: "192.0.2.3 www.example.com"
921 │
922 │ # tag a localzone with a list of tag names (in "" with spaces between)
923 │ # local-zone-tag: "example.com" "tag2 tag3"
924 │
925 │ # add a netblock specific override to a localzone, with zone type
926 │ # local-zone-override: "example.com" 192.0.2.0/24 refuse
927 │
928 │ # service clients over TLS (on the TCP sockets) with plain DNS inside
929 │ # the TLS stream, and over HTTPS using HTTP/2 as specified in RFC8484.
930 │ # Give the certificate to use and private key.
931 │ # default is "" (disabled). requires restart to take effect.
932 │ # tls-service-key: "path/to/privatekeyfile.key"
933 │ # tls-service-pem: "path/to/publiccertfile.pem"
934 │ # tls-port: 853
935 │ # https-port: 443
936 │ # quic-port: 853
937 │
938 │ # cipher setting for TLSv1.2
939 │ # tls-ciphers: "DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256"
940 │ # cipher setting for TLSv1.3
941 │ # tls-ciphersuites: "TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_AES_128_CCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"
942 │
943 │ # Pad responses to padded queries received over TLS
944 │ # pad-responses: yes
945 │
946 │ # Padded responses will be padded to the closest multiple of this size.
947 │ # pad-responses-block-size: 468
948 │
949 │ # Use the SNI extension for TLS connections. Default is yes.
950 │ # Changing the value requires a reload.
951 │ # tls-use-sni: yes
952 │
953 │ # Add the secret file for TLS Session Ticket.
954 │ # Secret file must be 80 bytes of random data.
955 │ # First key use to encrypt and decrypt TLS session tickets.
956 │ # Other keys use to decrypt only.
957 │ # requires restart to take effect.
958 │ # tls-session-ticket-keys: "path/to/secret_file1"
959 │ # tls-session-ticket-keys: "path/to/secret_file2"
960 │
961 │ # request upstream over TLS (with plain DNS inside the TLS stream).
962 │ # Default is no. Can be turned on and off with unbound-control.
963 │ # tls-upstream: no
964 │
965 │ # Certificates used to authenticate connections made upstream.
966 │ # tls-cert-bundle: ""
967 │
968 │ # Add system certs to the cert bundle, from the Windows Cert Store
969 │ # tls-win-cert: no
970 │ # and on other systems, the default openssl certificates
971 │ # tls-system-cert: no
972 │
973 │ # Pad queries over TLS upstreams
974 │ # pad-queries: yes
975 │
976 │ # Padded queries will be padded to the closest multiple of this size.
977 │ # pad-queries-block-size: 128
978 │
979 │ # Also serve tls on these port numbers (eg. 443, ...), by listing
980 │ # tls-additional-port: portno for each of the port numbers.
981 │
982 │ # HTTP endpoint to provide DNS-over-HTTPS service on.
983 │ # http-endpoint: "/dns-query"
984 │
985 │ # HTTP/2 SETTINGS_MAX_CONCURRENT_STREAMS value to use.
986 │ # http-max-streams: 100
987 │
988 │ # Maximum number of bytes used for all HTTP/2 query buffers.
989 │ # http-query-buffer-size: 4m
990 │
991 │ # Maximum number of bytes used for all HTTP/2 response buffers.
992 │ # http-response-buffer-size: 4m
993 │
994 │ # Set TCP_NODELAY socket option on sockets used for DNS-over-HTTPS
995 │ # service.
996 │ # http-nodelay: yes
997 │
998 │ # Disable TLS for DNS-over-HTTP downstream service.
999 │ # http-notls-downstream: no
1000 │
1001 │ # Maximum number of bytes used for QUIC buffers.
1002 │ # quic-size: 8m
1003 │
1004 │ # The interfaces that use these listed port numbers will support and
1005 │ # expect PROXYv2. For UDP and TCP/TLS interfaces.
1006 │ # proxy-protocol-port: portno for each of the port numbers.
1007 │
1008 │ # DNS64 prefix. Must be specified when DNS64 is use.
1009 │ # Enable dns64 in module-config. Used to synthesize IPv6 from IPv4.
1010 │ # dns64-prefix: 64:ff9b::0/96
1011 │
1012 │ # DNS64 ignore AAAA records for these domains and use A instead.
1013 │ # dns64-ignore-aaaa: "example.com"
1014 │
1015 │ # ratelimit for uncached, new queries, this limits recursion effort.
1016 │ # ratelimiting is experimental, and may help against randomqueryflood.
1017 │ # if 0(default) it is disabled, otherwise state qps allowed per zone.
1018 │ # ratelimit: 0
1019 │
1020 │ # ratelimits are tracked in a cache, size in bytes of cache (or k,m).
1021 │ # ratelimit-size: 4m
1022 │ # ratelimit cache slabs, reduces lock contention if equal to cpucount.
1023 │ # ratelimit-slabs: 4
1024 │
1025 │ # 0 blocks when ratelimited, otherwise let 1/xth traffic through
1026 │ # ratelimit-factor: 10
1027 │
1028 │ # Aggressive rate limit when the limit is reached and until demand has
1029 │ # decreased in a 2 second rate window.
1030 │ # ratelimit-backoff: no
1031 │
1032 │ # override the ratelimit for a specific domain name.
1033 │ # give this setting multiple times to have multiple overrides.
1034 │ # ratelimit-for-domain: example.com 1000
1035 │ # override the ratelimits for all domains below a domain name
1036 │ # can give this multiple times, the name closest to the zone is used.
1037 │ # ratelimit-below-domain: com 1000
1038 │
1039 │ # global query ratelimit for all ip addresses.
1040 │ # feature is experimental.
1041 │ # if 0(default) it is disabled, otherwise states qps allowed per ip address
1042 │ # ip-ratelimit: 0
1043 │
1044 │ # global query ratelimit for all ip addresses with a valid DNS Cookie.
1045 │ # feature is experimental.
1046 │ # if 0(default) it is disabled, otherwise states qps allowed per ip address
1047 │ # useful in combination with 'allow_cookie'.
1048 │ # If used, suggested to be higher than ip-ratelimit, tenfold.
1049 │ # ip-ratelimit-cookie: 0
1050 │
1051 │ # ip ratelimits are tracked in a cache, size in bytes of cache (or k,m).
1052 │ # ip-ratelimit-size: 4m
1053 │ # ip ratelimit cache slabs, reduces lock contention if equal to cpucount.
1054 │ # ip-ratelimit-slabs: 4
1055 │
1056 │ # 0 blocks when ip is ratelimited, otherwise let 1/xth traffic through
1057 │ # ip-ratelimit-factor: 10
1058 │
1059 │ # Aggressive rate limit when the limit is reached and until demand has
1060 │ # decreased in a 2 second rate window.
1061 │ # ip-ratelimit-backoff: no
1062 │
1063 │ # Limit the number of connections simultaneous from a netblock
1064 │ # tcp-connection-limit: 192.0.2.0/24 12
1065 │
1066 │ # select from the fastest servers this many times out of 1000. 0 means
1067 │ # the fast server select is disabled. prefetches are not sped up.
1068 │ # fast-server-permil: 0
1069 │ # the number of servers that will be used in the fast server selection.
1070 │ # fast-server-num: 3
1071 │
1072 │ # reply to requests containing DNS Cookies as specified in RFC 7873 and RFC 9018.
1073 │ # answer-cookie: no
1074 │
1075 │ # secret for DNS Cookie generation.
1076 │ # useful for anycast deployments.
1077 │ # example value "000102030405060708090a0b0c0d0e0f".
1078 │ # cookie-secret: <128 bit random hex string>
1079 │
1080 │ # File with cookie secrets, the 'cookie-secret:' option is ignored
1081 │ # and the file can be managed to have staging and active secrets
1082 │ # with remote control commands. Disabled with "". Default is "".
1083 │ # cookie-secret-file: "/usr/local/etc/unbound_cookiesecrets.txt"
1084 │
1085 │ # Enable to attach Extended DNS Error codes (RFC8914) to responses.
1086 │ # ede: no
1087 │
1088 │ # Enable to attach an Extended DNS Error (RFC8914) Code 3 - Stale
1089 │ # Answer as EDNS0 option to expired responses.
1090 │ # Note that the ede option above needs to be enabled for this to work.
1091 │ # ede-serve-expired: no
1092 │
1093 │ # Enable DNS Error Reporting (RFC9567).
1094 │ # qname-minimisation is advised to be turned on as well to increase
1095 │ # privacy on the outgoing reports.
1096 │ # dns-error-reporting: no
1097 │
1098 │ # Specific options for ipsecmod. Unbound needs to be configured with
1099 │ # --enable-ipsecmod for these to take effect.
1100 │ #
1101 │ # Enable or disable ipsecmod (it still needs to be defined in
1102 │ # module-config above). Can be used when ipsecmod needs to be
1103 │ # enabled/disabled via remote-control(below).
1104 │ # ipsecmod-enabled: yes
1105 │ #
1106 │ # Path to executable external hook. It must be defined when ipsecmod is
1107 │ # listed in module-config (above).
1108 │ # ipsecmod-hook: "./my_executable"
1109 │ #
1110 │ # When enabled Unbound will reply with SERVFAIL if the return value of
1111 │ # the ipsecmod-hook is not 0.
1112 │ # ipsecmod-strict: no
1113 │ #
1114 │ # Maximum time to live (TTL) for cached A/AAAA records with IPSECKEY.
1115 │ # ipsecmod-max-ttl: 3600
1116 │ #
1117 │ # Reply with A/AAAA even if the relevant IPSECKEY is bogus. Mainly used for
1118 │ # testing.
1119 │ # ipsecmod-ignore-bogus: no
1120 │ #
1121 │ # Domains for which ipsecmod will be triggered. If not defined (default)
1122 │ # all domains are treated as being allowed.
1123 │ # ipsecmod-allow: "example.com"
1124 │ # ipsecmod-allow: "nlnetlabs.nl"
1125 │
1126 │ # Timeout for REUSE entries in milliseconds.
1127 │ # tcp-reuse-timeout: 60000
1128 │ # Max number of queries on a reuse connection.
1129 │ # max-reuse-tcp-queries: 200
1130 │ # Timeout in milliseconds for TCP queries to auth servers.
1131 │ # tcp-auth-query-timeout: 3000
1132 │
1133 │
1134 │ # Python config section. To enable:
1135 │ # o use --with-pythonmodule to configure before compiling.
1136 │ # o list python in the module-config string (above) to enable.
1137 │ # It can be at the start, it gets validated results, or just before
1138 │ # the iterator and process before DNSSEC validation.
1139 │ # o and give a python-script to run.
1140 │ python:
1141 │ # Script file to load
1142 │ # python-script: "/etc/unbound/ubmodule-tst.py"
1143 │
1144 │ # Dynamic library config section. To enable:
1145 │ # o use --with-dynlibmodule to configure before compiling.
1146 │ # o list dynlib in the module-config string (above) to enable.
1147 │ # It can be placed anywhere, the dynlib module is only a very thin wrapper
1148 │ # to load modules dynamically.
1149 │ # o and give a dynlib-file to run. If more than one dynlib entry is listed in
1150 │ # the module-config then you need one dynlib-file per instance.
1151 │ dynlib:
1152 │ # Script file to load
1153 │ # dynlib-file: "/etc/unbound/dynlib.so"
1154 │
1155 │ # Remote control config section.
1156 │ remote-control:
1157 │ # Enable remote control with unbound-control(8) here.
1158 │ # set up the keys and certificates with unbound-control-setup.
1159 │ # control-enable: no
1160 │
1161 │ # what interfaces are listened to for remote control.
1162 │ # give 0.0.0.0 and ::0 to listen to all interfaces.
1163 │ # set to an absolute path to use a unix local name pipe, certificates
1164 │ # are not used for that, so key and cert files need not be present.
1165 │ # control-interface: 127.0.0.1
1166 │ # control-interface: ::1
1167 │
1168 │ # port number for remote control operations.
1169 │ # control-port: 8953
1170 │
1171 │ # for localhost, you can disable use of TLS by setting this to "no"
1172 │ # For local sockets this option is ignored, and TLS is not used.
1173 │ # control-use-cert: "yes"
1174 │
1175 │ # Unbound server key file.
1176 │ # server-key-file: "/etc/unbound/unbound_server.key"
1177 │
1178 │ # Unbound server certificate file.
1179 │ # server-cert-file: "/etc/unbound/unbound_server.pem"
1180 │
1181 │ # unbound-control key file.
1182 │ # control-key-file: "/etc/unbound/unbound_control.key"
1183 │
1184 │ # unbound-control certificate file.
1185 │ # control-cert-file: "/etc/unbound/unbound_control.pem"
1186 │
1187 │ # Stub zones.
1188 │ # Create entries like below, to make all queries for 'example.com' and
1189 │ # 'example.org' go to the given list of nameservers. list zero or more
1190 │ # nameservers by hostname or by ipaddress. If you set stub-prime to yes,
1191 │ # the list is treated as priming hints (default is no).
1192 │ # With stub-first yes, it attempts without the stub if it fails.
1193 │ # Consider adding domain-insecure: name and local-zone: name nodefault
1194 │ # to the server: section if the stub is a locally served zone.
1195 │ # stub-zone:
1196 │ # name: "example.com"
1197 │ # stub-addr: 192.0.2.68
1198 │ # stub-prime: no
1199 │ # stub-first: no
1200 │ # stub-tcp-upstream: no
1201 │ # stub-tls-upstream: no
1202 │ # stub-no-cache: no
1203 │ # stub-zone:
1204 │ # name: "example.org"
1205 │ # stub-host: ns.example.com.
1206 │
1207 │ # Forward zones
1208 │ # Create entries like below, to make all queries for 'example.com' and
1209 │ # 'example.org' go to the given list of servers. These servers have to handle
1210 │ # recursion to other nameservers. List zero or more nameservers by hostname
1211 │ # or by ipaddress. Use an entry with name "." to forward all queries.
1212 │ # If you enable forward-first, it attempts without the forward if it fails.
1213 │ # forward-zone:
1214 │ # name: "example.com"
1215 │ # forward-addr: 192.0.2.68
1216 │ # forward-addr: 192.0.2.73@5355 # forward to port 5355.
1217 │ # forward-first: no
1218 │ # forward-tcp-upstream: no
1219 │ # forward-tls-upstream: no
1220 │ # forward-no-cache: no
1221 │ # forward-zone:
1222 │ # name: "example.org"
1223 │ # forward-host: fwd.example.com
1224 │
1225 │ # Authority zones
1226 │ # The data for these zones is kept locally, from a file or downloaded.
1227 │ # The data can be served to downstream clients, or used instead of the
1228 │ # upstream (which saves a lookup to the upstream). The first example
1229 │ # has a copy of the root for local usage. The second serves example.org
1230 │ # authoritatively. zonefile: reads from file (and writes to it if you also
1231 │ # download it), primary: fetches with AXFR and IXFR, or url to zonefile.
1232 │ # With allow-notify: you can give additional (apart from primaries and urls)
1233 │ # sources of notifies.
1234 │ # auth-zone:
1235 │ # name: "."
1236 │ # primary: 170.247.170.2 # b.root-servers.net
1237 │ # primary: 192.33.4.12 # c.root-servers.net
1238 │ # primary: 199.7.91.13 # d.root-servers.net
1239 │ # primary: 192.5.5.241 # f.root-servers.net
1240 │ # primary: 192.112.36.4 # g.root-servers.net
1241 │ # primary: 193.0.14.129 # k.root-servers.net
1242 │ # primary: 192.0.47.132 # xfr.cjr.dns.icann.org
1243 │ # primary: 192.0.32.132 # xfr.lax.dns.icann.org
1244 │ # primary: 2801:1b8:10::b # b.root-servers.net
1245 │ # primary: 2001:500:2::c # c.root-servers.net
1246 │ # primary: 2001:500:2d::d # d.root-servers.net
1247 │ # primary: 2001:500:2f::f # f.root-servers.net
1248 │ # primary: 2001:500:12::d0d # g.root-servers.net
1249 │ # primary: 2001:7fd::1 # k.root-servers.net
1250 │ # primary: 2620:0:2830:202::132 # xfr.cjr.dns.icann.org
1251 │ # primary: 2620:0:2d0:202::132 # xfr.lax.dns.icann.org
1252 │ # fallback-enabled: yes
1253 │ # for-downstream: no
1254 │ # for-upstream: yes
1255 │ # auth-zone:
1256 │ # name: "example.org"
1257 │ # for-downstream: yes
1246 │ # primary: 2001:500:2d::d # d.root-servers.net
1247 │ # primary: 2001:500:2f::f # f.root-servers.net
1248 │ # primary: 2001:500:12::d0d # g.root-servers.net
1249 │ # primary: 2001:7fd::1 # k.root-servers.net
1250 │ # primary: 2620:0:2830:202::132 # xfr.cjr.dns.icann.org
1251 │ # primary: 2620:0:2d0:202::132 # xfr.lax.dns.icann.org
1252 │ # fallback-enabled: yes
1253 │ # for-downstream: no
1254 │ # for-upstream: yes
1255 │ # auth-zone:
1256 │ # name: "example.org"
1257 │ # for-downstream: yes
1258 │ # for-upstream: yes
1259 │ # zonemd-check: no
1260 │ # zonemd-reject-absence: no
1261 │ # zonefile: "example.org.zone"
1262 │
1263 │ # Views
1264 │ # Create named views. Name must be unique. Map views to requests using
1265 │ # the access-control-view option. Views can contain zero or more local-zone
1266 │ # and local-data options. Options from matching views will override global
1267 │ # options. Global options will be used if no matching view is found.
1268 │ # With view-first yes, it will try to answer using the global local-zone and
1269 │ # local-data elements if there is no view specific match.
1270 │ # view:
1271 │ # name: "viewname"
1272 │ # local-zone: "example.com" redirect
1273 │ # local-data: "example.com A 192.0.2.3"
1274 │ # local-data-ptr: "192.0.2.3 www.example.com"
1275 │ # view-first: no
1276 │ # view:
1277 │ # name: "anotherview"
1278 │ # local-zone: "example.com" refuse
1279 │
1280 │ # DNSCrypt
1281 │ # To enable, use --enable-dnscrypt to configure before compiling.
1282 │ # Caveats:
1283 │ # 1. the keys/certs cannot be produced by Unbound. You can use dnscrypt-wrapper
1284 │ # for this: https://github.com/cofyc/dnscrypt-wrapper/blob/master/README.md#usage
1285 │ # 2. dnscrypt channel attaches to an interface. you MUST set interfaces to
1286 │ # listen on `dnscrypt-port` with the follo0wing snippet:
1287 │ # server:
1288 │ # interface: 0.0.0.0@443
1289 │ # interface: ::0@443
1290 │ #
1291 │ # Finally, `dnscrypt` config has its own section.
1292 │ # dnscrypt:
1293 │ # dnscrypt-enable: yes
1294 │ # dnscrypt-port: 443
1295 │ # dnscrypt-provider: 2.dnscrypt-cert.example.com.
1296 │ # dnscrypt-secret-key: /path/unbound-conf/keys1/1.key
1297 │ # dnscrypt-secret-key: /path/unbound-conf/keys2/1.key
1298 │ # dnscrypt-provider-cert: /path/unbound-conf/keys1/1.cert
1299 │ # dnscrypt-provider-cert: /path/unbound-conf/keys2/1.cert
1300 │
1301 │ # CacheDB
1302 │ # External backend DB as auxiliary cache.
1303 │ # To enable, use --enable-cachedb to configure before compiling.
1304 │ # Specify the backend name
1305 │ # (default is "testframe", which has no use other than for debugging and
1306 │ # testing) and backend-specific options. The 'cachedb' module must be
1307 │ # included in module-config, just before the iterator module.
1308 │ # cachedb:
1309 │ # backend: "testframe"
1310 │ # # secret seed string to calculate hashed keys
1311 │ # secret-seed: "default"
1312 │ # # if the backend should be read from, but not written to.
1313 │ # cachedb-no-store: no
1314 │ # # if the cachedb should be checked before a serve-expired response is
1315 │ # # given, when serve-expired is enabled.
1316 │ # cachedb-check-when-serve-expired: yes
1317 │ #
1318 │ # # For "redis" backend:
1319 │ # # (to enable, use --with-libhiredis to configure before compiling)
1320 │ # # redis server's IP address or host name
1321 │ # redis-server-host: 127.0.0.1
1322 │ # # redis server's TCP port
1323 │ # redis-server-port: 6379
1324 │ # # if the server uses a unix socket, set its path, or "" when not used.
1325 │ # redis-server-path: "/var/lib/redis/redis-server.sock"
1326 │ # # if the server uses an AUTH password, specify here, or "" when not used.
1327 │ # redis-server-password: ""
1328 │ # # timeout (in ms) for communication with the redis server
1329 │ # redis-timeout: 100
1330 │ # # timeout (in ms) for commands, if 0, uses redis-timeout.
1331 │ # redis-command-timeout: 0
1332 │ # # timeout (in ms) for connection set up, if 0, uses redis-timeout.
1333 │ # redis-connect-timeout: 0
1334 │ # # set timeout on redis records based on DNS response TTL
1335 │ # redis-expire-records: no
1336 │ # # redis logical database to use, 0 is the default database.
1337 │ # redis-logical-db: 0
1338 │ # # redis replica server's IP address or host name
1339 │ # redis-replica-server-host: 127.0.0.1
1340 │ # # redis replica server's TCP port
1341 │ # redis-replica-server-port: 6379
1342 │ # # if the replica server uses a unix socket, set its path, or "" when not used.
1343 │ # redis-replica-server-path: "/var/lib/redis/redis-server.sock"
1344 │ # # if the replica server uses an AUTH password, specify here, or "" when not used.
1345 │ # redis-replica-server-password: ""
1346 │ # # timeout (in ms) for communication with the redis replica server
1347 │ # redis-replica-timeout: 100
1348 │ # # timeout (in ms) for redis replica commands, if 0, uses redis-replica-timeout.
1349 │ # redis-replica-command-timeout: 0
1350 │ # # timeout (in ms) for redis replica connection set up, if 0, uses redis-replica-timeout.
1351 │ # redis-replica-connect-timeout: 0
1352 │ # # redis logical database to use for the replica server, 0 is the default database.
1353 │ # redis-replica-logical-db: 0
1354 │
1355 │ # IPSet
1356 │ # Add specify domain into set via ipset.
1357 │ # To enable:
1358 │ # o use --enable-ipset to configure before compiling;
1359 │ # o Unbound then needs to run as root user.
1360 │ # ipset:
1361 │ # # set name for ip v4 addresses
1362 │ # name-v4: "list-v4"
1363 │ # # set name for ip v6 addresses
1364 │ # name-v6: "list-v6"
1365 │ #
1366 │
1367 │ # Dnstap logging support, if compiled in by using --enable-dnstap to configure.
1368 │ # To enable, set the dnstap-enable to yes and also some of
1369 │ # dnstap-log-..-messages to yes. And select an upstream log destination, by
1370 │ # socket path, TCP or TLS destination.
1371 │ # dnstap:
1372 │ # dnstap-enable: no
1373 │ # # if set to yes frame streams will be used in bidirectional mode
1374 │ # dnstap-bidirectional: yes
1375 │ # dnstap-socket-path: "/etc/unbound/dnstap.sock"
1376 │ # # if "" use the unix socket in dnstap-socket-path, otherwise,
1377 │ # # set it to "IPaddress[@port]" of the destination.
1378 │ # dnstap-ip: ""
1379 │ # # if set to yes if you want to use TLS to dnstap-ip, no for TCP.
1380 │ # dnstap-tls: yes
1381 │ # # name for authenticating the upstream server. or "" disabled.
1382 │ # dnstap-tls-server-name: ""
1383 │ # # if "", it uses the cert bundle from the main Unbound config.
1384 │ # dnstap-tls-cert-bundle: ""
1385 │ # # key file for client authentication, or "" disabled.
1386 │ # dnstap-tls-client-key-file: ""
1387 │ # # cert file for client authentication, or "" disabled.
1388 │ # dnstap-tls-client-cert-file: ""
1389 │ # dnstap-send-identity: no
1390 │ # dnstap-send-version: no
1391 │ # # if "" it uses the hostname.
1392 │ # dnstap-identity: ""
1393 │ # # if "" it uses the package version.
1394 │ # dnstap-version: ""
1395 │ # # log only 1/N messages, if 0 it is disabled. default 0.
1396 │ # dnstap-sample-rate: 0
1397 │ # dnstap-log-resolver-query-messages: no
1398 │ # dnstap-log-resolver-response-messages: no
1399 │ # dnstap-log-client-query-messages: no
1400 │ # dnstap-log-client-response-messages: no
1401 │ # dnstap-log-forwarder-query-messages: no
1402 │ # dnstap-log-forwarder-response-messages: no
1403 │
1404 │ # Response Policy Zones
1405 │ # RPZ policies. Applied in order of configuration. Any match from an earlier
1406 │ # RPZ zone will terminate the RPZ lookup. QNAME, Response IP
1407 │ # Address, nsdname, nsip and clientip triggers are supported. Supported
1408 │ # actions are: NXDOMAIN, NODATA, PASSTHRU, DROP, Local Data, tcp-only
1409 │ # and drop. Policies can be loaded from a file, or using zone
1410 │ # transfer, or using HTTP. The respip module needs to be added
1411 │ # to the module-config, e.g.: module-config: "respip validator iterator".
1412 │ # rpz:
1413 │ # name: "rpz.example.com"
1414 │ # zonefile: "rpz.example.com"
1415 │ # primary: 192.0.2.0
1416 │ # allow-notify: 192.0.2.0/32
1417 │ # url: http://www.example.com/rpz.example.org.zone
1418 │ # rpz-action-override: cname
1419 │ # rpz-cname-override: www.example.org
1420 │ # rpz-log: yes
1421 │ # rpz-log-name: "example policy"
1422 │ # rpz-signal-nxdomain-ra: no
1423 │ # for-downstream: no
1424 │ # tags: "example"
─────┴───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Wir werden nun die relavanten Einträge von Oben nach unten in der Konfigurationsdatei Schritt für Schritt unseren Bedürnissen nach anpassen. Dazu öffnen wir die Datei mit dem editor unserer Wahl.
# vim /etc/unbound.unbound.conf
interface
Zunächst definieren wir, auf welchen Netzwerkinterfaces bzw. IP-Adressen der Resolver DNS-Anfragen entgegennehmen soll.
interface: fd00::7:10:0:10:110 interface: 10.0.10.110 interface: fd00::3:10:0:0:110 interface: 10.0.0.110
interface-action
Dann definieren wir, welche Schnittstellen (rekursive) Abfragen für diesen Server akzeptieren dürfen. Die angegebenen Schnittstellen sollten mit denen übereinstimmen, die unter „interface:“ angegeben sind, gefolgt von der Aktion.
interface-action: fd00:0:0:7:10:0:10:110 allow interface-action: 10.0.10.110 allow interface-action: fd00:0:0:3:10:0:0:110 allow interface-action: 10.0.0.110 allow
prefer-ip6
Diesen Wert setzen wir auf yes, da wir IPv6 bei den Upstream-Server gegenüber IPv4 zu bevorzugen wollen.
prefer-ip6: yes
root-hints
Hier definieren wir, wo die Datei mit den Adressen der 13-Root-Nameserver, welche wir im DNS-Rootserver - root.hints angelegt hatten, zu finden ist.
root-hints: "/etc/unbound/root.hints"
hide-identity
Anfragen bzgl der id.server und hostname.bind verbergen.
hide-identity: yes
hide-version
Auch Anfragen bzgl. der version.server und version.bind lassen wir unbeantwortet.
hide-version: yes
do-not-query-localhost
Zum Testen und debuggen lassen wir Anfragen zu localhost zu.
do-not-query-localhost: no
auto-trust-anchor-file
Die DNSSEC-Validierung wird nur durchgeführt, wenn der abgefragte DNS-Server dies unterstützt. Wenn allgemeine Weiterleitungsabfragen an DNS-Server gerichtet wurden, die DNSSEC nicht unterstützen, sollten deren Antworten, unabhängig davon, wie sie ausfallen, als unsicher betrachtet werden, da keine DNSSEC-Validierung durchgeführt werden konnte. Damit nun die DNSSEC-Validierung gegenüber unserem hidden master erfolgreich validiert werden können, definieren wir hier wo unser Resolver das betreffende Schlüsselmaterial, welches wir im Absachnitt DNSSEC-Schlüsselmaterial des hidden-master DNS-Daemon kopiert hatten, vorfinden und aktualisieren kann. Diese Dateien mit vertrauenswürdigen Schlüsseln, die mit Hilfe von RFC5011-Probes auf dem neuesten Stand gehalten werden, speichern dann auch die nötigen Metadaten.
auto-trust-anchor-file: "/etc/unbound/keys/Kintra.nausch.org.+013+60679.key" auto-trust-anchor-file: "/etc/unbound/keys/K10.0.10.in-addr.arpa.+013+34902.key" auto-trust-anchor-file: "/etc/unbound/keys/K7.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa.+013+31560.key" auto-trust-anchor-file: "/etc/unbound/keys/Kidmz.nausch.org.+013+46346.key" auto-trust-anchor-file: "/etc/unbound/keys/K0.0.10.in-addr.arpa.+013+06101.key" auto-trust-anchor-file: "/etc/unbound/keys/K3.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa.+013+35476.key" auto-trust-anchor-file: "/etc/unbound/keys/Kedmz.nausch.org.+013+09230.key" auto-trust-anchor-file: "/etc/unbound/keys/K2.17.172.in-addr.arpa.+013+47194.key" auto-trust-anchor-file: "/etc/unbound/keys/K0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa.+013+06001.key" auto-trust-anchor-file: "/etc/unbound/keys/Knausch.org.+013+08020.key" auto-trust-anchor-file: "/etc/unbound/keys/K13.92.217.in-addr.arpa.+013+07117.key" auto-trust-anchor-file: "/etc/unbound/keys/Kebersberger-liedersammlung.de.+013+26039.key" auto-trust-anchor-file: "/etc/unbound/keys/Komni128.de.+013+29371.key" auto-trust-anchor-file: "/etc/unbound/keys/Kwetterstation-pliening.info.+013+03760.key"
trusted-keys-file
Datei bzw Dateien mit vertrauenswürdigen Schlüsseln zur Validierung. Dies ist ähnlich wie trust-anchor-file, jedoch mit einem anderen Dateiformat. Das Format entspricht dem BIND-9-Stil, wobei die Klauseln trusted-keys { name flag proto algo „key“; }; gelesen werden.
trusted-keys-file: "/etc/unbound/keys/*.key"
domain-insecure
Damit auch eine forward Anfrage nach localhost und eine reverse Anfrage nach 127.0.0.1 bzw ::1 erfolgreich beantwortet werden können, ist es notwendig diese von den DNSSec gesicherten Zonen auszunehmen.
domain-insecure: "localhost." domain-insecure: "1.0.0.127.in-addr.arpa." domain-insecure: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa."
local-zone
Standardmäßig ist für eine Reihe von Zonen eine kleine Standardantwort „nothing here“ integriert und somit die Abfrage blockiert. Da wir aber explizit solche Zone bedienen wollen müssen wir diese entsprechend definieren |ausnehmen. Da wir für unsere eignen Zonen unseren hidden master befragen wollen und dies sowohl für die vorwärts wie auch rückwärts Anfragen, müssen wir diese hier explizit angeben und mit der Option transparent angeben.
local-zone: "localhost." nodefault local-zone: "127.in-addr.arpa." nodefault local-zone: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." nodefault local-zone: "10.in-addr.arpa." transparent local-zone: "2.17.172.in-addr.arpa." transparent local-zone: "0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa." transparent local-zone: "3.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa." transparent local-zone: "7.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa." transparent local-zone: "13.92.217.in-addr.arpa." transparent #local-zone: "d.0.e.0.a.0.0.0.3.0.0.2.ip6.arpa." transparent
forward-zone
Hier definieren wir nun spezielle Forward-Zonen, bei der bestimmte Netzte vorwärts bzw. rückwärts aufgelöst werden sollen und welcher Ziel-Nameserver hierzu anzusprechen ist.
forward-zone:
name: "localhost"
forward-addr: ::1
forward-zone:
name: "1.0.0.127.in-addr.arpa"
forward-addr: ::1
forward-zone:
name: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
forward-addr: ::1
forward-zone:
name: "intra.nausch.org"
forward-addr: ::1
forward-zone:
name: "10.0.10.in-addr.arpa"
forward-addr: ::1
forward-zone:
name: "7.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa"
forward-addr: ::1
forward-zone:
name: "idmz.nausch.org"
forward-addr: ::1
forward-zone:
name: "0.0.10.in-addr.arpa"
forward-addr: ::1
forward-zone:
name: "3.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa"
forward-addr: ::1
forward-zone:
name: "edmz.nausch.org"
forward-addr: ::1
forward-zone:
name: "2.17.172.in-addr.arpa"
forward-addr: ::1
forward-zone:
name: "0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa"
forward-addr: ::1
forward-zone:
name: "nausch.org"
forward-addr: ::1
forward-zone:
name: "13.92.217.in-addr.arpa"
forward-addr: ::1
#forward-zone:
# name: "d.0.e.0.a.0.0.0.3.0.0.2.ip6.arp"
# forward-addr: ::1
forward-zone:
name: "ebersberger-liedersammlung.de"
forward-addr: ::1
forward-zone:
name: "omni128.de"
forward-addr: ::1
forward-zone:
name: "wetterstation-pliening.info"
forward-addr: ::1
control-enable
Hier wird definiert, ob Unbound Remote Control aktiviert werden soll?
control-enable: yes
control-interface
Definition der Schnittstelle(n) auf welchen Unbound Remote Control bedient werden soll.
control-interface: ::1 control-interface: 127.0.0.1
control-port
Definition des Ports auf dem der Unbound Remote Control Service lauschen soll.
control-port: 8953
control-use-cert
Soll ein Zertifikat für remoite control verwendet werden?
control-use-cert: "yes"
server-key-file
Unbound Server Key-Datei.
server-key-file: "/etc/unbound/unbound_server.key"
server-cert-file
Unbound Server Zertifikats-Datei.
server-cert-file: "/etc/unbound/unbound_server.pem"
control-key-file
Unbound-control Schlüssel-Datei.
control-key-file: "/etc/unbound/unbound_control.key"
control-cert-file
Unbound-control Zertifikatsdatei.
control-cert-file: "/etc/unbound/unbound_control.pem"
Somit haben wir nun alle für unseren Einsatz relevanten Optionen gesetzt. Eine Zusammenfassung aller Optionen ohne die Kommentare können wir mit Hilfe eines grep Befehls mit den Optionen -Ev uns ausgeben lassen.
# grep -Ev '(^#|^.*#|^$)' /etc/unbound/unbound.conf | bat
Ausgabe des Befehlsaufrufes bat unbound.conf
─────┬───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
│ STDIN ← grep -Ev '(^#|^.*#|^$)' /etc/unbound/unbound.conf
─────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
1 │ server:
2 │ interface: fd00::7:10:0:10:110
3 │ interface: 10.0.10.110
4 │ interface: fd00::3:10:0:0:110
5 │ interface: 10.0.0.110
6 │ prefer-ip6: yes
7 │ interface-action: fd00:0:0:7:10:0:10:110 allow
8 │ interface-action: 10.0.10.110 allow
9 │ interface-action: fd00:0:0:3:10:0:0:110 allow
10 │ interface-action: 10.0.0.110 allow
11 │ root-hints: "/etc/unbound/root.hints"
12 │ hide-identity: yes
13 │ hide-version: yes
14 │ do-not-query-localhost: no
15 │ auto-trust-anchor-file: "/etc/unbound/keys/Kintra.nausch.org.+013+60679.key"
16 │ auto-trust-anchor-file: "/etc/unbound/keys/K10.0.10.in-addr.arpa.+013+34902.key"
17 │ auto-trust-anchor-file: "/etc/unbound/keys/K7.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa.+013+31560.key"
18 │ auto-trust-anchor-file: "/etc/unbound/keys/Kidmz.nausch.org.+013+46346.key"
19 │ auto-trust-anchor-file: "/etc/unbound/keys/K0.0.10.in-addr.arpa.+013+06101.key"
20 │ auto-trust-anchor-file: "/etc/unbound/keys/K3.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa.+013+35476.key"
21 │ auto-trust-anchor-file: "/etc/unbound/keys/Kedmz.nausch.org.+013+09230.key"
22 │ auto-trust-anchor-file: "/etc/unbound/keys/K2.17.172.in-addr.arpa.+013+47194.key"
23 │ auto-trust-anchor-file: "/etc/unbound/keys/K0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa.+013+06001.key"
24 │ auto-trust-anchor-file: "/etc/unbound/keys/Knausch.org.+013+08020.key"
25 │ auto-trust-anchor-file: "/etc/unbound/keys/K13.92.217.in-addr.arpa.+013+07117.key"
26 │ auto-trust-anchor-file: "/etc/unbound/keys/Kebersberger-liedersammlung.de.+013+26039.key"
27 │ auto-trust-anchor-file: "/etc/unbound/keys/Komni128.de.+013+29371.key"
28 │ auto-trust-anchor-file: "/etc/unbound/keys/Kwetterstation-pliening.info.+013+03760.key"
29 │ trusted-keys-file: "/etc/unbound/keys/*.key"
30 │ domain-insecure: "localhost."
31 │ domain-insecure: "1.0.0.127.in-addr.arpa."
32 │ domain-insecure: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa."
33 │ local-zone: "localhost." nodefault
34 │ local-zone: "127.in-addr.arpa." nodefault
35 │ local-zone: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." nodefault
36 │ local-zone: "10.in-addr.arpa." transparent
37 │ local-zone: "2.17.172.in-addr.arpa." transparent
38 │ local-zone: "0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa." transparent
39 │ local-zone: "3.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa." transparent
40 │ local-zone: "7.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa." transparent
41 │ local-zone: "13.92.217.in-addr.arpa." transparent
42 │ python:
43 │ dynlib:
44 │ remote-control:
45 │ control-enable: yes
46 │ control-interface: ::1
47 │ control-interface: 127.0.0.1
48 │ control-port: 8953
49 │ control-use-cert: "yes"
50 │ server-key-file: "/etc/unbound/unbound_server.key"
51 │ server-cert-file: "/etc/unbound/unbound_server.pem"
52 │ control-key-file: "/etc/unbound/unbound_control.key"
53 │ control-cert-file: "/etc/unbound/unbound_control.pem"
54 │ forward-zone:
55 │ name: "localhost"
56 │ forward-addr: ::1
57 │ forward-zone:
58 │ name: "1.0.0.127.in-addr.arpa"
59 │ forward-addr: ::1
60 │ forward-zone:
61 │ name: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
62 │ forward-addr: ::1
63 │ forward-zone:
64 │ name: "intra.nausch.org"
65 │ forward-addr: ::1
66 │ forward-zone:
67 │ name: "10.0.10.in-addr.arpa"
68 │ forward-addr: ::1
69 │ forward-zone:
70 │ name: "7.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa"
71 │ forward-addr: ::1
72 │ forward-zone:
73 │ name: "idmz.nausch.org"
74 │ forward-addr: ::1
75 │ forward-zone:
76 │ name: "0.0.10.in-addr.arpa"
77 │ forward-addr: ::1
78 │ forward-zone:
79 │ name: "3.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa"
80 │ forward-addr: ::1
81 │ forward-zone:
82 │ name: "edmz.nausch.org"
83 │ forward-addr: ::1
84 │ forward-zone:
85 │ name: "2.17.172.in-addr.arpa"
86 │ forward-addr: ::1
87 │ forward-zone:
88 │ name: "0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa"
89 │ forward-addr: ::1
90 │ forward-zone:
91 │ name: "nausch.org"
92 │ forward-addr: ::1
93 │ forward-zone:
94 │ name: "13.92.217.in-addr.arpa"
95 │ forward-addr: ::1
96 │ forward-zone:
97 │ name: "ebersberger-liedersammlung.de"
98 │ forward-addr: ::1
99 │ forward-zone:
100 │ name: "omni128.de"
101 │ forward-addr: ::1
102 │ forward-zone:
103 │ name: "wetterstation-pliening.info"
104 │ forward-addr: ::1
─────┴───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Optimierung Netzwerk-Stack (Puffergröße)
Standardmäßig ist der Linux-Netzwerkstack nicht für die Übertragung großer Dateien mit hoher Geschwindigkeit über WAN-Verbindungen konfiguriert. Dies geschieht, um Speicherressourcen zu sparen. Die standardmäßigen maximalen TCP-Puffergrößen unter Linux kann unter Umständen viel zu klein sein, da der TCP-Speicher wird automatisch auf Basis des Systemspeichers berechnet. Ist der Send-/Receive-Buffer zu klein dimensioniert, tauchen im jourmnal beim Starten von unbound folgende Warnmeldungen auf:
Jan 27 21:29:48 vml000110 unbound[4987]: [1769545788] unbound[4987:0] warning: so-sndbuf 4194304 was not granted. Got 425984. To fix: start with root permissions(linux) or sysctl bigger net.core.wmem_max(linux) or kern.ipc.maxsockbuf(bsd) values. or set so-sndbuf: 0 (use system value). Jan 27 21:29:48 vml000110 unbound[4987]: [1769545788] unbound[4987:0] warning: so-sndbuf 4194304 was not granted. Got 425984. To fix: start with root permissions(linux) or sysctl bigger net.core.wmem_max(linux) or kern.ipc.maxsockbuf(bsd) values. or set so-sndbuf: 0 (use system value). Jan 27 21:29:48 vml000110 unbound[4987]: [1769545788] unbound[4987:0] warning: so-sndbuf 4194304 was not granted. Got 425984. To fix: start with root permissions(linux) or sysctl bigger net.core.wmem_max(linux) or kern.ipc.maxsockbuf(bsd) values. or set so-sndbuf: 0 (use system value). Jan 27 21:29:48 vml000110 unbound[4987]: [1769545788] unbound[4987:0] warning: so-sndbuf 4194304 was not granted. Got 425984. To fix: start with root permissions(linux) or sysctl bigger net.core.wmem_max(linux) or kern.ipc.maxsockbuf(bsd) values. or set so-sndbuf: 0 (use system value).
Wir müssen also den Speicher den der Netzwerkstack benutzen darf entsprechend anpassen. Hierzu legen wir uns folgende Datei an:
# vim /etc/sysctl.d/60-net-memory.conf
- /etc/sysctl.d/60-net-memory.conf
# Configure default and maximum amount for the receive socket memory. net.core.rmem_max=4194304 # Configure default and maximum amount for the send socket memory. net.core.wmem_max=4194304
Zum aktivieren der Änderung ohne Neustart des Systems verwenden wir folgenden Befehl.
# sysctl --system
Ausgabe des Befehlsaufrufes sysctl --system
* Applying /usr/lib/sysctl.d/10-arch.conf ... * Applying /usr/lib/sysctl.d/50-coredump.conf ... * Applying /usr/lib/sysctl.d/50-default.conf ... * Applying /usr/lib/sysctl.d/50-pid-max.conf ... * Applying /etc/sysctl.d/60-forwarding.conf ... * Applying /etc/sysctl.d/60-net-memory.conf ... fs.inotify.max_user_instances = 1024 fs.inotify.max_user_watches = 524288 vm.max_map_count = 1048576 net.ipv4.tcp_keepalive_time = 120 kernel.core_pattern = |/usr/lib/systemd/systemd-coredump %P %u %g %s %t %c %h %d %F kernel.core_pipe_limit = 16 fs.suid_dumpable = 2 kernel.sysrq = 16 kernel.core_uses_pid = 1 net.ipv4.conf.default.rp_filter = 2 net.ipv4.conf.lo.rp_filter = 2 net.ipv4.conf.net0.rp_filter = 2 net.ipv4.conf.net1.rp_filter = 2 net.ipv4.conf.default.accept_source_route = 0 net.ipv4.conf.lo.accept_source_route = 0 net.ipv4.conf.net0.accept_source_route = 0 net.ipv4.conf.net1.accept_source_route = 0 net.ipv4.conf.default.promote_secondaries = 1 net.ipv4.conf.lo.promote_secondaries = 1 net.ipv4.conf.net0.promote_secondaries = 1 net.ipv4.conf.net1.promote_secondaries = 1 net.ipv4.ping_group_range = 0 2147483647 net.core.default_qdisc = fq_codel fs.protected_hardlinks = 1 fs.protected_symlinks = 1 fs.protected_regular = 1 fs.protected_fifos = 1 kernel.pid_max = 4194304 net.ipv4.conf.all.forwarding = 1 net.ipv6.conf.all.forwarding = 1 net.core.rmem_max = 4194304 net.core.wmem_max = 4194304
Start des Daemon unbound
Prüfen der Konfigurationsdatei auf syntaktische Fehler.
Bevor wir nun das erste mal unseren unbound-Resolvewr-Daemon starten, prüfen wir noch, ob sich in unserer Konfiguirationsdatei irgendwelche syntaktischen Fehler oder fehlerhafte Definitionen eingeschlichen haben. Hierzu verwenden wir das Programm unbound-checkconf.
# unbound-checkconf /etc/unbound/unbound.conf
/etc/unbound/keys/Kwetterstation-pliening.info.+013+47591.key: No such file or directory [1769543476] unbound-checkconf[4443:0] fatal error: auto-trust-anchor-file: "/etc/unbound/keys/Kwetterstation-pliening.info.+013+47591.key" does not exist in chrootdir /etc/unbound
In diesem Beispiel bekommen wir den Hinweis, dass das definierte auto-trust-anchor-file: „/etc/unbound/keys/Kwetterstation-pliening.info.+013+47591.key“ nicht existiert.
Wir kopieren die fehlende Datei und starten dann anschließend noch einmal die Überprüfung der Konfigurationsdatei.
# unbound-checkconf /etc/unbound/unbound.conf
unbound-checkconf: no errors in /etc/unbound/unbound.conf
Nun sieht das schon viel besser aus und wir können uns daran machen den Rexolver das erste mal zu starten.
Mit nachfolgendem Befehl kann die syntaktische Richtigkeit der Konfigurationsdatei:
/etc/unbound/unbound.conf
durchgeführt werden und sollte keine Meldungen ausgeben, wenn die Konfigurationsdatei syntaktische richtig ist:
# /usr/sbin/unbound-checkconf /etc/unbound/unbound.conf unbound-checkconf: no errors in /etc/unbound/unbound.conf
Starten des unbound Daemon
Da die vorherigen Tests keinerlei Konfigurationsfehler aufzeigten, spricht nun nichts mehr dagegen unseren DNS-Daemon named zu starten.
# systemctl start unbound.service
Im Journal wir der Start entsprechend dokumentiert.
Protokollierung des unbound im journal
Jan 27 21:12:03 vml000110 systemd[1]: Started Validating, recursive, and caching DNS resolver. Jan 27 21:12:03 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-3a38.omni128.de. NULL IN Jan 27 21:12:03 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-c748.nausch.org. NULL IN Jan 27 21:12:03 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-9e24.13.92.217.in-addr.arpa. NULL IN Jan 27 21:12:03 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-759c.10.0.10.in-addr.arpa. NULL IN Jan 27 21:12:03 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-ee3a.0.0.10.in-addr.arpa. NULL IN Jan 27 21:12:03 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-7010.wetterstation-pliening.info. NULL IN Jan 27 21:12:03 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-2539.2.17.172.in-addr.arpa. NULL IN Jan 27 21:12:03 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-7438.idmz.nausch.org. NULL IN Jan 27 21:12:03 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-b761.edmz.nausch.org. NULL IN Jan 27 21:12:03 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-28c4.intra.nausch.org. NULL IN Jan 27 21:12:03 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-2008.ebersberger-liedersammlung.de. NULL IN Jan 27 21:12:04 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-3e8c.3.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. NULL IN Jan 27 21:12:04 vml000110 unbound[4822]: [4822:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset 3.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. DNSKEY IN Jan 27 21:12:04 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-3e8c.3.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. NULL IN Jan 27 21:12:04 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-8116.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. NULL IN Jan 27 21:12:04 vml000110 unbound[4822]: [4822:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset 0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. DNSKEY IN Jan 27 21:12:04 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-8116.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. NULL IN Jan 27 21:12:04 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-ad4d.3.0.6.7.d.0.e.0.a.0.0.0.3.0.0.2.ip6.arpa. NULL IN Jan 27 21:12:04 vml000110 unbound[4822]: [4822:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset 3.0.6.7.d.0.e.0.a.0.0.0.3.0.0.2.ip6.arpa. DNSKEY IN Jan 27 21:12:04 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-ad4d.3.0.6.7.d.0.e.0.a.0.0.0.3.0.0.2.ip6.arpa. NULL IN Jan 27 21:12:04 vml000110 unbound[4822]: [4822:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset 3.0.6.7.d.0.e.0.a.0.0.0.3.0.0.2.ip6.arpa. DNSKEY IN Jan 27 21:12:04 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-ad4d.3.0.6.7.d.0.e.0.a.0.0.0.3.0.0.2.ip6.arpa. NULL IN Jan 27 21:12:04 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-5e5c.7.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. NULL IN Jan 27 21:12:04 vml000110 unbound[4822]: [4822:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset 7.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. DNSKEY IN Jan 27 21:12:04 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-5e5c.7.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. NULL IN Jan 27 21:12:04 vml000110 unbound[4822]: [4822:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset 3.0.6.7.d.0.e.0.a.0.0.0.3.0.0.2.ip6.arpa. DNSKEY IN Jan 27 21:12:04 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-ad4d.3.0.6.7.d.0.e.0.a.0.0.0.3.0.0.2.ip6.arpa. NULL IN Jan 27 21:12:04 vml000110 unbound[4822]: [4822:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset 3.0.6.7.d.0.e.0.a.0.0.0.3.0.0.2.ip6.arpa. DNSKEY IN Jan 27 21:12:04 vml000110 unbound[4822]: [4822:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset 3.0.6.7.d.0.e.0.a.0.0.0.3.0.0.2.ip6.arpa. DNSKEY IN Jan 27 21:12:04 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-ad4d.3.0.6.7.d.0.e.0.a.0.0.0.3.0.0.2.ip6.arpa. NULL IN Jan 27 21:12:04 vml000110 unbound[4822]: [4822:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset 3.0.6.7.d.0.e.0.a.0.0.0.3.0.0.2.ip6.arpa. DNSKEY IN Jan 27 21:12:04 vml000110 unbound[4822]: [4822:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset 3.0.6.7.d.0.e.0.a.0.0.0.3.0.0.2.ip6.arpa. DNSKEY IN Jan 27 21:12:04 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-ad4d.3.0.6.7.d.0.e.0.a.0.0.0.3.0.0.2.ip6.arpa. NULL IN Jan 27 21:12:04 vml000110 unbound[4822]: [4822:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset 3.0.6.7.d.0.e.0.a.0.0.0.3.0.0.2.ip6.arpa. DNSKEY IN Jan 27 21:12:04 vml000110 unbound[4822]: [4822:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset 3.0.6.7.d.0.e.0.a.0.0.0.3.0.0.2.ip6.arpa. DNSKEY IN Jan 27 21:12:04 vml000110 unbound[4822]: [4822:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset 3.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. DNSKEY IN Jan 27 21:12:04 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-3e8c.3.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. NULL IN Jan 27 21:12:04 vml000110 unbound[4822]: [4822:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset 0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. DNSKEY IN Jan 27 21:12:04 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-8116.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. NULL IN Jan 27 21:12:05 vml000110 unbound[4822]: [4822:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset 7.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. DNSKEY IN Jan 27 21:12:05 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-5e5c.7.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. NULL IN Jan 27 21:12:05 vml000110 unbound[4822]: [4822:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset 3.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. DNSKEY IN Jan 27 21:12:05 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-3e8c.3.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. NULL IN Jan 27 21:12:05 vml000110 unbound[4822]: [4822:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset 7.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. DNSKEY IN Jan 27 21:12:05 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-5e5c.7.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. NULL IN Jan 27 21:12:05 vml000110 unbound[4822]: [4822:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset 3.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. DNSKEY IN Jan 27 21:12:05 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-3e8c.3.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. NULL IN Jan 27 21:12:05 vml000110 unbound[4822]: [4822:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset 0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. DNSKEY IN Jan 27 21:12:05 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-8116.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. NULL IN Jan 27 21:12:05 vml000110 unbound[4822]: [4822:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset 7.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. DNSKEY IN Jan 27 21:12:05 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-5e5c.7.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. NULL IN Jan 27 21:12:06 vml000110 unbound[4822]: [4822:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset 0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. DNSKEY IN Jan 27 21:12:06 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-8116.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. NULL IN Jan 27 21:12:06 vml000110 unbound[4822]: [4822:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset 3.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. DNSKEY IN Jan 27 21:12:06 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-3e8c.3.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. NULL IN Jan 27 21:12:06 vml000110 unbound[4822]: [4822:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset 7.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. DNSKEY IN Jan 27 21:12:06 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-5e5c.7.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. NULL IN Jan 27 21:12:06 vml000110 unbound[4822]: [4822:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset 0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. DNSKEY IN Jan 27 21:12:06 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-8116.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. NULL IN Jan 27 21:12:06 vml000110 unbound[4822]: [4822:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset 3.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. DNSKEY IN Jan 27 21:12:07 vml000110 unbound[4822]: [4822:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset 7.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. DNSKEY IN Jan 27 21:12:07 vml000110 unbound[4822]: [4822:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset 0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. DNSKEY IN
Bei Bedarf können wir natürlich auch den Status unseres Daemons jederzeit abfragen.
# systemctl status named.service
● unbound.service - Validating, recursive, and caching DNS resolver
Loaded: loaded (/usr/lib/systemd/system/unbound.service; enabled; preset: disabled)
Active:active (running) since Tue 2026-01-27 21:12:03 CET; 8s ago
Invocation: cb532dc297ef448ab2abf24a76dd7579
Docs: man:unbound(8)
Main PID: 4822 (unbound)
Tasks: 1 (limit: 9501)
Memory: 9M (peak: 9.5M)
CPU: 153ms
CGroup: /system.slice/unbound.service
└─4822 /usr/bin/unbound -d -p
Jan 27 21:12:06 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-8116.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. NULL IN
Jan 27 21:12:06 vml000110 unbound[4822]: [4822:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset 3.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. DNSKEY IN
Jan 27 21:12:06 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-3e8c.3.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. NULL IN
Jan 27 21:12:06 vml000110 unbound[4822]: [4822:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset 7.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. DNSKEY IN
Jan 27 21:12:06 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-5e5c.7.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. NULL IN
Jan 27 21:12:06 vml000110 unbound[4822]: [4822:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset 0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. DNSKEY IN
Jan 27 21:12:06 vml000110 unbound[4822]: [4822:0] info: generate keytag query _ta-8116.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. NULL IN
Jan 27 21:12:06 vml000110 unbound[4822]: [4822:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset 3.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. DNSKEY IN
Jan 27 21:12:07 vml000110 unbound[4822]: [4822:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset 7.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. DNSKEY IN
Jan 27 21:12:07 vml000110 unbound[4822]: [4822:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset 0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. DNSKEY IN
Alternativ dazu können wir auch einen Blick in die Prozess-Liste werfen um uns zu vergewissern ob der Daemon läuft.
# ps auxwf | grep unbound
root 12 0.0 0.0 0 0 ? I 15:12 0:00 \_ [kworker/u16:0-events_unbound] root 70 0.0 0.0 0 0 ? I< 15:12 0:00 \_ [kworker/R-quota_events_unbound] root 1705 0.0 0.0 0 0 ? I 19:16 0:00 \_ [kworker/u18:2-events_unbound] root 1862 0.0 0.0 0 0 ? I 20:05 0:00 \_ [kworker/u18:3-events_unbound] root 1892 0.0 0.0 0 0 ? I 20:33 0:00 \_ [kworker/u20:1-events_unbound] root 4503 0.0 0.0 0 0 ? I 20:58 0:00 \_ [kworker/u20:2-events_unbound] root 4551 0.0 0.0 0 0 ? I 21:04 0:00 \_ [kworker/u19:2-events_unbound] root 4672 0.0 0.0 0 0 ? I 21:09 0:00 \_ [kworker/u19:1-events_unbound] root 4850 0.0 0.0 0 0 ? I 21:14 0:00 \_ [kworker/u17:3-events_unbound] root 4882 0.0 0.0 7952 6184 pts/0 S+ 21:19 0:00 \_ grep --color=auto unbound unbound 4822 0.0 0.2 26512 21536 ? Ss 21:12 0:00 /usr/bin/unbound -d -p
Wir können jetzt auch schon mit Hilfe des Utility ss abfragen ob der unbound nun Ports auf zugehörigen Addressen geöffnet hat.
# ss -tulpn
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 0 0 10.0.0.110:53 0.0.0.0:* users:(("unbound",pid=4822,fd=9))
udp UNCONN 0 0 10.0.10.110:53 0.0.0.0:* users:(("unbound",pid=4822,fd=5))
udp UNCONN 0 0 [fd00::7:10:0:10:110]:53 [::]:* users:(("unbound",pid=4822,fd=3))
udp UNCONN 0 0 [fd00::3:10:0:0:110]:53 [::]:* users:(("unbound",pid=4822,fd=7))
tcp LISTEN 0 256 127.0.0.1:8953 0.0.0.0:* users:(("unbound",pid=4822,fd=12))
tcp LISTEN 0 256 10.0.0.110:53 0.0.0.0:* users:(("unbound",pid=4822,fd=10))
tcp LISTEN 0 256 10.0.10.110:53 0.0.0.0:* users:(("unbound",pid=4822,fd=6))
tcp LISTEN 0 256 [fd00::3:10:0:0:110]:53 [::]:* users:(("unbound",pid=4822,fd=8))
tcp LISTEN 0 256 [::1]:8953 [::]:* users:(("unbound",pid=4822,fd=11))
tcp LISTEN 0 256 [fd00::7:10:0:10:110]:53 [::]:* users:(("unbound",pid=4822,fd=4))
(remote) Management mit unbound-control
Mit Hilfe von unbound-control haben wir im Abschnitt Management mit Hilfe von remote-control bereits das Schlüssel- und Zertifikatsmaterial erzeugt.
Möchte man einen Überblick über alle Möglichkeiten dieses Programms nutzt man beim Aufruf die Option --help.
# unbound-control --help
Ausgabe des Befehls unbound-control --help
Usage: unbound-control [options] command Remote control utility for unbound server. Options: -c file config file, default is /etc/unbound/unbound.conf -s ip[@port] server address, if omitted config is used. -q quiet (don't print anything if it works ok). -h show this usage help. Commands: start start server; runs unbound(8) stop stops the server reload reloads the server (this flushes data, stats, requestlist) reload_keep_cache reloads the server but tries to keep the RRset and message cache if (re)configuration allows for it. That means the caches sizes and the number of threads must not change between reloads. fast_reload [+dpv] reloads the server but only briefly stops server processing, keeps cache, and changes most options; check unbound-control(8). +d drops running queries to keep consistency on changed options while reloading. +p does not pause threads for even faster reload but less options are supported ; check unbound-control(8). +v verbose output, it will include duration needed. +vv more verbose output, it will include memory needed. stats print statistics stats_noreset peek at statistics stats_shm print statistics using shm status display status of server verbosity <number> change logging detail log_reopen close and open the logfile local_zone <name> <type> add new local zone local_zone_remove <name> remove local zone and its contents local_data <RR data...> add local data, for example local_data www.example.com A 192.0.2.1 local_data_remove <name> remove local RR data from name local_zones, local_zones_remove, local_datas, local_datas_remove same, but read list from stdin (one entry per line). dump_cache print cache to stdout (not supported in remote unbounds in multi-process operation) load_cache load cache from stdin (not supported in remote unbounds in multi-process operation) cache_lookup [+t] <names> print rrsets and msgs at or under the names +t allow tld and root names. lookup <name> print nameservers for name flush [+c] <name> flushes common types for name from cache types: A, AAAA, MX, PTR, NS, SOA, CNAME, DNAME, SRV, NAPTR flush_type [+c] <name> <type> flush name, type from cache +c remove from cachedb too flush_zone [+c] <name> flush everything at or under name from rr and dnssec caches flush_bogus [+c] flush all bogus data flush_negative [+c] flush all negative data flush_stats flush statistics, make zero flush_requestlist drop queries that are worked on dump_requestlist show what is worked on by first thread flush_infra [all | ip] remove ping, edns for one IP or all dump_infra show ping and edns entries set_option opt: val set option to value, no reload get_option opt get option value list_stubs list stub-zones and root hints in use list_forwards list forward-zones in use list_insecure list domain-insecure zones list_local_zones list local-zones in use list_local_data list local-data RRs in use insecure_add zone add domain-insecure zone insecure_remove zone remove domain-insecure zone forward_add [+it] zone addr.. add forward-zone with servers forward_remove [+i] zone remove forward zone stub_add [+ipt] zone addr.. add stub-zone with servers stub_remove [+i] zone remove stub zone +i also do dnssec insecure point +p set stub to use priming +t set to use tls upstream forward [off | addr ...] without arg show forward setup or off to turn off root forwarding or give list of ip addresses ratelimit_list [+a] list ratelimited domains ip_ratelimit_list [+a] list ratelimited ip addresses +a list all, also not ratelimited list_auth_zones list auth zones (includes RPZ zones) auth_zone_reload zone reload auth zone (or RPZ zone) from zonefile auth_zone_transfer zone transfer auth zone (or RPZ zone) from master view_list_local_zones view list local-zones in view view_list_local_data view list local-data RRs in view view_local_zone view name type add local-zone in view view_local_zone_remove view name remove local-zone in view view_local_data view RR... add local-data in view view_local_datas view add list of local-data to view one entry per line read from stdin view_local_data_remove view name remove local-data in view view_local_datas_remove view remove list of local-data from view one entry per line read from stdin rpz_enable zone Enable the RPZ zone if it had previously been disabled rpz_disable zone Disable the RPZ zone add_cookie_secret <secret> add (or replace) a new cookie secret <secret> drop_cookie_secret drop a staging cookie secret activate_cookie_secret make a staging cookie secret active print_cookie_secrets show all cookie secrets with their status Version 1.24.2 BSD licensed, see LICENSE in source package for details. Report bugs to unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues
In folgendem Beispiel lassen wir uns den Status unseres Resolvers ausgeben.
# unbound-control status
version: 1.24.2 verbosity: 1 threads: 1 modules: 2 [ validator iterator ] uptime: 10711 seconds options: reuseport control(ssl) unbound (pid 2013) is running...
Möchte man wissen, welche Zonen an einen anderen DNS-Server, in unserem Beispiel der hidden matser der nur auf Port ::1 lauscht, delegiert wurden benutzt man die Option list_forwards.
# unbound-control list_forwards
omni128.de. IN forward ::1 ebersberger-liedersammlung.de. IN forward ::1 nausch.org. IN forward ::1 edmz.nausch.org. IN forward ::1 idmz.nausch.org. IN forward ::1 intra.nausch.org. IN forward ::1 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. IN forward +i ::1 0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. IN forward ::1 3.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. IN forward ::1 7.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. IN forward ::1 0.0.10.in-addr.arpa. IN forward ::1 10.0.10.in-addr.arpa. IN forward ::1 1.0.0.127.in-addr.arpa. IN forward +i ::1 2.17.172.in-addr.arpa. IN forward ::1 13.92.217.in-addr.arpa. IN forward ::1 wetterstation-pliening.info. IN forward ::1 localhost. IN forward +i ::1
Bei Bedarf kann man sich z.B. auch den Cache des Resolvers ausgeben lassen. Diese erreichen wir mit dem Befehl|Option dump_cache.
# unbound-control dump_cache
Beispiel einer Ausgabe des Befehlsaufrufes unbound-control dump_cache
START_RRSET_CACHE
;rrset 1760 1 1 11 5
edmz.nausch.org. 1760 IN DNSKEY 257 3 13 9YYGfevoM0TfSMW6Ju3XqXnIHYxTaMobmbP8MnACygsU108vlGPIppOnoh9K2h3l4HOGZ5UTgrtHgg80vanpxA== ;{id = 9230 (ksk), size = 256b}
edmz.nausch.org. 1760 IN RRSIG DNSKEY 13 3 3600 20260212075344 20260129065344 9230 edmz.nausch.org. 1etXPFmV5jt/PsELnPZDN3nPTsMw0TiuMOmCZJOrccplGIkvkmgI1NMLr7IpCmZnPpsDjB0mBaD0FemEuYuSng== ;{id = 9230}
;rrset 76668 1 1 8 0
nsgbr.comlaude.co.uk. 76668 IN A 198.51.44.11
nsgbr.comlaude.co.uk. 76668 IN RRSIG A 13 4 86400 20260130103122 20260129083122 8875 comlaude.co.uk. IIcCUO48XfDtjEWElC7OsJpMyTZuhpMTv9+xFJ4jvzd2I9bY0zhfJMlD4FqFo1wJpMzDgidCNienTSmBbvhmPQ== ;{id = 8875}
;rrset 76081 1 0 1 0
ns2.arin.net. 76081 IN AAAA 2001:500:31::108
;rrset 76552 1 0 1 0
g-ns-1482.awsdns-07.co.uk. 76552 IN A 205.251.197.202
;rrset 76526 8 0 2 0
biz. 76526 IN NS w.gtld.biz.
biz. 76526 IN NS m.gtld.biz.
biz. 76526 IN NS a.gtld.biz.
biz. 76526 IN NS c.gtld.biz.
biz. 76526 IN NS b.gtld.biz.
biz. 76526 IN NS n.gtld.biz.
biz. 76526 IN NS y.gtld.biz.
biz. 76526 IN NS x.gtld.biz.
;rrset 76523 1 0 1 0
g-ns-1964.awsdns-44.net. 76523 IN AAAA 2600:9000:5307:ac00::1
;rrset 83382 1 0 1 0
anycast.regdns1.de. 83382 IN A 192.174.68.100
;rrset 2724 1 1 7 0
wetterstation-pliening.info. 2724 IN SOA ns1.nausch.org. hostmaster.nausch.org. 2026012214 28800 7200 1209600 3600
wetterstation-pliening.info. 2724 IN RRSIG SOA 13 2 3600 20260212075344 20260129065344 3760 wetterstation-pliening.info. bKfUizHldRBLx9ekIIJcWb9cIzjoiSAjoLFxRzFis4jx1Wv4XHcBbP52N/TzGnumxvIH7kr/vJuFrNqX6tkMjg== ;{id = 3760}
;rrset 76081 1 0 1 0
ns.lacnic.net. 76081 IN AAAA 2001:13c7:7002:3000::10
;rrset 83529 3 0 1 0
kristin.ns.cloudflare.com. 83529 IN AAAA 2606:4700:50::adf5:3ab5
kristin.ns.cloudflare.com. 83529 IN AAAA 2803:f800:50::6ca2:c0b5
kristin.ns.cloudflare.com. 83529 IN AAAA 2a06:98c1:50::ac40:20b5
;rrset 76523 1 0 1 0
g-ns-1731.awsdns-03.com. 76523 IN AAAA 2600:9000:5306:c300::1
;rrset 83529 3 0 1 0
scott.ns.cloudflare.com. 83529 IN A 108.162.193.230
scott.ns.cloudflare.com. 83529 IN A 172.64.33.230
scott.ns.cloudflare.com. 83529 IN A 173.245.59.230
;rrset 76552 1 0 8 0
ns-1597.awsdns-07.co.uk. 76552 IN A 205.251.198.61
;rrset 77048 1 0 8 0
ns-351.awsdns-43.com. 77048 IN AAAA 2600:9000:5301:5f00::1
;rrset 2665 1 1 2 0
S38VCLR6S58KVA9DKDV5GHP3UHMFR8A8.co.uk. 2665 IN NSEC3 1 1 0 - s39b1e7tl4ae3ol8e4s5g1s1rr3h31va NS DS RRSIG ;{flags: optout}
S38VCLR6S58KVA9DKDV5GHP3UHMFR8A8.co.uk. 2665 IN RRSIG NSEC3 8 3 10800 20260304233538 20260128224814 44346 co.uk. iLOafFCTEELbEjq80hoGE8YrLlbkwX6BkWaIZMZRIypyzOUdCD5wGOLPbW0/prM9/5GQm7IzeEp4US0bxQzKXVqzZn5AYmdTEzZAKCJYdSlRMl8gOO2mRLmeXkHATtu1N9/WsjBUsj8b/Owuc0pg+yN6/pJpMShn4mhYgKA44r2TuclXJ0GUpBcPO+Dv744LanJDJ1kTuyvk+ywnPU183WYva0/43sg7D/+C9N7/9ONQxDRRILqEVLbXVjNqSax5WEyqK7eUbA6zAw5+6plCUfrq7mLKKrqLM2z7mjIWuYGHF+XlVQ824RDk9l4tJtOQRUCRreu4DgF8G0z+m5UZ+w== ;{id = 44346}
;rrset 76669 2 1 2 0
incapdns.net. 76669 IN DS 31229 8 1 C100F03BAB77713ECF1794A952C546740CDED429
incapdns.net. 76669 IN DS 31229 8 2 1E6B38737E155BB03ABBD5876E37BD375C415A354E170E55A905B07BFBCCB25E
incapdns.net. 76669 IN RRSIG DS 13 2 86400 20260204032642 20260128021642 44109 net. iU+p86US8wjo/5C8k881I4J8z4wGjggBb2ToqtEyYdnau/TCowjjVqoVkC9a5qk2O2LC2mNcobFvmDHdzGvA5Q== ;{id = 44109}
;rrset 76553 1 0 1 0
g-ns-1167.awsdns-15.com. 76553 IN A 205.251.196.143
;rrset 76523 4 0 2 0
fastly-edge.com. 76523 IN NS ns1.fastly-edge.com.
fastly-edge.com. 76523 IN NS ns2.fastly-edge.com.
fastly-edge.com. 76523 IN NS ns3.fastly-edge.com.
fastly-edge.com. 76523 IN NS ns4.fastly-edge.com.
;rrset 764 1 0 1 0
g-ns-757.awsdns-51.org. 764 IN A 205.251.194.245
;rrset 83452 4 0 2 0
awsdns-18.co.uk. 83452 IN NS g-ns-1814.awsdns-18.co.uk.
awsdns-18.co.uk. 83452 IN NS g-ns-338.awsdns-18.co.uk.
awsdns-18.co.uk. 83452 IN NS g-ns-914.awsdns-18.co.uk.
awsdns-18.co.uk. 83452 IN NS g-ns-1493.awsdns-18.co.uk.
;rrset 76553 1 0 8 0
ns-1294.awsdns-33.org. 76553 IN AAAA 2600:9000:5305:e00::1
;rrset 76081 1 0 1 0
ns1.arin.net. 76081 IN AAAA 2001:500:13::108
;rrset 76034 1 0 1 0
a18-67.akam.net. 76034 IN A 95.101.36.67
;rrset 75197 1 0 1 0
h.gtld-servers.net. 75197 IN AAAA 2001:502:8cc::30
;rrset 77066 1 0 1 0
ns04.quack-dns.com. 77066 IN A 148.163.196.193
;rrset 76668 4 0 2 0
trustpilot.com. 76668 IN NS ns-627.awsdns-14.net.
trustpilot.com. 76668 IN NS ns-507.awsdns-63.com.
trustpilot.com. 76668 IN NS ns-1198.awsdns-21.org.
trustpilot.com. 76668 IN NS ns-1859.awsdns-40.co.uk.
;rrset 76553 1 0 8 0
ns-221.awsdns-27.com. 76553 IN A 205.251.192.221
;rrset 76521 8 0 2 0
uk. 76521 IN NS nsa.nic.uk.
uk. 76521 IN NS nsc.nic.uk.
uk. 76521 IN NS nsb.nic.uk.
uk. 76521 IN NS nsd.nic.uk.
uk. 76521 IN NS dns1.nic.uk.
uk. 76521 IN NS dns2.nic.uk.
uk. 76521 IN NS dns3.nic.uk.
uk. 76521 IN NS dns4.nic.uk.
;rrset 75197 1 0 1 0
dns20.dns.t-ipnet.de. 75197 IN AAAA 2003:180:a:2000::53
;rrset 76526 1 0 8 0
ns-1111.awsdns-10.org. 76526 IN A 205.251.196.87
;rrset 76521 1 1 2 0
uk. 76521 IN DS 43876 8 2 A107ED2AC1BD14D924173BC7E827A1153582072394F9272BA37E2353BC659603
uk. 76521 IN RRSIG DS 8 1 86400 20260211050000 20260129040000 21831 . DG2k+hq0FNQtzWz+1NincNDvg5kQejzwjsYoE7z0RNvK2MGIFru7N/GRu92EK8BArybLo4GakKis3nzdyryyj3JSrsCt6bvtZ5Oj8O7vyOoGH1tlFrqlvnyvgiungiLT+Wf5/2EhhJx3C3M0OtKGq8F7k9EQrLE4UMu269Mw2YPyQen2yVlsifS4oFCyyetDXlLyUYG7xhxeBZ2h49OJZ/abJEsFD4kz9FQHY2+cFyTNTa8yaoi1f/syvm2/PxM9KHAkDlJRRfXEcPvD4zYZBhVs+JJnP8ymMyAVpcfeOecdpacBMXmUrWP/jlzFdPpj8Ooy8taM1K3GdxxWDOncHw== ;{id = 21831}
;rrset 76526 1 0 1 0
g-ns-1518.awsdns-43.co.uk. 76526 IN AAAA 2600:9000:5305:ee00::1
;rrset 764 1 0 1 0
g-ns-1032.awsdns-05.org. 764 IN AAAA 2600:9000:5304:800::1
;rrset 83388 1 0 1 0
g-ns-25.awsdns-24.com. 83388 IN A 205.251.192.25
;rrset 75197 13 0 2 0
net. 75197 IN NS a.gtld-servers.net.
net. 75197 IN NS b.gtld-servers.net.
net. 75197 IN NS c.gtld-servers.net.
net. 75197 IN NS d.gtld-servers.net.
net. 75197 IN NS e.gtld-servers.net.
net. 75197 IN NS f.gtld-servers.net.
net. 75197 IN NS g.gtld-servers.net.
net. 75197 IN NS h.gtld-servers.net.
net. 75197 IN NS i.gtld-servers.net.
net. 75197 IN NS j.gtld-servers.net.
net. 75197 IN NS k.gtld-servers.net.
net. 75197 IN NS l.gtld-servers.net.
net. 75197 IN NS m.gtld-servers.net.
;rrset 76552 1 0 1 0
g-ns-1204.awsdns-52.com. 76552 IN A 205.251.196.180
;rrset 83388 1 0 1 0
g-ns-1491.awsdns-16.co.uk. 83388 IN A 205.251.197.211
;rrset 83452 1 0 1 0
g-ns-465.awsdns-16.net. 83452 IN A 205.251.193.209
;rrset 78265 1 0 1 0
g-ns-1824.awsdns-28.co.uk. 78265 IN A 205.251.199.32
;rrset 83388 1 0 1 0
g-ns-355.awsdns-35.co.uk. 83388 IN AAAA 2600:9000:5301:6300::1
;rrset 76522 1 0 1 0
g-ns-827.awsdns-57.net. 76522 IN AAAA 2600:9000:5303:3b00::1
;rrset 76296 1 0 1 0
c0.nic.me. 76296 IN AAAA 2001:500:55::1
;rrset 78265 1 0 8 0
ns-1354.awsdns-41.org. 78265 IN A 205.251.197.74
;rrset 76526 1 0 1 0
g-ns-775.awsdns-05.net. 76526 IN AAAA 2600:9000:5303:700::1
;rrset 78264 1 1 8 0
dns4.p08.nsone.net. 78264 IN AAAA 2a00:edc0:6259:7:8::4
dns4.p08.nsone.net. 78264 IN RRSIG AAAA 13 4 86400 20260130105758 20260129085758 12196 nsone.net. rpSZ9Dal5YmMw87uwdehr8rGfBpuIWDKaVRMJNj0GywE1rFsLuL+8Z+ytSrsglOW4M6WfBt/Pov73m+MR0hnaw== ;{id = 12196}
;rrset 76526 1 0 8 0
ns-273.awsdns-34.com. 76526 IN A 205.251.193.17
;rrset 2600 1 1 11 5
intra.nausch.org. 2600 IN DNSKEY 257 3 13 y9mFr6fcHVSxcbY58bCmUHc0X51eY4qhxyagcyMtsQtVRGUQr7xIQJ9aLYLbmstDl7yqDcIYLybd6B+9P19AzQ== ;{id = 60679 (ksk), size = 256b}
intra.nausch.org. 2600 IN RRSIG DNSKEY 13 3 3600 20260212075344 20260129065344 60679 intra.nausch.org. rYggAc4HUnqX+OxFUFtXy8aAZ1o+lsomAkHAYH5Svftn4TjmqVKhe+v7FikoTICtKGAitHlmfZaFfIX/9edbMg== ;{id = 60679}
;rrset 82207 1 0 8 0
ns-1402.awsdns-47.org. 82207 IN AAAA 2600:9000:5305:7a00::1
;rrset 76552 1 0 8 0
ns-1597.awsdns-07.co.uk. 76552 IN AAAA 2600:9000:5306:3d00::1
;rrset 76526 1 0 8 0
ns-1887.awsdns-43.co.uk. 76526 IN A 205.251.199.95
;rrset 76552 4 0 2 0
awsdns-52.com. 76552 IN NS g-ns-53.awsdns-52.com.
awsdns-52.com. 76552 IN NS g-ns-628.awsdns-52.com.
awsdns-52.com. 76552 IN NS g-ns-1204.awsdns-52.com.
awsdns-52.com. 76552 IN NS g-ns-1780.awsdns-52.com.
;rrset 76081 1 0 1 0
cl1-tld.d-zone.ca. 76081 IN AAAA 2620:10a:80aa::56
;rrset 76553 1 0 8 0
ns-1543.awsdns-00.co.uk. 76553 IN AAAA 2600:9000:5306:700::1
;rrset 76668 1 0 1 0
b.nic.ch. 76668 IN AAAA 2001:620:0:ff::58
;rrset 76526 1 0 1 0
a0.nic.io. 76526 IN A 65.22.160.17
;rrset 76526 1 0 1 0
g-ns-1393.awsdns-49.net. 76526 IN A 205.251.197.113
;rrset 76523 1 0 8 0
ns-cloud-d3.googledomains.com. 76523 IN AAAA 2001:4860:4802:36::6d
;rrset 76552 1 0 1 0
g-ns-327.awsdns-07.co.uk. 76552 IN A 205.251.193.71
;rrset 76521 1 0 1 0
g-ns-334.awsdns-14.co.uk. 76521 IN A 205.251.193.78
;rrset 75197 1 1 2 0
net. 75197 IN DS 37331 13 2 2F0BEC2D6F79DFBD1D08FD21A3AF92D0E39A4B9EF1E3F4111FFF282490DA453B
net. 75197 IN RRSIG DS 8 1 86400 20260211050000 20260129040000 21831 . Y22T+9RVeviotKUoLQQtLs1y59ngJ8rG2uFIlNq6mJ0ZRJktPqUcLtbbujX54BTUxEcDws5imU9dv1O/I98Ni7B6xGqJtWnN4oLgfmnY8bDb0HqKxVxsRdFwXiN5JGfmlA/B+IeIlYs65CDGvviAV0T0P3b1H30T/649PI7pZJvNm5i4ItB71r/XO5FSGsKCeq2AR0nLvqAeqiZLDbHTmVoShdt1BhdS0RvI+RpfGqBoECHcPXaFyjuOmjMPhRNuhSys8DLALPiyQsnvya/1hnM+2yimUoiCG6MapqC9bvZYUC0USLa3P7CH1tkCbUN4ghsRW+94gWaqFL+uBUuoyA== ;{id = 21831}
;rrset 83564 1 0 1 0
g-ns-1963.awsdns-43.net. 83564 IN A 205.251.199.171
;rrset 76669 2 0 2 0
2checkout.com. 76669 IN NS dns1.cscdns.net.
2checkout.com. 76669 IN NS dns2.cscdns.net.
;rrset 75197 1 0 1 0
m.gtld-servers.net. 75197 IN A 192.55.83.30
;rrset 76522 1 0 1 0
g-ns-1748.awsdns-20.com. 76522 IN AAAA 2600:9000:5306:d400::1
;rrset 77048 1 0 1 0
g-ns-328.awsdns-08.co.uk. 77048 IN A 205.251.193.72
;rrset 77048 1 0 1 0
g-ns-1368.awsdns-24.net. 77048 IN AAAA 2600:9000:5305:5800::1
;rrset 83388 1 0 1 0
g-ns-931.awsdns-35.co.uk. 83388 IN A 205.251.195.163
;rrset 76523 1 0 1 0
ns3.fastly-edge.com. 76523 IN AAAA 2a04:4e47:2::32
;rrset 76081 5 0 2 0
0.a.2.ip6.arpa. 76081 IN NS rirns.arin.net.
0.a.2.ip6.arpa. 76081 IN NS ns3.lacnic.net.
0.a.2.ip6.arpa. 76081 IN NS ns4.apnic.net.
0.a.2.ip6.arpa. 76081 IN NS ns3.afrinic.net.
0.a.2.ip6.arpa. 76081 IN NS pri.authdns.ripe.net.
;rrset 76526 1 0 8 0
ns-629.awsdns-14.net. 76526 IN A 205.251.194.117
;rrset 83388 1 0 1 0
g-ns-1831.awsdns-35.co.uk. 83388 IN A 205.251.199.39
;rrset 76523 1 0 1 0
ns7.googledomains.com. 76523 IN AAAA 2001:4860:4802:36::a
;rrset 652 1 1 2 0
pfoilgtfa79el12ln8j6t99beebkuaap.org. 652 IN NSEC3 1 1 0 332539EE7F95C32A pfol66ggmb4ih749k56j3m8rlm5n92e5 NS DS RRSIG ;{flags: optout}
pfoilgtfa79el12ln8j6t99beebkuaap.org. 652 IN RRSIG NSEC3 8 2 3600 20260215152414 20260125142414 37176 org. X/+jXOproHNoo8dwfZkZ3GiQdb3RrdqInHASnaZgmsYA+6SEKNypAYNOfO5N+kO0NsTVi6o6qNbEpUqcbVQz//5SJrWmFZnoSohVyT1bojjcE/SB5LLrZVodTUXxX3wp+VpN+aBAP3HnW3xV1bPADtZMhc7U5t7o2vzmTIUzgtg= ;{id = 37176}
;rrset 83452 1 0 8 0
ns-634.awsdns-15.net. 83452 IN AAAA 2600:9000:5302:7a00::1
;rrset 78265 1 1 8 0
dns2.p02.nsone.net. 78265 IN AAAA 2a00:edc0:6259:7:2::2
dns2.p02.nsone.net. 78265 IN RRSIG AAAA 13 4 86400 20260130105759 20260129085759 12196 nsone.net. HiOtzEZttGy6c+V8P3wHzD+jjCRmmoIKFitBwgd/x5139zpsMwL6grSHY/5lRbWRg3HrFqZXTMIEG5JJhabu3Q== ;{id = 12196}
;rrset 924 1 1 2 0
gm9oho43f7p77f9gtdmr73f7q3cil9rl.co.uk. 924 IN NSEC3 1 1 0 - gm9u65481465i67uqq87be3qt2i865bq NS DS RRSIG ;{flags: optout}
gm9oho43f7p77f9gtdmr73f7q3cil9rl.co.uk. 924 IN RRSIG NSEC3 8 3 10800 20260305031233 20260129030232 44346 co.uk. k1OYJGW8PtGVcjuYHCiSHMkBszAg/C1pyiuDCB7oqndYraFMcXtEAkvHXNH6RTl/hSU/ZPeicLFR5CoPxyTy0BwzWNwfMJhfDfm/uZtmEuBOFMvBu0E8cXyvXZEXDgs6KcvZaiIb0+eU4sCfWh3U5WnW0MAm0NP7qSFp9WXUt27CTm0SgWRCgyk/+Sy1KPWnVFCPJZXktL3W/ZmW6RzFessJxzHecWqSzqgOLna07p4rEMvhh06VTAvwZchMwJFml3cjZU+Q7QURSZ3NTj0V999b+defVhjTIxElssulw8e8r4OC4ik/LdxcA5mgTUaMISPTcG4Xha3ux8BgnZsSmw== ;{id = 44346}
;rrset 76082 1 0 1 0
ns2.afrinic.net. 76082 IN AAAA 2001:43f8:120::10
;rrset 76552 1 0 1 0
g-ns-1508.awsdns-33.co.uk. 76552 IN AAAA 2600:9000:5305:e400::1
;rrset 76596 1 0 1 0
g-ns-1784.awsdns-56.com. 76596 IN A 205.251.198.248
;rrset 588 1 1 7 0
co.uk. 588 IN SOA dns1.nic.uk. hostmaster.nominet.org.uk. 1769685780 900 300 2419200 10800
co.uk. 7788 IN RRSIG SOA 8 2 172800 20260305112313 20260129102313 44346 co.uk. HtQSPPJmaeF7z7y22puNN/LaDLiANC+qT9bWTLcXrsF+AsrVVDIVWgGmU5gbOjZtYeqIFoWbETNl5mHHW6Xl8IG0u6g/EFcoV6/4dnG3wg1HGgSjO5d+/grMbVmXY6hfdu6EIx2uzlmue8qJp2vDeYgLQp84r5VVCxqg9EEG83IxLW6B5CgSq1rz6fMjDqbw8u/xPcg27E43MR6R/wDTmuAr5+7QkGi/SxZq3s/mFlos/OLVjAPoQKSrABiwTTPlK81VhdyRd/SBUYzDajYR6IUqTgen6bixRqN5Ubt8Wn+YPxJYbOprfshWK0AzLUuXXNFEZpDJAe+BvMdA20tjlQ== ;{id = 44346}
;rrset 76523 1 0 8 0
ns-cloud-b2.googledomains.com. 76523 IN A 216.239.34.107
;rrset 764 1 0 1 0
g-ns-1605.awsdns-05.org. 764 IN AAAA 2600:9000:5306:4500::1
;rrset 76596 4 0 2 0
facebook.net. 76596 IN NS a.ns.facebook.com.
facebook.net. 76596 IN NS b.ns.facebook.com.
facebook.net. 76596 IN NS c.ns.facebook.com.
facebook.net. 76596 IN NS d.ns.facebook.com.
;rrset 76523 1 0 8 0
ns-cloud-c2.googledomains.com. 76523 IN AAAA 2001:4860:4802:34::6c
;rrset 77957 1 0 1 0
g-ns-17.awsdns-16.com. 77957 IN AAAA 2600:9000:5300:1100::1
;rrset 83564 1 0 1 0
g-ns-350.awsdns-30.co.uk. 83564 IN A 205.251.193.94
;rrset 76658 1 0 1 0
g-ns-1973.awsdns-53.net. 76658 IN AAAA 2600:9000:5307:b500::1
;rrset 76526 1 0 1 0
g-ns3.amzndns.com. 76526 IN A 205.251.196.167
;rrset 78526 1 0 1 0
g-ns-371.awsdns-51.co.uk. 78526 IN AAAA 2600:9000:5301:7300::1
;rrset 76596 1 0 8 0
ns-453.awsdns-56.com. 76596 IN A 205.251.193.197
;rrset 76552 1 0 1 0
g-ns-1194.awsdns-42.com. 76552 IN AAAA 2600:9000:5304:aa00::1
;rrset 76526 1 0 1 0
g-ns1.amzndns.co.uk. 76526 IN AAAA 2600:9000:5304:3b00::1
;rrset 75574 1 0 1 0
b2.org.afilias-nst.org. 75574 IN A 199.249.120.1
;rrset 76668 4 0 2 0
awsdns-40.co.uk. 76668 IN NS g-ns-936.awsdns-40.co.uk.
awsdns-40.co.uk. 76668 IN NS g-ns-1836.awsdns-40.co.uk.
awsdns-40.co.uk. 76668 IN NS g-ns-360.awsdns-40.co.uk.
awsdns-40.co.uk. 76668 IN NS g-ns-1515.awsdns-40.co.uk.
;rrset 78265 4 0 2 0
awsdns-46.com. 78265 IN NS g-ns-47.awsdns-46.com.
awsdns-46.com. 78265 IN NS g-ns-622.awsdns-46.com.
awsdns-46.com. 78265 IN NS g-ns-1198.awsdns-46.com.
awsdns-46.com. 78265 IN NS g-ns-1774.awsdns-46.com.
;rrset 76523 1 0 8 0
ns-1526.awsdns-62.org. 76523 IN AAAA 2600:9000:5305:f600::1
;rrset 83564 1 0 1 0
g-ns-926.awsdns-30.co.uk. 83564 IN AAAA 2600:9000:5303:9e00::1
;rrset 78361 1 1 8 0
dns1.p08.nsone.net. 78361 IN AAAA 2620:4d:4000:6259:7:8:0:1
dns1.p08.nsone.net. 78361 IN RRSIG AAAA 13 4 86400 20260130105935 20260129085935 12196 nsone.net. XlD+W4H7L/LrzYkoklDxATJd8C/5hfCTc2IrN4f0y4gXqrw+YF2L4vSGAY7nRsvKxyNz5Zpqq38UlJV+PaL2/g== ;{id = 12196}
;rrset 76526 1 0 1 0
g-ns-35.awsdns-34.com. 76526 IN A 205.251.192.35
;rrset 77067 1 1 8 0
dns1.p05.nsone.net. 77067 IN A 198.51.44.5
dns1.p05.nsone.net. 77067 IN RRSIG A 13 4 86400 20260130103801 20260129083801 12196 nsone.net. wxNTFn2Drse5HA77OOlKB6SrsvMBd/zVKVxlVCBgZ+P0AmBl6EaizV0bZwhsUgwBV6efKoedNrjYeNAzIqfDIQ== ;{id = 12196}
;rrset 75197 1 0 1 0
a.ip6-servers.arpa. 75197 IN AAAA 2620:37:e000::53
;rrset 2665 1 1 2 0
GDVOB7F6S4BALNA8JQ1GPTJ4DKBK0AED.co.uk. 2665 IN NSEC3 1 1 0 - gdvpuncntoq5q61tqd9id098651quhct NS DS RRSIG ;{flags: optout}
GDVOB7F6S4BALNA8JQ1GPTJ4DKBK0AED.co.uk. 2665 IN RRSIG NSEC3 8 3 10800 20260304165758 20260128163927 44346 co.uk. svUWF/0AdsU1ObpfDyZaviz97mYdbyJKWKm9Z606dduu3lKlzCsNCH5vn7PzyxXDgoztOYkJAfpnxLiXmXBZeTnM5lmIHqlyK5dZ002KWdol1/OpOsVty+zBBQymxv6rwIyDK2al0DJKub45tm2IsQ5R0ma042sxglgDMF7NPVuMSZyXe2MUrBrScaNZl2kZ3rKQmCJbBKK9zYRl01ICx3EiUhAbGwCR/m78JPUGjcTYE1ttbrxjbOtfpQsSXuIFlVvXHTd9sv2XrRzdEVIXUca51m/q4P4OaIai1ktLzx9Ue/w1upjqwqF6WCFpdkcmyx0mHy8Y766HHOVN75OfFQ== ;{id = 44346}
;rrset 76523 1 0 1 0
g-ns-1853.awsdns-57.co.uk. 76523 IN AAAA 2600:9000:5307:3d00::1
;rrset 76599 1 0 1 0
ns-tld5.charlestonroadregistry.com. 76599 IN A 216.239.60.105
;rrset 76524 1 0 1 0
ns1.cloudflare-dns.com. 76524 IN A 162.159.0.33
;rrset 76082 1 1 8 0
a.lactld.org. 76082 IN AAAA 2801:14:a000::10
a.lactld.org. 76082 IN RRSIG AAAA 13 3 86400 20260305201842 20251225201748 24121 lactld.org. 0WUZcCMhVCsIkzDGNmJc8YM8t1HdOo/F6P1YzmT4muiggArR7134WEwyQCW/Wtpzf0GoRMVyQlO77vnQ5AA1xg== ;{id = 24121}
;rrset 76596 1 0 1 0
g-ns-915.awsdns-19.co.uk. 76596 IN A 205.251.195.147
;rrset 78477 3 1 8 0
casey.ns.cloudflare.com. 78477 IN AAAA 2606:4700:58::a29f:2c9e
casey.ns.cloudflare.com. 78477 IN AAAA 2803:f800:50::6ca2:c39e
casey.ns.cloudflare.com. 78477 IN AAAA 2a06:98c1:50::ac40:239e
casey.ns.cloudflare.com. 78477 IN RRSIG AAAA 13 4 86353 20260130110214 20260128090214 34505 cloudflare.com. dkaBm2za0n15kB1fGBE3aNnz2G1fj/ck2sv2jf0VaLtX1PpS1PjmXPiiPsKSKLUUHmEHKAq02AATNDkVy07yiA== ;{id = 34505}
;rrset 77066 4 0 2 0
nsone.net. 77066 IN NS dns1.p01.nsone.net.
nsone.net. 77066 IN NS dns2.p01.nsone.net.
nsone.net. 77066 IN NS dns3.p01.nsone.net.
nsone.net. 77066 IN NS dns4.p01.nsone.net.
;rrset 77067 1 1 8 0
dns1.p05.nsone.net. 77067 IN AAAA 2620:4d:4000:6259:7:5:0:1
dns1.p05.nsone.net. 77067 IN RRSIG AAAA 13 4 86400 20260130103801 20260129083801 12196 nsone.net. lA4jVDd4sLEKLkj76VKnKNLdIaC+6CEtMicO7JhVpydMFh7LXTYixaKveFFPAB78z8+1QUMshvEO0kZ7psyN9w== ;{id = 12196}
;rrset 76526 1 0 1 0
ns3-194.akamaiedge.net. 76526 IN AAAA 2600:1406:32::c2
;rrset 77957 1 0 1 0
g-ns-17.awsdns-16.com. 77957 IN A 205.251.192.17
;rrset 75197 1 0 1 0
e.ip6-servers.arpa. 75197 IN A 203.119.86.101
;rrset 83464 2 0 2 0
hirsung.de. 83464 IN NS s02.de-en-es.com.
hirsung.de. 83464 IN NS s01.de-en-es.com.
;rrset 77066 1 0 1 0
ns01.quack-dns.com. 77066 IN A 148.163.196.1
;rrset 76526 1 0 8 0
a6-192.akamaiedge.net. 76526 IN A 23.211.133.192
;rrset 76521 1 0 1 0
g-ns-1184.awsdns-32.com. 76521 IN A 205.251.196.160
;rrset 83383 3 0 2 0
infonline.de. 83383 IN NS ns.infonline.de.
infonline.de. 83383 IN NS ns3.infonline.de.
infonline.de. 83383 IN NS ns4.infonline.de.
;rrset 76523 1 0 1 0
g-ns-493.awsdns-44.net. 76523 IN AAAA 2600:9000:5301:ed00::1
;rrset 76526 1 0 1 0
a0.nic.io. 76526 IN AAAA 2a01:8840:9e::17
;rrset 76552 1 0 8 0
ns-571.awsdns-07.net. 76552 IN AAAA 2600:9000:5302:3b00::1
;rrset 32881 1 1 8 0
ssdns-tld.nic.cl. 32881 IN AAAA 2001:1398:276:0:200:7:5:14
ssdns-tld.nic.cl. 32881 IN RRSIG AAAA 13 3 43200 20260208151201 20260125143045 10973 nic.cl. exFvLa+yqARFdjqTCpqob0o4yYvJ2Pkt9YzkPT9pcENxVG2W2WbSLLgKV1o2cNduSO4aL8/7gQwRlar+Qae+ww== ;{id = 10973}
;rrset 76082 1 1 8 0
ns4.apnic.net. 76082 IN AAAA 2001:dd8:12::53
ns4.apnic.net. 76082 IN RRSIG AAAA 13 3 604800 20260227020639 20260128003639 50917 apnic.net. 90BhAC4te8EVbHDP+0Hxz0Uvv2x+pc0vKrGPY0iuX93XMKNkgNUrfCQjItUV0YNPmrqKCcL5uQRv/bGdwsc+qA== ;{id = 50917}
;rrset 11797 1 0 8 2
www.google.com. 11797 IN HTTPS 1 . alpn="h2,h3"
;rrset 75574 1 1 2 0
com. 75574 IN DS 19718 13 2 8ACBB0CD28F41250A80A491389424D341522D946B0DA0C0291F2D3D771D7805A
com. 75574 IN RRSIG DS 8 1 86400 20260211050000 20260129040000 21831 . n0k19LoPc5NZErKaiz5XYhSislRTD3nuWSPJ5EBxNHfpmxl/9+C1UwlcBJznFG0ru7Z6/x+vrpH2ZLK19lyQVf4JURiMtUO0EopMCSNvd86HLFDdUHgonsFxmHkop0ydhU7Z6AFxf+PSwx78dE7OTxLo01C4v2TQAzarpNGcuhSVTq+lB+hmxAVXo0UWouRv7Azvlm93qZSMrn91m5gSuydjNFVaLxEv5+4jvLdaW6y+ZiALvhGBlngfCFVBKzKezOI6oIC/M4HA+1p3Q7AJmzl2yEqTJ9688Q7ad+gCROCyJiYPCdbNxuMzsV78XJzVpB3sc6c0zCtzkXWm8hpqww== ;{id = 21831}
;rrset 78264 1 1 8 0
dns2.p08.nsone.net. 78264 IN AAAA 2a00:edc0:6259:7:8::2
dns2.p08.nsone.net. 78264 IN RRSIG AAAA 13 4 86400 20260130105758 20260129085758 12196 nsone.net. zK9Y417hrsLhRzGjN0KZWveKZIm5ACvRH1uIrZyuXlSnzfW5i28FVd9GHO/0sCRa0xrCSdgOffQKrbOSJ5zzcg== ;{id = 12196}
;rrset 76524 1 0 1 0
g-ns-601.awsdns-25.com. 76524 IN AAAA 2600:9000:5302:5900::1
;rrset 78265 1 0 1 0
g-ns-459.awsdns-10.net. 78265 IN AAAA 2600:9000:5301:cb00::1
;rrset 76296 1 0 1 0
anyns.pch.net. 76296 IN A 204.61.216.4
;rrset 76523 1 0 1 0
g-ns-1750.awsdns-22.com. 76523 IN A 205.251.198.214
;rrset 78265 1 0 1 0
g-ns-1354.awsdns-10.net. 78265 IN AAAA 2600:9000:5305:4a00::1
;rrset 76553 1 0 1 0
g-ns-770.awsdns-00.net. 76553 IN AAAA 2600:9000:5303:200::1
;rrset 83384 4 0 2 0
3qsdn.com. 83384 IN NS ns1.3qsdn.net.
3qsdn.com. 83384 IN NS ns2.3qsdn.net.
3qsdn.com. 83384 IN NS ns3.3qsdn.net.
3qsdn.com. 83384 IN NS ns4.3qsdn.net.
;rrset 76526 4 0 2 0
io. 76526 IN NS a0.nic.io.
io. 76526 IN NS a2.nic.io.
io. 76526 IN NS b0.nic.io.
io. 76526 IN NS c0.nic.io.
;rrset 76669 2 1 2 0
cscdns.net. 76669 IN DS 27069 13 2 B5009B0661DCFFEA86A9B649A2B46BC5D77718F3136060A14292894BC1DF2B58
cscdns.net. 76669 IN DS 27069 13 1 24A81756C21C20B42FB123D0900A3B4BD6CC5CDD
cscdns.net. 76669 IN RRSIG DS 13 2 86400 20260203032521 20260127021521 44109 net. hXOTuWs50XQ9qhOFUPBnUot783p2q06H7fDhmq1U0HlbnSV/gf8mG85DNgtGh4+9rZPFwrLHyDAUyA2ywW47MQ== ;{id = 44109}
;rrset 988 1 0 8 0
n2g.akamaiedge.net. 988 IN A 92.123.70.27
;rrset 76521 1 0 1 0
g-ns-334.awsdns-14.co.uk. 76521 IN AAAA 2600:9000:5301:4e00::1
;rrset 76526 1 0 8 0
ns-378.awsdns-47.com. 76526 IN A 205.251.193.122
;rrset 83564 1 0 1 0
g-ns-41.awsdns-40.com. 83564 IN AAAA 2600:9000:5300:2900::1
;rrset 76526 1 0 1 0
g-ns3.amzndns.net. 76526 IN A 205.251.194.146
;rrset 76295 1 1 2 0
leaseweb.com. 76295 IN DS 34591 13 2 B779AC03425FAC6C2C5EB95D5DDEA5C8FB4B162915E821E9A88C8D061A7DFB31
leaseweb.com. 76295 IN RRSIG DS 13 2 86400 20260204025342 20260128014342 35511 com. YvgcdGbWgX5HKbJCXzeRAH5ImPrmpKhoqGHwvpCir8nR+MjEg+iCLToY27DYVNBTjgK2tJoKRCLawLAABlbEEQ== ;{id = 35511}
;rrset 76523 1 1 2 0
transcend-cdn.com. 76523 IN DS 2371 13 2 4C33745AE12AA89355F25BC6C62425A69062D0076A3A1E491406DEA9F38EA109
transcend-cdn.com. 76523 IN RRSIG DS 13 2 86400 20260202015201 20260126004201 35511 com. Muy7Yh1du4felCJPyc4mxY9eDFEq6azDS8iDHrBRSrZa+LCvNQl5g8LrrpKiWwleRQJsOrW9jmK3ZagCsb5OFQ== ;{id = 35511}
;rrset 76523 1 0 1 0
ns5.googledomains.com. 76523 IN A 216.239.32.10
;rrset 76523 1 0 8 0
ns-cloud-c3.googledomains.com. 76523 IN A 216.239.36.108
;rrset 76526 4 0 2 0
reddit.com. 76526 IN NS ns-557.awsdns-05.net.
reddit.com. 76526 IN NS ns-378.awsdns-47.com.
reddit.com. 76526 IN NS ns-1029.awsdns-00.org.
reddit.com. 76526 IN NS ns-1887.awsdns-43.co.uk.
;rrset 75574 1 0 1 0
b0.org.afilias-nst.org. 75574 IN A 199.19.54.1
;rrset 78526 1 0 1 0
g-ns-1526.awsdns-51.co.uk. 78526 IN A 205.251.197.246
;rrset 76553 1 0 8 0
ns-120.awsdns-15.com. 76553 IN A 205.251.192.120
;rrset 83564 1 0 8 0
ns-1321.awsdns-37.org. 83564 IN A 205.251.197.41
;rrset 20 1 0 8 0
helium.ns.hetzner.de. 20 IN AAAA 2001:67c:192c::add:5
;rrset 83388 1 0 1 0
g-ns-1752.awsdns-24.com. 83388 IN AAAA 2600:9000:5306:d800::1
;rrset 83564 1 0 1 0
g-ns-1956.awsdns-36.net. 83564 IN AAAA 2600:9000:5307:a400::1
;rrset 76524 1 0 1 0
g-ns-1796.awsdns-00.co.uk. 76524 IN A 205.251.199.4
;rrset 76523 1 0 1 0
g-ns-953.awsdns-57.co.uk. 76523 IN AAAA 2600:9000:5303:b900::1
;rrset 75197 1 0 3 0
h.root-servers.net. 75197 IN A 198.97.190.53
;rrset 77067 1 1 8 0
dns4.p05.nsone.net. 77067 IN A 198.51.45.69
dns4.p05.nsone.net. 77067 IN RRSIG A 13 4 86400 20260130103801 20260129083801 12196 nsone.net. EPf00ZkUhV3gpzGOVSTuwsoNtiyQBh0ZB+KDLhD4HTphUa/I9EFn6UlT5lVeVTMCPjzj+hLlyXDny9GHcL4VmQ== ;{id = 12196}
;rrset 83388 1 0 8 0
ns-953.awsdns-55.net. 83388 IN AAAA 2600:9000:5303:b900::1
;rrset 76551 1 0 1 0
g-ns-19.awsdns-18.com. 76551 IN AAAA 2600:9000:5300:1300::1
;rrset 76524 1 0 1 0
g-ns-896.awsdns-00.co.uk. 76524 IN A 205.251.195.128
;rrset 83388 4 0 2 0
engagently.com. 83388 IN NS ns-62.awsdns-07.com.
engagently.com. 83388 IN NS ns-522.awsdns-01.net.
engagently.com. 83388 IN NS ns-1668.awsdns-16.co.uk.
engagently.com. 83388 IN NS ns-1131.awsdns-13.org.
;rrset 76668 1 0 1 0
e.nic.ch. 76668 IN A 194.0.17.1
;rrset 83564 1 0 1 0
g-ns-1380.awsdns-36.net. 83564 IN AAAA 2600:9000:5305:6400::1
;rrset 764 1 0 1 0
g-ns-179.awsdns-51.org. 764 IN A 205.251.192.179
;rrset 76668 1 0 1 0
a.nic.ch. 76668 IN A 130.59.31.41
;rrset 76668 1 0 1 0
dns3.equant.net. 76668 IN A 57.68.127.194
;rrset 76523 1 0 1 0
g-ns-376.awsdns-56.co.uk. 76523 IN AAAA 2600:9000:5301:7800::1
;rrset 76296 1 0 1 0
b0.nic.me. 76296 IN A 199.253.60.1
;rrset 78526 1 0 1 0
g-ns-52.awsdns-51.com. 78526 IN A 205.251.192.52
;rrset 76523 1 0 8 0
ns-cloud-d2.googledomains.com. 76523 IN AAAA 2001:4860:4802:34::6d
;rrset 77066 1 0 1 0
dns1.p01.nsone.net. 77066 IN A 198.51.44.1
;rrset 76526 1 0 1 0
a7-64.akam.net. 76526 IN A 23.61.199.64
;rrset 77066 1 1 8 0
dns2.p05.nsone.net. 77066 IN AAAA 2a00:edc0:6259:7:5::2
dns2.p05.nsone.net. 77066 IN RRSIG AAAA 13 4 86400 20260130103800 20260129083800 12196 nsone.net. sopRfLudQcUTcsPU4IcFORCvTpXHVVNKBU7QzCRRnZL7xB1KCTl1eL2V1Foytybnm7cy4toEefSjsFesck4Qcg== ;{id = 12196}
;rrset 76552 1 0 1 0
g-ns-820.awsdns-50.net. 76552 IN AAAA 2600:9000:5303:3400::1
;rrset 76597 1 0 1 0
g-ns-803.awsdns-33.net. 76597 IN AAAA 2600:9000:5303:2300::1
;rrset 76296 3 0 1 0
woz.ns.cloudflare.com. 76296 IN A 108.162.193.150
woz.ns.cloudflare.com. 76296 IN A 172.64.33.150
woz.ns.cloudflare.com. 76296 IN A 173.245.59.150
;rrset 77048 4 0 2 0
awsdns-24.net. 77048 IN NS g-ns-473.awsdns-24.net.
awsdns-24.net. 77048 IN NS g-ns-794.awsdns-24.net.
awsdns-24.net. 77048 IN NS g-ns-1368.awsdns-24.net.
awsdns-24.net. 77048 IN NS g-ns-1944.awsdns-24.net.
;rrset 76599 1 0 1 0
ns-tld4.charlestonroadregistry.com. 76599 IN A 216.239.38.105
;rrset 584 1 0 1 0
ns1.cdn77.org. 584 IN AAAA 2a02:6ea0:cd77::1
;rrset 75574 1 0 1 0
ns1.your-server.de. 75574 IN A 213.133.100.102
;rrset 77048 1 0 1 0
g-ns-473.awsdns-24.net. 77048 IN AAAA 2600:9000:5301:d900::1
;rrset 76526 1 0 1 0
g-ns-463.awsdns-14.net. 76526 IN A 205.251.193.207
;rrset 76521 1 0 1 0
g-ns-1760.awsdns-32.com. 76521 IN AAAA 2600:9000:5306:e000::1
;rrset 76658 1 0 1 0
g-ns-1848.awsdns-52.co.uk. 76658 IN AAAA 2600:9000:5307:3800::1
;rrset 83388 1 0 8 0
ns-1820.awsdns-35.co.uk. 83388 IN AAAA 2600:9000:5307:1c00::1
;rrset 584 1 0 1 0
ns1.cdn77.org. 584 IN A 212.102.32.100
;rrset 76082 1 0 1 0
ns1.afrinic.net. 76082 IN A 196.216.2.1
;rrset 76526 1 0 1 0
ns4.google.com. 76526 IN A 216.239.38.10
;rrset 75574 1 0 1 0
a2.org.afilias-nst.info. 75574 IN AAAA 2001:500:40::1
;rrset 78265 1 0 1 0
g-ns-1354.awsdns-10.net. 78265 IN A 205.251.197.74
;rrset 75197 1 0 1 0
s.de.net. 75197 IN A 195.243.137.26
;rrset 306 1 0 7 2
awsglobalaccelerator.com. 306 IN SOA ns-609.awsdns-12.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400
;rrset 83564 1 0 1 0
g-ns-1926.awsdns-06.net. 83564 IN A 205.251.199.134
;rrset 76668 1 0 8 0
ns-1198.awsdns-21.org. 76668 IN AAAA 2600:9000:5304:ae00::1
;rrset 83388 1 0 1 0
g-ns-1510.awsdns-35.co.uk. 83388 IN AAAA 2600:9000:5305:e600::1
;rrset 83564 1 0 1 0
g-ns-1209.awsdns-57.com. 83564 IN A 205.251.196.185
;rrset 75197 1 0 8 0
pns.dtag.de. 75197 IN A 194.25.0.125
;rrset 76524 1 1 2 0
iana-servers.net. 76524 IN DS 7474 8 2 893CC96419BA2F255A8C9BE913753AD2CA7265C67B9D1BAF3CD18AEC4CBFEA9C
iana-servers.net. 76524 IN RRSIG DS 13 2 86400 20260202032006 20260126021006 44109 net. kx3AFRURtMlBepcKP0G5pz1lbA/sHNOxs24QL+iX5QwzfGf3P0brtpAYBFyL5f7Bmpx5FMq7nOl5eWeJYo5fAQ== ;{id = 44109}
;rrset 77048 1 0 1 0
g-ns-1944.awsdns-24.net. 77048 IN AAAA 2600:9000:5307:9800::1
;rrset 18924 1 1 8 0
c.icann-servers.net. 18924 IN A 199.43.134.53
c.icann-servers.net. 18924 IN RRSIG A 13 3 28800 20260219014844 20260128223656 44294 icann-servers.net. 4wooNfCV/gq3dUid2Ey+gQJIXz3AkG9Wr6Y0tQaf4Pb65/c2+pxQnM0DswXF/tmKzbMu0bhzWPfL+vytvSNqTQ== ;{id = 44294}
;rrset 988 1 0 8 0
n6g.akamaiedge.net. 988 IN A 95.100.135.68
;rrset 76553 1 0 8 0
ns-1554.awsdns-02.co.uk. 76553 IN A 205.251.198.18
;rrset 76552 1 0 1 0
g-ns-1939.awsdns-19.net. 76552 IN A 205.251.199.147
;rrset 76524 2 0 1 0
ns7.cloudflare.com. 76524 IN A 162.159.4.8
ns7.cloudflare.com. 76524 IN A 162.159.6.6
;rrset 76521 1 0 8 0
ns7-66.akam.net. 76521 IN A 96.7.49.66
;rrset 83564 1 0 8 0
ns-1630.awsdns-11.co.uk. 83564 IN A 205.251.198.94
;rrset 76551 1 0 8 0
ns-571.awsdns-07.net. 76551 IN A 205.251.194.59
;rrset 76523 1 0 1 0
ns2.fastly-edge.com. 76523 IN AAAA 2a04:4e47:1::32
;rrset 76526 1 0 8 0
pdns196.ultradns.info. 76526 IN AAAA 2610:a1:1016::e8
;rrset 75197 1 0 1 0
f.nic.de. 75197 IN AAAA 2a02:568:0:2::53
;rrset 76295 1 1 2 0
leaseweb.net. 76295 IN DS 42946 13 2 2670CF99FF7216BED818AE0880EAE250A90ECFC1522E1DF7A0593AC98A15A4A9
leaseweb.net. 76295 IN RRSIG DS 13 2 86400 20260202032116 20260126021116 44109 net. LYkkd9/UJtenjyTt/OJSMHuLQnjrc6SvemkrYLfUNTfW/uXlfBgKoP34MFcI6FgxducvH0Mm8yT6iYsKwJZk3w== ;{id = 44109}
;rrset 76553 1 0 8 0
ns-664.awsdns-19.net. 76553 IN A 205.251.194.152
;rrset 76552 4 0 2 0
awsdns-07.co.uk. 76552 IN NS g-ns-327.awsdns-07.co.uk.
awsdns-07.co.uk. 76552 IN NS g-ns-903.awsdns-07.co.uk.
awsdns-07.co.uk. 76552 IN NS g-ns-1482.awsdns-07.co.uk.
awsdns-07.co.uk. 76552 IN NS g-ns-1803.awsdns-07.co.uk.
;rrset 76524 1 0 1 0
g-ns-1475.awsdns-00.co.uk. 76524 IN AAAA 2600:9000:5305:c300::1
;rrset 76552 1 0 1 0
g-ns-789.awsdns-19.net. 76552 IN A 205.251.195.21
;rrset 78265 1 0 1 0
g-ns-47.awsdns-46.com. 78265 IN A 205.251.192.47
;rrset 76521 1 0 1 0
g-ns-1940.awsdns-20.net. 76521 IN A 205.251.199.148
;rrset 75574 1 0 1 0
d0.org.afilias-nst.org. 75574 IN A 199.19.57.1
;rrset 83564 1 0 1 0
g-ns-1768.awsdns-40.com. 83564 IN A 205.251.198.232
;rrset 76523 1 0 8 0
ns-1799.awsdns-32.co.uk. 76523 IN A 205.251.199.7
;rrset 76524 2 0 1 0
ns5.cloudflare.com. 76524 IN A 162.159.2.9
ns5.cloudflare.com. 76524 IN A 162.159.9.55
;rrset 78265 1 0 8 0
ns-1411.awsdns-48.org. 78265 IN AAAA 2600:9000:5305:8300::1
;rrset 76552 4 0 2 0
awsdns-42.com. 76552 IN NS g-ns-43.awsdns-42.com.
awsdns-42.com. 76552 IN NS g-ns-618.awsdns-42.com.
awsdns-42.com. 76552 IN NS g-ns-1194.awsdns-42.com.
awsdns-42.com. 76552 IN NS g-ns-1770.awsdns-42.com.
;rrset 76553 1 0 1 0
g-ns-1755.awsdns-27.com. 76553 IN A 205.251.198.219
;rrset 76668 1 0 1 0
g-ns-1211.awsdns-59.com. 76668 IN A 205.251.196.187
;rrset 75197 1 0 1 0
i.gtld-servers.net. 75197 IN A 192.43.172.30
;rrset 77957 1 0 1 0
g-ns-514.awsdns-63.net. 77957 IN AAAA 2600:9000:5302:200::1
;rrset 76526 1 0 1 0
g-ns1.amzndns.com. 76526 IN AAAA 2600:9000:5302:3800::1
;rrset 569 1 0 8 0
telemetry.mozilla.org. 569 IN A 34.107.134.242
;rrset 76524 1 0 1 0
ns2.cloudflare-dns.com. 76524 IN AAAA 2400:cb00:2049:1::a29f:121
;rrset 78265 1 0 1 0
g-ns-361.awsdns-41.co.uk. 78265 IN AAAA 2600:9000:5301:6900::1
;rrset 76521 1 0 1 0
g-ns-608.awsdns-32.com. 76521 IN AAAA 2600:9000:5302:6000::1
;rrset 76668 1 0 8 0
ns-1528.awsdns-63.org. 76668 IN AAAA 2600:9000:5305:f800::1
;rrset 77882 3 1 8 0
nick.ns.cloudflare.com. 77882 IN AAAA 2606:4700:58::adf5:3bd5
nick.ns.cloudflare.com. 77882 IN AAAA 2803:f800:50::6ca2:c1d5
nick.ns.cloudflare.com. 77882 IN AAAA 2a06:98c1:50::ac40:21d5
nick.ns.cloudflare.com. 77882 IN RRSIG AAAA 13 4 86353 20260130105223 20260128085223 34505 cloudflare.com. IJrSj9jLMGc0V4jVZf8DIM/vO7p78ENzlrsMOxqp23f006/5L5uu/nV0T6JOXy5t1OI80FLhSU93D9pS5u1fDA== ;{id = 34505}
;rrset 584 1 0 8 0
ns3.3qsdn.net. 584 IN A 91.242.173.38
;rrset 76599 1 0 8 2
ep1.adtrafficquality.google. 76599 IN HTTPS 1 . alpn="h2,h3"
;rrset 75197 1 0 3 0
m.root-servers.net. 75197 IN A 202.12.27.33
;rrset 78265 1 0 8 0
ns-1411.awsdns-48.org. 78265 IN A 205.251.197.131
;rrset 76526 1 0 1 0
n.gtld.biz. 76526 IN AAAA 2610:a1:3280::53
;rrset 2724 1 1 7 0
ENI8UO5JPFVDKD2S86NDHM73OIL7UQ0C.wetterstation-pliening.info. 2724 IN NSEC3 1 0 0 - fnmbgadd8ik7uqfs8opc12a1mjc6os8a A NS SOA MX TXT AAAA RRSIG DNSKEY NSEC3PARAM TYPE65534
ENI8UO5JPFVDKD2S86NDHM73OIL7UQ0C.wetterstation-pliening.info. 2724 IN RRSIG NSEC3 13 3 3600 20260211082448 20260128191743 3760 wetterstation-pliening.info. EODAlcHYnQwN/a9Op0pUpfHtI8i1+glXn0dFPYWE08cUApCFCXsY9YuQ+AjAY4FX2GOvbqLV2H5S/h7jy+1qxg== ;{id = 3760}
;rrset 83564 1 0 8 0
ns-1065.awsdns-05.org. 83564 IN AAAA 2600:9000:5304:2900::1
;rrset 76526 4 0 2 0
amzndns.net. 76526 IN NS g-ns1.amzndns.net.
amzndns.net. 76526 IN NS g-ns2.amzndns.net.
amzndns.net. 76526 IN NS g-ns3.amzndns.net.
amzndns.net. 76526 IN NS g-ns4.amzndns.net.
;rrset 76668 1 0 1 0
g-ns-1836.awsdns-40.co.uk. 76668 IN AAAA 2600:9000:5307:2c00::1
;rrset 76526 1 0 1 0
g-ns-1349.awsdns-05.net. 76526 IN A 205.251.197.69
;rrset 76081 1 0 1 0
c.nic.cl. 76081 IN A 200.16.112.16
;rrset 83383 3 0 1 0
gwen.ns.cloudflare.com. 83383 IN A 108.162.192.160
gwen.ns.cloudflare.com. 83383 IN A 172.64.32.160
gwen.ns.cloudflare.com. 83383 IN A 173.245.58.160
;rrset 764 1 0 1 0
g-ns-1078.awsdns-51.org. 764 IN AAAA 2600:9000:5304:3600::1
;rrset 588 1 1 2 0
mchrae8vnhe89mjtv3okfidikd332avr.org. 588 IN NSEC3 1 1 0 332539EE7F95C32A mci0lfk6nodm3enk4dldiivh3jbjlu19 NS DS RRSIG ;{flags: optout}
mchrae8vnhe89mjtv3okfidikd332avr.org. 588 IN RRSIG NSEC3 8 2 3600 20260215152414 20260125142414 37176 org. dVCkwFMXGYdUKqAb7P4wfQN5Wj26f518GXCH6vkaSE+zMSXf6lsO/DBAm1kGZ+fjRaHRzyjjFlL79tZlL5ll7zWnihdtYJn+9ATV5f8S6YX+OGduRrpBGENCiSDRqR4bnmoso3Bo0KfTqi7qMCHFoKhzrHcXwoP+NxefRDECIQ0= ;{id = 37176}
;rrset 76524 2 0 1 0
ns6.cloudflare.com. 76524 IN AAAA 2400:cb00:2049:1::a29f:30b
ns6.cloudflare.com. 76524 IN AAAA 2400:cb00:2049:1::a29f:506
;rrset 76523 1 0 1 0
ns3.fastly-edge.com. 76523 IN A 23.235.36.32
;rrset 76620 3 1 8 0
elinore.ns.cloudflare.com. 76620 IN A 172.64.32.153
elinore.ns.cloudflare.com. 76620 IN A 173.245.58.153
elinore.ns.cloudflare.com. 76620 IN A 108.162.192.153
elinore.ns.cloudflare.com. 76620 IN RRSIG A 13 4 86353 20260130103121 20260128083121 34505 cloudflare.com. QjdCrpcVwP41KSysCm80Gd7vnlQFK1a13XeY3TPwBIOjqvIXqpN55Pr6pjsXW9MhhFYNCfGQs7rmy9rxrkh5oA== ;{id = 34505}
;rrset 76524 1 0 1 0
ns3.cloudflare-dns.com. 76524 IN AAAA 2400:cb00:2049:1::a29f:209
;rrset 76552 1 0 1 0
g-ns-1803.awsdns-07.co.uk. 76552 IN A 205.251.199.11
;rrset 76524 1 1 2 0
ipv4only.arpa. 76524 IN NSEC iris.arpa. NS RRSIG NSEC
ipv4only.arpa. 76524 IN RRSIG NSEC 8 2 86400 20260211060000 20260129050000 41323 arpa. rpkYYbEHXlGfKsB4HcKUoA7MYvW0+izNROHynTi9XrMHIiIyWEYDWhKlQjx/zk09PK8yZG3FmJkrrBy0f8foxqdajL+xlNAENNVWMzQ4Ax9jVXXMczpC39poLogG0dKtLnPH3ZDPJgDd91pDqNVHOngCzy3fwQYXL+K5tqXG8dkaOeO5w8vip9gpJNxzPSpycRrHlcDe6rbJnmXwiXPq8SYhI1Gh+PGzH7jYXb3eiFvO8DD76x4mjJ87gAR+GJxDN4V7rpPHwbh6FaVt68kaHrprgKO41ORL5Lt0gV/89RQuVUtgEG5ES/Rm9+orgQ4qzH4dimEBeQvDs2/AjZZ/8g== ;{id = 41323}
;rrset 76523 1 0 1 0
g-ns-1852.awsdns-56.co.uk. 76523 IN AAAA 2600:9000:5307:3c00::1
;rrset 76523 1 0 8 0
ns-cloud-c1.googledomains.com. 76523 IN AAAA 2001:4860:4802:32::6c
;rrset 76596 1 0 8 0
b.ns.facebook.com. 76596 IN A 129.134.31.12
;rrset 83388 1 0 8 0
ns-1820.awsdns-35.co.uk. 83388 IN A 205.251.199.28
;rrset 83564 1 0 8 0
ns-1782.awsdns-30.co.uk. 83564 IN A 205.251.198.246
;rrset 76668 1 0 1 0
g-ns-1787.awsdns-59.com. 76668 IN AAAA 2600:9000:5306:fb00::1
;rrset 78579 1 0 1 0
g-ns-810.awsdns-40.net. 78579 IN AAAA 2600:9000:5303:2a00::1
;rrset 78579 1 0 1 0
g-ns-1197.awsdns-45.com. 78579 IN A 205.251.196.173
;rrset 76668 1 1 8 0
nsusa.comlaude.net. 76668 IN A 198.51.44.75
nsusa.comlaude.net. 76668 IN RRSIG A 13 3 86400 20260130103122 20260129083122 8875 comlaude.net. CyyFTEZpNXIcm6UeQfmq90WX9anPXRWDoWcnYPwrf2rwBbgWtR/FCCiOXm0ts0cIn4tqPXvFsYMBBbcsClW4rQ== ;{id = 8875}
;rrset 764 1 0 1 0
g-ns-711.awsdns-05.org. 764 IN A 205.251.194.199
;rrset 83388 1 0 1 0
g-ns-336.awsdns-16.co.uk. 83388 IN AAAA 2600:9000:5301:5000::1
;rrset 1328 1 1 11 5
0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. 1328 IN DNSKEY 257 3 13 GJBi9jddV87CzFWiQiTNs10+GsfGQABRqglbsOMP1mdy+zCLkOJDoonB2h+hV3jOd3+WfbjutPCjeiShuXzvGA== ;{id = 6001 (ksk), size = 256b}
0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. 1328 IN RRSIG DNSKEY 13 18 3600 20260212075344 20260129065344 6001 0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. xk1cT0GYgTUEdiOvw/os0o4yQOpQAVI2BQhuPTD3twpFu62/OVpE1oUYRsTGF33OqjElCpp7YQbnX89l8ChmBA== ;{id = 6001}
;rrset 76523 1 0 1 0
g-ns-782.awsdns-12.net. 76523 IN A 205.251.195.14
;rrset 76668 1 0 8 0
dns1.equant.net. 76668 IN A 57.67.127.194
;rrset 78265 8 0 2 0
githubusercontent.com. 78265 IN NS ns-181.awsdns-22.com.
githubusercontent.com. 78265 IN NS ns-596.awsdns-10.net.
githubusercontent.com. 78265 IN NS ns-1867.awsdns-41.co.uk.
githubusercontent.com. 78265 IN NS ns-1411.awsdns-48.org.
githubusercontent.com. 78265 IN NS dns1.p01.nsone.net.
githubusercontent.com. 78265 IN NS dns2.p01.nsone.net.
githubusercontent.com. 78265 IN NS dns3.p01.nsone.net.
githubusercontent.com. 78265 IN NS dns4.p01.nsone.net.
;rrset 76034 1 0 1 0
a28-67.akam.net. 76034 IN AAAA 2600:1480:d800::43
;rrset 76596 3 0 1 0
amber.ns.cloudflare.com. 76596 IN A 108.162.192.64
amber.ns.cloudflare.com. 76596 IN A 172.64.32.64
amber.ns.cloudflare.com. 76596 IN A 173.245.58.64
;rrset 83452 1 0 1 0
b.nic.space. 83452 IN A 185.24.64.51
;rrset 588 1 0 1 0
g-ns-1625.awsdns-25.org. 588 IN AAAA 2600:9000:5306:5900::1
;rrset 75197 1 0 3 0
a.root-servers.net. 75197 IN A 198.41.0.4
;rrset 76552 1 0 1 0
g-ns-1829.awsdns-33.co.uk. 76552 IN A 205.251.199.37
;rrset 76524 1 1 2 0
icann-servers.net. 76524 IN DS 44921 13 2 DC554C1F5D2A0668698CCF58C88125B1C926D5E3CB9FEF97A7F3A07838EA1CFF
icann-servers.net. 76524 IN RRSIG DS 13 2 86400 20260204032853 20260128021853 44109 net. t7qM1C6ShTwE4EpMsRJbE8WsODJl/L+9RLEeqwsTDhGoDSA0tQkq/AfOPuilg94aJBKx1rzGORwxOS68yykkNg== ;{id = 44109}
;rrset 76551 1 0 1 0
g-ns-1170.awsdns-18.com. 76551 IN AAAA 2600:9000:5304:9200::1
;rrset 77066 1 0 1 0
dns3.p01.nsone.net. 77066 IN AAAA 2620:4d:4000:6259:7:1:0:3
;rrset 76552 1 0 1 0
g-ns-499.awsdns-50.net. 76552 IN AAAA 2600:9000:5301:f300::1
;rrset 568 4 0 2 0
sentry.io. 568 IN NS ns-cloud-d2.googledomains.com.
sentry.io. 568 IN NS ns-cloud-d1.googledomains.com.
sentry.io. 568 IN NS ns-cloud-d4.googledomains.com.
sentry.io. 568 IN NS ns-cloud-d3.googledomains.com.
;rrset 76526 4 0 2 0
tagesschau.de. 76526 IN NS ns-cloud-e1.googledomains.com.
tagesschau.de. 76526 IN NS ns-cloud-e2.googledomains.com.
tagesschau.de. 76526 IN NS ns-cloud-e3.googledomains.com.
tagesschau.de. 76526 IN NS ns-cloud-e4.googledomains.com.
;rrset 77957 1 0 1 0
g-ns-1983.awsdns-63.net. 77957 IN AAAA 2600:9000:5307:bf00::1
;rrset 76526 1 0 1 0
a2.nic.io. 76526 IN A 65.22.163.17
;rrset 76523 1 0 1 0
g-ns-493.awsdns-44.net. 76523 IN A 205.251.193.237
;rrset 76296 3 0 2 0
foundationdns.net. 76296 IN NS blue.foundationdns.com.
foundationdns.net. 76296 IN NS blue.foundationdns.net.
foundationdns.net. 76296 IN NS blue.foundationdns.org.
;rrset 584 1 0 1 0
ns2.cdn77.org. 584 IN AAAA 2a02:6ea0:cd00::1
;rrset 76081 1 1 2 0
cl. 76081 IN DS 21199 8 2 7D756DFFAB6D3CD9C786FF5C659954C22944FAEF9433EEE26F1D84EB5370B394
cl. 76081 IN RRSIG DS 8 1 86400 20260211050000 20260129040000 21831 . rPz8cnYXAfM/ETehLjsxnIGiWofS4FT4QUDGMr5rxTVu2/6Bbw60qbG0f7G/Z4Fn5UlyLnYQFojD2Oix6oHwf3JaW8EAI/Z8NFe76+140tb4SdhlG9AQMySiTd8WsJnz/xYqOUJK14Vl90T9Xz5AgyMMlYUjBrGu60uc1FPSDOWKsPE6UBOMJ2DUPGm4JCg+KB+0mF0mjb1J5o9YSGhuZNfFJrK1QyyRLvA30L8oGKVTaXlyccHBQN4W3/S5ujf/N9KLlpNzQnS9nQt4zYKxqeKiD0I4wZi4v9hi7WCTg20DPn7Gv/LGdoIHIT0os1feLITVroXk5Tv85vS6hjyiIA== ;{id = 21831}
;rrset 76526 1 0 1 0
b0.nic.io. 76526 IN A 65.22.161.17
;rrset 76552 1 0 1 0
g-ns-1194.awsdns-42.com. 76552 IN A 205.251.196.170
;rrset 939 1 1 7 0
FD42P7DSL2F5BOECQ23GPU0E7CM5ST45.omni128.de. 939 IN NSEC3 1 0 0 - k523hhu8nu6qmqvcjkuil0tke95u748k A AAAA RRSIG
FD42P7DSL2F5BOECQ23GPU0E7CM5ST45.omni128.de. 939 IN RRSIG NSEC3 13 3 3600 20260211091405 20260128191743 29371 omni128.de. v8Ucrngaa4MBseoPQHyokAEwSHVqIF/l6TZ7GCwYPH5/wdROciAlcwfr3d1S1W7DJkh2EQa69eX68RJs7xz3IA== ;{id = 29371}
;rrset 76296 1 0 1 0
b0.nic.me. 76296 IN AAAA 2001:500:54::1
;rrset 4669 1 1 8 0
dns1.cscdns.net. 4669 IN AAAA 2610:a1:1022::100
dns1.cscdns.net. 4669 IN RRSIG AAAA 13 3 14400 20260208103340 20260125103340 17243 cscdns.net. lhwnjXENENiSgeKETI3it5KJyj4VG33B9rXGoMvmh0jbKWBSr3giWYLowrixCtqmodM9QFmb0r1tZVKvCPu9FQ== ;{id = 17243}
;rrset 76523 1 0 8 0
ns-1260.awsdns-29.org. 76523 IN A 205.251.196.236
;rrset 83452 1 0 8 0
ns-381.awsdns-47.com. 83452 IN AAAA 2600:9000:5301:7d00::1
;rrset 76596 1 0 8 0
c.ns.facebook.com. 76596 IN A 185.89.218.12
;rrset 83388 1 0 8 0
ns-522.awsdns-01.net. 83388 IN AAAA 2600:9000:5302:a00::1
;rrset 76526 1 0 1 0
g-ns4.amzndns.net. 76526 IN A 205.251.198.211
;rrset 76551 1 0 1 0
g-ns-19.awsdns-18.com. 76551 IN A 205.251.192.19
;rrset 1217 1 1 7 0
13.92.217.in-addr.arpa. 1217 IN SOA ns1.13.92.217.in-addr.arpa. hostmaster.nausch.org. 2026011208 28800 7200 1209600 3600
13.92.217.in-addr.arpa. 1217 IN RRSIG SOA 13 5 3600 20260212075344 20260129065344 7117 13.92.217.in-addr.arpa. dK7hmN2xfhPnWFK2cDuhKaA7kn4XKkMOcDDOlJCLBjEOEp34nW3EorBQ5mewcbLdcnclN2pOaqkEJw8oIvr8mg== ;{id = 7117}
;rrset 76296 1 0 1 0
a2.nic.me. 76296 IN AAAA 2001:500:47::1
;rrset 76596 1 0 1 0
g-ns-1494.awsdns-19.co.uk. 76596 IN AAAA 2600:9000:5305:d600::1
;rrset 76521 1 0 1 0
nsd.nic.uk. 76521 IN A 156.154.103.3
;rrset 76658 1 0 1 0
g-ns-1776.awsdns-48.com. 76658 IN AAAA 2600:9000:5306:f000::1
;rrset 569 1 1 2 0
8vlo360qgah014avpms0di1hfbruv4og.org. 569 IN NSEC3 1 1 0 332539EE7F95C32A 8vlpuiuf52alqph5hbekt8inhbuthq6d NS DS RRSIG ;{flags: optout}
8vlo360qgah014avpms0di1hfbruv4og.org. 569 IN RRSIG NSEC3 8 2 3600 20260215152414 20260125142414 37176 org. XCdUjsXdaE+NswYTItJv7Gcq83LuwilikCT1jGGclrLO/32AkOrDzNin65VNl/KAH2oJOQAlavdRbBE0q9IR+3eygUHv736djKUgM7Sol71S4KqsKVzP5LwagtjzVGED0DvGvPNRWZfUYHBwduqMB6w3xsTzCUpPAQv2Id/Vfls= ;{id = 37176}
;rrset 83564 1 0 8 0
ns-862.awsdns-43.net. 83564 IN AAAA 2600:9000:5303:5e00::1
;rrset 76522 1 0 8 0
ns-972.awsdns-57.net. 76522 IN A 205.251.195.204
;rrset 76523 1 0 8 0
ns-178.awsdns-22.com. 76523 IN A 205.251.192.178
;rrset 76596 1 0 8 0
a.ns.facebook.com. 76596 IN A 129.134.30.12
;rrset 76523 1 0 1 0
g-ns-1531.awsdns-56.co.uk. 76523 IN A 205.251.197.251
;rrset 78526 1 0 1 0
g-ns-1203.awsdns-51.com. 78526 IN AAAA 2600:9000:5304:b300::1
;rrset 76668 1 0 8 0
ns-1859.awsdns-40.co.uk. 76668 IN AAAA 2600:9000:5307:4300::1
;rrset 76526 1 0 1 0
g-ns1.amzndns.net. 76526 IN A 205.251.196.229
;rrset 76526 1 0 1 0
a28-65.akam.net. 76526 IN A 95.100.173.65
;rrset 76552 1 0 1 0
g-ns-468.awsdns-19.net. 76552 IN A 205.251.193.212
;rrset 76522 1 0 1 0
g-ns-827.awsdns-57.net. 76522 IN A 205.251.195.59
;rrset 76599 1 0 1 0
ns-tld1.charlestonroadregistry.com. 76599 IN A 216.239.32.105
;rrset 764 1 0 1 0
g-ns-743.awsdns-37.org. 764 IN A 205.251.194.231
;rrset 76524 1 0 8 0
ns-206.awsdns-25.com. 76524 IN A 205.251.192.206
;rrset 588 1 0 7 0
oblookup.com. 588 IN SOA dns1.p08.nsone.net. hostmaster.nsone.net. 1595267499 43200 7200 1209600 3600
;rrset 75197 1 0 1 0
b.gtld-servers.net. 75197 IN A 192.33.14.30
;rrset 77957 1 0 1 0
g-ns-193.awsdns-63.net. 77957 IN A 205.251.192.193
;rrset 588 1 0 1 0
g-ns-719.awsdns-13.org. 588 IN A 205.251.194.207
;rrset 76658 1 0 8 0
ns-387.awsdns-48.com. 76658 IN A 205.251.193.131
;rrset 76526 1 0 1 0
g-ns-1500.awsdns-25.co.uk. 76526 IN A 205.251.197.220
;rrset 76526 1 0 1 0
y.gtld.biz. 76526 IN A 37.209.196.13
;rrset 75197 1 0 1 0
g.gtld-servers.net. 75197 IN A 192.42.93.30
;rrset 76526 1 0 1 0
a1-66.akam.net. 76526 IN A 193.108.91.66
;rrset 76523 1 0 8 0
ns-614.awsdns-12.net. 76523 IN AAAA 2600:9000:5302:6600::1
;rrset 83383 2 0 2 0
dns1.de. 83383 IN NS anycast.regdns1.de.
dns1.de. 83383 IN NS anycast.regdns2.net.
;rrset 83388 4 0 2 0
awsdns-16.co.uk. 83388 IN NS g-ns-336.awsdns-16.co.uk.
awsdns-16.co.uk. 83388 IN NS g-ns-912.awsdns-16.co.uk.
awsdns-16.co.uk. 83388 IN NS g-ns-1491.awsdns-16.co.uk.
awsdns-16.co.uk. 83388 IN NS g-ns-1812.awsdns-16.co.uk.
;rrset 76523 1 0 1 0
g-ns-23.awsdns-22.com. 76523 IN AAAA 2600:9000:5300:1700::1
;rrset 764 1 0 1 0
g-ns-711.awsdns-05.org. 764 IN AAAA 2600:9000:5302:c700::1
;rrset 83388 1 0 8 0
ns-1668.awsdns-16.co.uk. 83388 IN AAAA 2600:9000:5306:8400::1
;rrset 76522 1 0 1 0
g-ns-1748.awsdns-20.com. 76522 IN A 205.251.198.212
;rrset 76551 1 0 1 0
g-ns-943.awsdns-47.co.uk. 76551 IN AAAA 2600:9000:5303:af00::1
;rrset 83564 1 0 8 0
ns-27.awsdns-03.com. 83564 IN A 205.251.192.27
;rrset 76668 1 0 1 0
g-ns-1215.awsdns-63.com. 76668 IN A 205.251.196.191
;rrset 76526 1 0 1 0
a10-66.akam.net. 76526 IN AAAA 2600:1480:d000::42
;rrset 76523 1 0 8 0
ns-cloud-e1.googledomains.com. 76523 IN A 216.239.32.110
;rrset 76526 8 0 2 0
ultradns.com. 76526 IN NS pdns196.ultradns.com.
ultradns.com. 76526 IN NS pdns196.ultradns.net.
ultradns.com. 76526 IN NS pdns196.ultradns.org.
ultradns.com. 76526 IN NS pdns196.ultradns.info.
ultradns.com. 76526 IN NS pdns196.ultradns.biz.
ultradns.com. 76526 IN NS pdns196.ultradns.co.uk.
ultradns.com. 76526 IN NS ns61.ultradns2.com.
ultradns.com. 76526 IN NS ns61.ultradns2.org.
;rrset 923 1 1 2 0
gmvcbgljontd24beovba8h4uuj20s81j.co.uk. 923 IN NSEC3 1 1 0 - gmvl0js55nk0qb90p7ctas094e986iea NS DS RRSIG ;{flags: optout}
gmvcbgljontd24beovba8h4uuj20s81j.co.uk. 923 IN RRSIG NSEC3 8 3 10800 20260305031618 20260129030947 44346 co.uk. vY5ADIWz5wNN6lZ+r1XAYzl+R8fnzpoY+2hebMO5nyCvNer7MRLO7y6z3Ylk0jL5lqRbWmgc+Hs0v6t5vmWahFNm8LaGLHFaYDp1M5l1xthFCB/I0LprJx/nfMXdmBfPp2UrLX4q8Sp74RN4tSk61/cf0/UKNrrOHNxaUBTRZA26dOEH1M/MxH9c+STGKGRVYtOYXdOjxZIzoJBiJpHJth/49Fx2btYjO1ogwaFMRHmuitwPEoZmXXDya2YrXZWUWm/AwrxdBnGUkgWJKwz7XC4STWZegHtDc/+ztFBCjcvAbcbUhWIlxlYOeNRzePLB5Rhw9JdlaXQhdT0mV4a9qw== ;{id = 44346}
;rrset 83564 4 0 2 0
awsdns-30.co.uk. 83564 IN NS g-ns-1826.awsdns-30.co.uk.
awsdns-30.co.uk. 83564 IN NS g-ns-926.awsdns-30.co.uk.
awsdns-30.co.uk. 83564 IN NS g-ns-350.awsdns-30.co.uk.
awsdns-30.co.uk. 83564 IN NS g-ns-1505.awsdns-30.co.uk.
;rrset 76552 1 0 8 0
ns-336.awsdns-42.com. 76552 IN A 205.251.193.80
;rrset 923 1 1 2 0
42O1NQD1NR75BHCBA6KBLD0VHF8M0PB8.co.uk. 923 IN NSEC3 1 1 0 - 42oq5lcrf04i7v0jugbdu4ije0r0h33l NS DS RRSIG ;{flags: optout}
42O1NQD1NR75BHCBA6KBLD0VHF8M0PB8.co.uk. 923 IN RRSIG NSEC3 8 3 10800 20260304194250 20260128193852 44346 co.uk. lmUrbVKg9daWl9jWOah1IL1O69npeCTfutAxWI4ccZuk4GB/k8kY9ZGfUzFSmRwNFK/srXxDJMieZ1puV6Sr4Jmrab7YK6zYi8NNTOfsO84siJi0gF5zdQN5feLH0bFWlqvMRQoNkex/8AFr20su4WyRO9Lyxj1ouB5g/LEDJ4LOs9JesDpsNjKAvsJxPXKjxKe6c6momHdNtFdrl77XFb4irLHMSj4HWx8QQyCDgihW9Lv5AhjbohZxiOg3KwYGTSWA6bJC3MGKJpJvpAp93OdIvTOw8qmqklu8IcW+Mk91r1nvHbv8pZi6ASXoBYQVM6mRbpZuetj6odL4A4d7ww== ;{id = 44346}
;rrset 76526 1 0 1 0
ns61.ultradns2.com. 76526 IN A 204.74.104.61
;rrset 652 4 0 2 0
awsdns-06.org. 652 IN NS g-ns-1033.awsdns-06.org.
awsdns-06.org. 652 IN NS g-ns-134.awsdns-06.org.
awsdns-06.org. 652 IN NS g-ns-1606.awsdns-06.org.
awsdns-06.org. 652 IN NS g-ns-712.awsdns-06.org.
;rrset 76296 5 0 2 0
me. 76296 IN NS a0.nic.me.
me. 76296 IN NS b0.nic.me.
me. 76296 IN NS b2.nic.me.
me. 76296 IN NS c0.nic.me.
me. 76296 IN NS a2.nic.me.
;rrset 588 1 0 1 0
g-ns-1052.awsdns-25.org. 588 IN A 205.251.196.28
;rrset 78265 1 1 8 0
dns4.p02.nsone.net. 78265 IN A 198.51.45.66
dns4.p02.nsone.net. 78265 IN RRSIG A 13 4 86400 20260130105759 20260129085759 12196 nsone.net. m0qdDnuqu80/IKGeYo4yfOjgHqqmh1U/Q4Cy7ZAfAfqKCDAKmYks57VpAOwo0Vd2c4GDjmoic8+Jn4Z++I7a1w== ;{id = 12196}
;rrset 83452 1 0 1 0
g-ns-1814.awsdns-18.co.uk. 83452 IN AAAA 2600:9000:5307:1600::1
;rrset 4264 1 1 2 0
0j5hk4a5p4b0c5job6i5rh0levtt1p0r.de. 4264 IN NSEC3 1 1 15 CA12B74ADB90591A 0j5lf84kiv22c0dtbo8p5i95h9bh73pp NS DS RRSIG ;{flags: optout}
0j5hk4a5p4b0c5job6i5rh0levtt1p0r.de. 4264 IN RRSIG NSEC3 8 2 7200 20260209132337 20260126115337 14058 de. YT5q0dtpX1ukQJtR9qJvwoE0XP3lwe7JJriLafpUzuzYj3Ed47Dl3u9HVuk7hjFY9J+lVPcddEWJGAG2w50+ku+Jvcm5G2hnrcoD08W9GKRwfjCAdbrEFHHvRZ1ArNxsjr+8dQX3zsvb+/2lnA6heibmVqQF+g9m6r3vIYbb7zw= ;{id = 14058}
;rrset 83388 1 0 8 0
ns-522.awsdns-01.net. 83388 IN A 205.251.194.10
;rrset 78265 1 0 1 0
g-ns-622.awsdns-46.com. 78265 IN A 205.251.194.110
;rrset 76526 1 0 1 0
a2.info.afilias-nst.info. 76526 IN A 199.249.113.1
;rrset 939 1 1 7 0
1KIJKA46V3JHCQS25LTECC61LVBE80M5.omni128.de. 939 IN NSEC3 1 0 0 - 910fnfjuoqgstkck4vfhqsba5hhvbjhb TXT RRSIG
1KIJKA46V3JHCQS25LTECC61LVBE80M5.omni128.de. 939 IN RRSIG NSEC3 13 3 3600 20260211181615 20260128191743 29371 omni128.de. 6yU8TY0bGDy9PclzyoluACEK6EkeSAqhkEw26ff8jh4zgU9pZvWSFndb9okt3NOKvEzRcHRJsyq9oxUYQkVW8g== ;{id = 29371}
;rrset 76551 1 0 1 0
g-ns-1351.awsdns-07.net. 76551 IN A 205.251.197.71
;rrset 76081 1 0 1 0
cl-ns.anycast.pch.net. 76081 IN A 204.61.216.30
;rrset 76551 1 0 1 0
g-ns-605.awsdns-29.com. 76551 IN A 205.251.194.93
;rrset 75197 1 0 1 0
b.ip6-servers.arpa. 75197 IN AAAA 2001:500:86::86
;rrset 76521 1 0 1 0
nsc.nic.uk. 76521 IN A 156.154.102.3
;rrset 76081 1 0 1 0
ns2.apnic.net. 76081 IN A 203.119.95.53
;rrset 76668 5 0 2 0
ch. 76668 IN NS a.nic.ch.
ch. 76668 IN NS f.nic.ch.
ch. 76668 IN NS d.nic.ch.
ch. 76668 IN NS b.nic.ch.
ch. 76668 IN NS e.nic.ch.
;rrset 78579 1 0 8 0
ns-363.awsdns-45.com. 78579 IN A 205.251.193.107
;rrset 569 4 0 2 0
mozilla.org. 569 IN NS ns5-65.akam.net.
mozilla.org. 569 IN NS ns7-66.akam.net.
mozilla.org. 569 IN NS ns1-240.akam.net.
mozilla.org. 569 IN NS ns4-64.akam.net.
;rrset 584 1 0 8 0
ns2.3qsdn.net. 584 IN AAAA 2a14:30c1:11::2
;rrset 78477 3 1 8 0
zita.ns.cloudflare.com. 78477 IN A 172.64.32.243
zita.ns.cloudflare.com. 78477 IN A 173.245.58.243
zita.ns.cloudflare.com. 78477 IN A 108.162.192.243
zita.ns.cloudflare.com. 78477 IN RRSIG A 13 4 86353 20260130110218 20260128090218 34505 cloudflare.com. UIu42lI0/sBrOKFqdvTFG7Q19PjBfe/T09GPfCLzJZI11c8Cxt7yO4DUV72dskXu76sMw7s7FGRq9sxpwAALYA== ;{id = 34505}
;rrset 75197 1 0 1 0
d.gtld-servers.net. 75197 IN A 192.31.80.30
;rrset 83564 1 0 1 0
g-ns-58.awsdns-57.com. 83564 IN AAAA 2600:9000:5300:3a00::1
;rrset 76523 1 0 1 0
g-ns-1853.awsdns-57.co.uk. 76523 IN A 205.251.199.61
;rrset 75197 1 0 1 0
l.gtld-servers.net. 75197 IN AAAA 2001:500:d937::30
;rrset 76081 1 0 1 0
ns1.arin.net. 76081 IN A 199.212.0.108
;rrset 83564 1 0 1 0
g-ns-1956.awsdns-36.net. 83564 IN A 205.251.199.164
;rrset 12 1 1 7 0
7I7SDV2KE4UI8UIOF7UMV2NQ9ORQ82MH.10.0.10.in-addr.arpa. 12 IN NSEC3 1 0 0 - 8c8rq4ous8nd0bq3bu8igs062et5rh51 PTR RRSIG
7I7SDV2KE4UI8UIOF7UMV2NQ9ORQ82MH.10.0.10.in-addr.arpa. 12 IN RRSIG NSEC3 13 6 600 20260211190454 20260128191743 34902 10.0.10.in-addr.arpa. ArSU1PWCzc21tpT+80kC7MXZPF5joHlCBPGehshZ5GkJDzlEdUzRJN0r8zgD31ZC/1edSIcepiSeMGCeiDLh6Q== ;{id = 34902}
;rrset 76523 4 0 2 0
mozilla.net. 76523 IN NS ns1-240.akam.net.
mozilla.net. 76523 IN NS ns7-66.akam.net.
mozilla.net. 76523 IN NS ns5-65.akam.net.
mozilla.net. 76523 IN NS ns4-64.akam.net.
;rrset 952 1 1 2 0
1mu8jp9ujr30ck576grmol8eggdgnj4o.co.uk. 952 IN NSEC3 1 1 0 - 1mujagiar7o4u91oecm6ss4jqb3lpu2r NS DS RRSIG ;{flags: optout}
1mu8jp9ujr30ck576grmol8eggdgnj4o.co.uk. 952 IN RRSIG NSEC3 8 3 10800 20260304224626 20260128224412 44346 co.uk. KCTJ2yTD56cLgBD1JJfxCJfkUGEcJTqT+5OkRWt2fndeMdf3VBUw0N8Bg7j2nOoHW2W9J9YrPdzzuHMDMdlBSAUdDEc7AiFJ8QjdRCXOAEmMsx06v7JLCFxk5+6bSExR0Ht4HiqrleOi/QL5m1qq1nzrnGxSmB7A0RHbwS3fsnvSbYZ2dH8F8FQx0nlIRSs7UbAlLCAxxurnqnDWl6DWjc/wq700dIXA2J88IO1pJbXqt7g7S5UkTmqjALfY+EmspX4k6lLpgcLopfiqitXtdgLVxmt07aVWY9Qq5OL03h6yi2UENnt398pH4kd0TRzk96e+h96VAVWdbEUwQSAVPQ== ;{id = 44346}
;rrset 83452 4 0 2 0
awsdns-63.co.uk. 83452 IN NS g-ns-383.awsdns-63.co.uk.
awsdns-63.co.uk. 83452 IN NS g-ns-959.awsdns-63.co.uk.
awsdns-63.co.uk. 83452 IN NS g-ns-1219.awsdns-63.co.uk.
awsdns-63.co.uk. 83452 IN NS g-ns-1540.awsdns-63.co.uk.
;rrset 83452 1 0 8 0
ns-2042.awsdns-63.co.uk. 83452 IN A 205.251.199.250
;rrset 76249 3 1 8 0
red.foundationdns.org. 76249 IN A 162.159.60.63
red.foundationdns.org. 76249 IN A 108.162.198.63
red.foundationdns.org. 76249 IN A 172.64.40.63
red.foundationdns.org. 76249 IN RRSIG A 13 3 86353 20260130102510 20260128082510 34505 foundationdns.org. omJ2jxXB+NotNGw7iS0KmKFVTbPA00pOQQaGsTwarcpldambrwEyyKEGvviKT+Hw/LC3t+PZIPgA9nW2GMLr1g== ;{id = 34505}
;rrset 569 1 0 8 2
telemetry-incoming.r53-2.services.mozilla.com. 569 IN A 34.120.208.123
;rrset 76081 1 0 1 0
cl1-tld.d-zone.ca. 76081 IN A 185.159.197.56
;rrset 83564 4 0 2 0
awsdns-36.net. 83564 IN NS g-ns-485.awsdns-36.net.
awsdns-36.net. 83564 IN NS g-ns-806.awsdns-36.net.
awsdns-36.net. 83564 IN NS g-ns-1380.awsdns-36.net.
awsdns-36.net. 83564 IN NS g-ns-1956.awsdns-36.net.
;rrset 83564 1 0 8 0
ns-458.awsdns-57.com. 83564 IN A 205.251.193.202
;rrset 76668 1 0 1 0
g-ns-1515.awsdns-40.co.uk. 76668 IN A 205.251.197.235
;rrset 76523 1 0 8 0
ns-cloud-b3.googledomains.com. 76523 IN AAAA 2001:4860:4802:36::6b
;rrset 939 1 1 7 0
omni128.de. 939 IN SOA ns1.nausch.org. hostmaster.nausch.org.omni128.de. 2026011207 28800 7200 1209600 3600
omni128.de. 939 IN RRSIG SOA 13 2 3600 20260212075344 20260129065344 29371 omni128.de. Q2CXH6mLWUjlrMN068WYmW24CEAYX2J5DVPQUBlb/beFix3PUVQviTw25UZPHnskpOjHsHxpHdkvrAHOfKOIqw== ;{id = 29371}
;rrset 76608 3 1 8 0
dayana.ns.cloudflare.com. 76608 IN A 162.159.38.103
dayana.ns.cloudflare.com. 76608 IN A 108.162.194.103
dayana.ns.cloudflare.com. 76608 IN A 172.64.34.103
dayana.ns.cloudflare.com. 76608 IN RRSIG A 13 4 86353 20260130103109 20260128083109 34505 cloudflare.com. fsysDpUFjOL9cOztKR1PC78x2Tcsf49NLgOrOOho2VzQGVm979TWad1Y2mE91qXrKRh0r9YaIZBWC+c6SgEVuQ== ;{id = 34505}
;rrset 76658 1 0 1 0
g-ns-502.awsdns-53.net. 76658 IN A 205.251.193.246
;rrset 76668 1 0 8 0
ns-507.awsdns-63.com. 76668 IN A 205.251.193.251
;rrset 76608 3 1 8 0
quincy.ns.cloudflare.com. 76608 IN A 162.159.44.39
quincy.ns.cloudflare.com. 76608 IN A 172.64.35.39
quincy.ns.cloudflare.com. 76608 IN A 108.162.195.39
quincy.ns.cloudflare.com. 76608 IN RRSIG A 13 4 86353 20260130103109 20260128083109 34505 cloudflare.com. zpHA/ta/o7NDhKU0z3yXjohx/5L178H1kCRFyRGWMm+m+eWtuaW5C2J8dvexro1awfYzVz53WhLKDGzjB8v2Ig== ;{id = 34505}
;rrset 76526 1 0 1 0
g-ns-1349.awsdns-05.net. 76526 IN AAAA 2600:9000:5305:4500::1
;rrset 78361 1 0 1 0
g-ns-1496.awsdns-21.co.uk. 78361 IN A 205.251.197.216
;rrset 76526 1 0 1 0
ns4.google.com. 76526 IN AAAA 2001:4860:4802:38::a
;rrset 150 1 0 7 2
adblockultimate.net. 150 IN SOA elinore.ns.cloudflare.com. dns.cloudflare.com. 2393867962 10000 2400 604800 1800
;rrset 76523 1 0 1 0
ns4.fastly-edge.com. 76523 IN A 104.156.84.32
;rrset 83564 1 0 1 0
g-ns-616.awsdns-40.com. 83564 IN A 205.251.194.104
;rrset 11798 1 0 8 2
fonts.gstatic.com. 11798 IN HTTPS 1 . alpn="h2,h3"
;rrset 76526 1 0 1 0
a28-65.akam.net. 76526 IN AAAA 2600:1480:d800::41
;rrset 18924 1 1 8 0
c.icann-servers.net. 18924 IN AAAA 2001:500:8e::53
c.icann-servers.net. 18924 IN RRSIG AAAA 13 3 28800 20260205135333 20260115175519 31352 icann-servers.net. TxOEmJ04XtwLtNKLsqLFPwplZFuEx1Ir4vKi9yzZhI/L4asGx1QWFm9aAsYACM4nF3P2OUVahq5SxWO/ZOCLzw== ;{id = 31352}
;rrset 76526 1 0 8 0
ns-1029.awsdns-00.org. 76526 IN A 205.251.196.5
;rrset 76082 6 0 2 0
1.0.0.4.1.1.2.0.a.2.ip6.arpa. 76082 IN NS pns.dtag.de.
1.0.0.4.1.1.2.0.a.2.ip6.arpa. 76082 IN NS a3-66.akam.net.
1.0.0.4.1.1.2.0.a.2.ip6.arpa. 76082 IN NS a8-66.akam.net.
1.0.0.4.1.1.2.0.a.2.ip6.arpa. 76082 IN NS a1-214.akam.net.
1.0.0.4.1.1.2.0.a.2.ip6.arpa. 76082 IN NS a11-66.akam.net.
1.0.0.4.1.1.2.0.a.2.ip6.arpa. 76082 IN NS secondary004.dtag.net.
;rrset 78264 1 0 1 0
g-ns-771.awsdns-01.net. 78264 IN A 205.251.195.3
;rrset 652 1 0 1 0
g-ns-178.awsdns-50.org. 652 IN AAAA 2600:9000:5300:b200::1
;rrset 76551 1 0 1 0
g-ns-1843.awsdns-47.co.uk. 76551 IN AAAA 2600:9000:5307:3300::1
;rrset 83564 1 0 1 0
g-ns-50.awsdns-49.com. 83564 IN A 205.251.192.50
;rrset 76596 3 0 1 0
phil.ns.cloudflare.com. 76596 IN AAAA 2606:4700:58::adf5:3b89
phil.ns.cloudflare.com. 76596 IN AAAA 2803:f800:50::6ca2:c189
phil.ns.cloudflare.com. 76596 IN AAAA 2a06:98c1:50::ac40:2189
;rrset 18926 1 0 8 0
ns02.brandshelter.net. 18926 IN A 194.50.187.16
;rrset 76597 1 0 8 0
ns-780.awsdns-33.net. 76597 IN A 205.251.195.12
;rrset 83451 1 0 1 0
ns2.inexio.net. 83451 IN A 188.210.43.194
;rrset 78579 1 0 1 0
g-ns-1855.awsdns-59.co.uk. 78579 IN A 205.251.199.63
;rrset 4182 1 1 2 0
tjlb7qbojvmlf1s6gdriru7vsms1lg16.de. 4182 IN NSEC3 1 1 15 CA12B74ADB90591A tjlcsjat4ljtvo0tjncrrdf6kf6onefb NS SOA RRSIG DNSKEY NSEC3PARAM ;{flags: optout}
tjlb7qbojvmlf1s6gdriru7vsms1lg16.de. 4182 IN RRSIG NSEC3 8 2 7200 20260208072125 20260125055125 14058 de. I27Nz0+e/oPmRmW+bRxBCuwYF54xGhhdLJTnZNO3oF1RTiUwrTG/jpOFPbHko3q108wdevMFWloLVEkgughlY/k/m3v1S0nZtYCruCfYePJIS2akN679UcKyqOLSFmQ5A5A8ztSQ9DLdzov/3K1uxilojC6u30rzdVTDjrxYP8g= ;{id = 14058}
;rrset 76668 3 0 2 0
comlaude.net. 76668 IN NS nssui.comlaude.ch.
comlaude.net. 76668 IN NS nsgbr.comlaude.co.uk.
comlaude.net. 76668 IN NS nsusa.comlaude.net.
;rrset 83388 1 1 8 0
dns2.p07.nsone.net. 83388 IN A 198.51.45.7
dns2.p07.nsone.net. 83388 IN RRSIG A 13 4 86400 20260130122322 20260129102322 12196 nsone.net. 8tnr8txmldI9KbDzvHAgTYOQbpZ/5AebPLZKRbqs3YLktNl1EwvGUadB5Z4edKzlYiIUnHoNLCKi+nEoBewAMg== ;{id = 12196}
;rrset 76523 1 0 1 0
g-ns-1388.awsdns-44.net. 76523 IN AAAA 2600:9000:5305:6c00::1
;rrset 77048 1 0 1 0
g-ns-904.awsdns-08.co.uk. 77048 IN A 205.251.195.136
;rrset 76523 1 0 8 0
ns-cloud-a4.googledomains.com. 76523 IN AAAA 2001:4860:4802:38::6a
;rrset 76524 1 0 1 0
g-ns-802.awsdns-32.net. 76524 IN AAAA 2600:9000:5303:2200::1
;rrset 76596 1 0 1 0
g-ns-339.awsdns-19.co.uk. 76596 IN AAAA 2600:9000:5301:5300::1
;rrset 76082 1 1 8 0
ns.dns.br. 76082 IN AAAA 2001:12ff:0:a20::5
ns.dns.br. 76082 IN RRSIG AAAA 13 3 172800 20260321024259 20260110023654 38185 dns.br. +jzmTnMKWo/jqPFlCsTUDIcMZ8cP0D0I8v9te8VEYSQQxShsil8/KtLk8d5ZFWxl3vXoL5zkWms22ZO9Uj8Wcw== ;{id = 38185}
;rrset 76526 1 0 1 0
ns1.google.com. 76526 IN AAAA 2001:4860:4802:32::a
;rrset 76081 1 0 1 0
lacnic.authdns.ripe.net. 76081 IN AAAA 2a13:27c0:30::11
;rrset 76523 1 0 1 0
g-ns-1507.awsdns-32.co.uk. 76523 IN A 205.251.197.227
;rrset 78526 1 0 1 0
g-ns-1847.awsdns-51.co.uk. 78526 IN AAAA 2600:9000:5307:3700::1
;rrset 584 1 0 8 0
ns4.3qsdn.net. 584 IN A 91.242.173.43
;rrset 75197 1 0 3 0
f.root-servers.net. 75197 IN A 192.5.5.241
;rrset 76526 1 0 8 0
ns-273.awsdns-34.com. 76526 IN AAAA 2600:9000:5301:1100::1
;rrset 78477 3 1 8 0
terry.ns.cloudflare.com. 78477 IN AAAA 2803:f800:50::6ca2:c1ed
terry.ns.cloudflare.com. 78477 IN AAAA 2a06:98c1:50::ac40:21ed
terry.ns.cloudflare.com. 78477 IN AAAA 2606:4700:58::adf5:3bed
terry.ns.cloudflare.com. 78477 IN RRSIG AAAA 13 4 86353 20260130110218 20260128090218 34505 cloudflare.com. ryTY+79ZaN8CJAm11huqIkbKi10NLVQ7vVlOn2lfTjJKyY0ym3YApauIwVuXwfTRYUz/hdnL2uJ3f1sjJiyTaQ== ;{id = 34505}
;rrset 76551 1 0 1 0
g-ns-1843.awsdns-47.co.uk. 76551 IN A 205.251.199.51
;rrset 83382 1 0 8 0
anycast.regdns2.net. 83382 IN AAAA 2001:67c:10b8::100
;rrset 78526 1 0 8 0
ns-1949.awsdns-51.co.uk. 78526 IN A 205.251.199.157
;rrset 76249 3 1 8 0
red.foundationdns.com. 76249 IN AAAA 2606:4700:57::6ca2:c603
red.foundationdns.com. 76249 IN AAAA 2a06:98c1:56::ac40:2803
red.foundationdns.com. 76249 IN AAAA 2803:f800:52::a29f:3c03
red.foundationdns.com. 76249 IN RRSIG AAAA 13 3 86353 20260130102510 20260128082510 34505 foundationdns.com. V+fbQ3tqO0GhqbQjQ0svaZRf3cy7q+DrVxAOHmYNRZMYatNzPVn5Mfo1Uby1VcDCuUu5PS8/zSbqXSzrQJl2+Q== ;{id = 34505}
;rrset 76526 1 0 1 0
a0.info.afilias-nst.info. 76526 IN A 199.254.31.1
;rrset 83388 4 0 2 0
awsdns-55.net. 83388 IN NS g-ns-504.awsdns-55.net.
awsdns-55.net. 83388 IN NS g-ns-825.awsdns-55.net.
awsdns-55.net. 83388 IN NS g-ns-1399.awsdns-55.net.
awsdns-55.net. 83388 IN NS g-ns-1975.awsdns-55.net.
;rrset 83452 1 0 1 0
g-ns-1219.awsdns-63.co.uk. 83452 IN AAAA 2600:9000:5304:c300::1
;rrset 76523 2 0 2 0
transcend-cdn.com. 76523 IN NS ingrid.ns.cloudflare.com.
transcend-cdn.com. 76523 IN NS julian.ns.cloudflare.com.
;rrset 76551 1 0 8 0
ns-1696.awsdns-20.co.uk. 76551 IN A 205.251.198.160
;rrset 76551 1 0 8 0
ns-238.awsdns-29.com. 76551 IN A 205.251.192.238
;rrset 76521 1 0 1 0
dns3.nic.uk. 76521 IN A 213.248.220.1
;rrset 76523 1 0 1 0
g-ns-579.awsdns-03.com. 76523 IN AAAA 2600:9000:5302:4300::1
;rrset 83530 1 0 1 0
g-ns-1159.awsdns-07.com. 83530 IN AAAA 2600:9000:5304:8700::1
;rrset 76526 1 0 1 0
m.gtld.biz. 76526 IN A 204.74.105.1
;rrset 76658 1 0 8 0
ns-1178.awsdns-19.org. 76658 IN A 205.251.196.154
;rrset 76599 1 1 2 0
google. 76599 IN DS 6125 8 2 80F8B78D23107153578BAD3800E9543500474E5C30C29698B40A3DB23ED9DA9F
google. 76599 IN RRSIG DS 8 1 86400 20260211050000 20260129040000 21831 . Oul4ifvNyaIQyTLAcU9WPWe4QXngFkbEU146GuSnG8w9+ouNIOUuuMdu855jzItJeeOcSuxaDVISvOSh2MiLZOqNoYZ6+3EujmIS9msmYQ8XvFb15wOHJ0W5gPP6Sj+VMMqQ2rSWAo4GlNy7U4jW+feJJ2ZLH+MrrG4Kn64wgQyEImNyPvuW8DoeMjfW4A7J+CJNTwxsfFNSronmpq0AJWcoy2HbiPYizQimL2VPHKK2oCZ5BHMiwf6pR0pWaZe1BbOVyolcVgv0C4THTC5h+0EJVXsm+Mmz3N9Ao77e0p0oCEMrGF322Igq45gLNdMC0vzAEj+NkcX2gUwSnGprIg== ;{id = 21831}
;rrset 76523 1 0 1 0
g-ns-1507.awsdns-32.co.uk. 76523 IN AAAA 2600:9000:5305:e300::1
;rrset 76522 1 0 1 0
g-ns-1977.awsdns-57.net. 76522 IN AAAA 2600:9000:5307:b900::1
;rrset 584 2 0 2 0
cdn77.org. 584 IN NS ns1.cdn77.org.
cdn77.org. 584 IN NS ns2.cdn77.org.
;rrset 76553 1 0 8 0
ns-1625.awsdns-11.co.uk. 76553 IN AAAA 2600:9000:5306:5900::1
;rrset 78579 1 0 1 0
g-ns-1384.awsdns-40.net. 78579 IN A 205.251.197.104
;rrset 83383 1 0 8 0
dns.dns4.de. 83383 IN AAAA 2a01:4f8:192:2187::2
;rrset 583 1 1 7 0
infonline.de. 583 IN SOA ns.infonline.de. hostmaster.infonline.de. 2026012902 14400 1800 604800 86400
infonline.de. 83383 IN RRSIG SOA 8 2 86400 20260212000000 20260122000000 12679 infonline.de. B42rExnQ2iW8CAxOo5aaFGn5oK6KJ2rCiD9J2P8bkW9xVoeJ63q1CScr/zgjDlixMXKH+j4GdVw/tDVj22b1pUGu7C0VBCb0W+6JpZw5ErdUl32VWdL17nGvN6FglsI2qxK5y+MvktoON0wztL809/t/y3iWKDem6ywGiJ8Qsqw= ;{id = 12679}
;rrset 76596 1 0 1 0
g-ns-57.awsdns-56.com. 76596 IN AAAA 2600:9000:5300:3900::1
;rrset 19069 1 1 8 0
dns1.cscdns.net. 19069 IN A 156.154.130.100
dns1.cscdns.net. 19069 IN RRSIG A 13 3 28800 20260208103340 20260125103340 17243 cscdns.net. UjGcRE1mRniCPn25e2RMiNfajcIJcoid3FDfVnszn5AQi9PjiWsVndk012lKUUdyjrMMRWkFkfqFn1eUKqOiQQ== ;{id = 17243}
;rrset 76521 4 0 2 0
awsdns-20.net. 76521 IN NS g-ns-469.awsdns-20.net.
awsdns-20.net. 76521 IN NS g-ns-790.awsdns-20.net.
awsdns-20.net. 76521 IN NS g-ns-1364.awsdns-20.net.
awsdns-20.net. 76521 IN NS g-ns-1940.awsdns-20.net.
;rrset 83564 1 0 1 0
g-ns-50.awsdns-49.com. 83564 IN AAAA 2600:9000:5300:3200::1
;rrset 83452 1 0 1 0
g-ns-785.awsdns-15.net. 83452 IN A 205.251.195.17
;rrset 988 8 0 2 0
g.akamaiedge.net. 988 IN NS n0g.akamaiedge.net.
g.akamaiedge.net. 988 IN NS n3g.akamaiedge.net.
g.akamaiedge.net. 988 IN NS n1g.akamaiedge.net.
g.akamaiedge.net. 988 IN NS n6g.akamaiedge.net.
g.akamaiedge.net. 988 IN NS n4g.akamaiedge.net.
g.akamaiedge.net. 988 IN NS n7g.akamaiedge.net.
g.akamaiedge.net. 988 IN NS n5g.akamaiedge.net.
g.akamaiedge.net. 988 IN NS n2g.akamaiedge.net.
;rrset 77066 1 0 8 2
ac.duckduckgo.com. 77066 IN CNAME duckduckgo.com.
;rrset 76552 1 0 1 0
g-ns-468.awsdns-19.net. 76552 IN AAAA 2600:9000:5301:d400::1
;rrset 76523 3 0 1 0
julian.ns.cloudflare.com. 76523 IN AAAA 2606:4700:58::a29f:2c5e
julian.ns.cloudflare.com. 76523 IN AAAA 2803:f800:50::6ca2:c35e
julian.ns.cloudflare.com. 76523 IN AAAA 2a06:98c1:50::ac40:235e
;rrset 78579 1 0 1 0
g-ns-810.awsdns-40.net. 78579 IN A 205.251.195.42
;rrset 76552 1 0 1 0
g-ns-327.awsdns-07.co.uk. 76552 IN AAAA 2600:9000:5301:4700::1
;rrset 76523 4 0 2 0
awsdns-57.co.uk. 76523 IN NS g-ns-377.awsdns-57.co.uk.
awsdns-57.co.uk. 76523 IN NS g-ns-1532.awsdns-57.co.uk.
awsdns-57.co.uk. 76523 IN NS g-ns-953.awsdns-57.co.uk.
awsdns-57.co.uk. 76523 IN NS g-ns-1853.awsdns-57.co.uk.
;rrset 83452 1 0 1 0
g-ns-1219.awsdns-63.co.uk. 83452 IN A 205.251.196.195
;rrset 83388 1 0 1 0
g-ns-1975.awsdns-55.net. 83388 IN AAAA 2600:9000:5307:b700::1
;rrset 77957 1 0 1 0
g-ns-1168.awsdns-16.com. 77957 IN AAAA 2600:9000:5304:9000::1
;rrset 652 1 0 1 0
g-ns-712.awsdns-06.org. 652 IN A 205.251.194.200
;rrset 724 1 1 7 0
3GADOCBDOOQKRHU3O4OT7DMT60TVP9BQ.ebersberger-liedersammlung.de. 724 IN NSEC3 1 0 0 - 5n378ekeji3sjbcgnrr7t2pedb78a4b6 RRSIG TLSA
3GADOCBDOOQKRHU3O4OT7DMT60TVP9BQ.ebersberger-liedersammlung.de. 724 IN RRSIG NSEC3 13 3 3600 20260211184355 20260128191743 26039 ebersberger-liedersammlung.de. dragTyRqybiH51jYgnPf8A2n2DhUP6tLIPtpgANGiS6uSQuIaVWRkVX5JrByDZX2WRF31gHZTEsgieOaOctVUA== ;{id = 26039}
;rrset 75197 1 0 8 0
secondary007.dtag.net. 75197 IN AAAA 2a00:fa8:3:0:100:0:7:1
;rrset 83388 1 1 8 0
dns2.p07.nsone.net. 83388 IN AAAA 2a00:edc0:6259:7:7::2
dns2.p07.nsone.net. 83388 IN RRSIG AAAA 13 4 86400 20260130122322 20260129102322 12196 nsone.net. ZfKLQyus0hZ47zlB/MLhUAPfAMfvuLKJ5aEHZMU9D0no7BA+qMCSXLWzU4Ty7isrTNGJDkVaKS6387/s9XIivA== ;{id = 12196}
;rrset 76526 1 0 8 0
lar2.akamaiedge.net. 76526 IN A 2.16.40.192
;rrset 76522 1 0 1 0
g-ns-596.awsdns-20.com. 76522 IN AAAA 2600:9000:5302:5400::1
;rrset 926 1 1 2 0
nvu2jrtcmpc1c8nrk23nhhr3tikgvc7f.co.uk. 926 IN NSEC3 1 1 0 - nvubhdj9q7i4unbe8ubkebgcqp3dnqmh NS DS RRSIG ;{flags: optout}
nvu2jrtcmpc1c8nrk23nhhr3tikgvc7f.co.uk. 926 IN RRSIG NSEC3 8 3 10800 20260304162749 20260128155144 44346 co.uk. WrsHFNlcL1lfj2+eyFLxJI//myxKNhRzYqA6a+jgHScxlYj4WKfiNhCUUQ0UVQiAN2Vvknan7Q7piCuZJ7lYZJX2vdB0uH/j5bkz7hZdhgSuaLQPRCFa+0Dx8bt/m9ECpjhXcA73yVmRb8Ou+8BwmNIpZBSNuEMM8Ye023T/MBPJnPkXlvAZiNWSTgnbMzaSpBD7sMEXhs/BimOI60kHW7zd7Dpe7o20BSeX+RBhusOLO3Ymu8lARFNgNdCP3KXTrAzcvUTmEV7/tAuO/DqpD1zOHiSs38OqyHkj56hwnaXAjSy/P4AoltqjemkCbdEl7IVWHWCCdHf9G54dA5Uzjw== ;{id = 44346}
;rrset 582 1 0 7 2
merkur.de. 582 IN SOA anycast.regdns1.de. hostmaster.internetwire.de. 2026012001 28800 7200 604800 86400
;rrset 4183 1 1 2 0
8tmliot21p0oj0l6p3nbj0v226tlkl24.de. 4183 IN NSEC3 1 1 15 CA12B74ADB90591A 8tmnmfc6fvkiksckbrtnbpfousjrkpe2 A RRSIG ;{flags: optout}
8tmliot21p0oj0l6p3nbj0v226tlkl24.de. 4183 IN RRSIG NSEC3 8 2 7200 20260208072125 20260125055125 14058 de. fkTXTvOG6Qe7JQhBWIu3OqS0KI4jMpiAn7pKrMbkArutenDs1IR9r9SMRb6Q2HuFGRtgT3p8JjAw3BWNpge8TCMEg6rRqvW+j3mBhiDi8br0DZYDk6ZO1PPUXnLi8Dvi8itzjD2aBfAEagW0hs8fgZg9Q9IdMvr4Imd+I+6v2i0= ;{id = 14058}
;rrset 76523 1 0 8 0
ns-1995.awsdns-57.co.uk. 76523 IN AAAA 2600:9000:5307:cb00::1
;rrset 78579 4 0 2 0
awsdns-59.co.uk. 78579 IN NS g-ns-1855.awsdns-59.co.uk.
awsdns-59.co.uk. 78579 IN NS g-ns-1534.awsdns-59.co.uk.
awsdns-59.co.uk. 78579 IN NS g-ns-379.awsdns-59.co.uk.
awsdns-59.co.uk. 78579 IN NS g-ns-955.awsdns-59.co.uk.
;rrset 83388 4 0 2 0
awsdns-24.com. 83388 IN NS g-ns-25.awsdns-24.com.
awsdns-24.com. 83388 IN NS g-ns-600.awsdns-24.com.
awsdns-24.com. 83388 IN NS g-ns-1176.awsdns-24.com.
awsdns-24.com. 83388 IN NS g-ns-1752.awsdns-24.com.
;rrset 652 1 1 2 0
3o547ihbauf5tibrfcjibirab6kjgtgu.org. 652 IN NSEC3 1 1 0 332539EE7F95C32A 3o55e38s0ed3cb7vavp0imlglrunbggg NS DS RRSIG ;{flags: optout}
3o547ihbauf5tibrfcjibirab6kjgtgu.org. 652 IN RRSIG NSEC3 8 2 3600 20260215152414 20260125142414 37176 org. kAhAUTL4pwkvaApMU8+1iwFYEfPDUWxR6PaHHVlYv97hHwcigXEQOeJp+Opnl+/ryhxzvqqd5ixhsAsCK6NsbnZQCR43iZ1RF9DTfqZMEIZUJ/JN5tj5duwVN560OTZ+1jlIIUBMKZZCnQ5MQd1hbOgRNAQCArT8WqaSdqPlr58= ;{id = 37176}
;rrset 76296 3 0 2 0
nether.net. 76296 IN NS puck.nether.net.
nether.net. 76296 IN NS anyns.pch.net.
nether.net. 76296 IN NS ams.nether.net.
;rrset 76526 1 0 1 0
g-ns-939.awsdns-43.co.uk. 76526 IN A 205.251.195.171
;rrset 78526 1 0 1 0
g-ns-1203.awsdns-51.com. 78526 IN A 205.251.196.179
;rrset 224 1 1 11 5
3.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. 224 IN DNSKEY 257 3 13 468NhTWKrflSceGTtV1ZvIkqJ0C3JZPoSRNmuJX1RvReGKav+JwOAjXpAfqgh95DIXZ92oKWRIdwj/SjL2EpZw== ;{id = 35476 (ksk), size = 256b}
3.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. 224 IN RRSIG DNSKEY 13 18 3600 20260212075344 20260129065344 35476 3.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. 3ozT1oR+7979AqfhXHyNNXzfSkSViQHUsfibxHLQAynauLiRGGpD5Vb4wZy05mpshejgDSK5ihi6BUQWfM1+MA== ;{id = 35476}
;rrset 76296 3 0 1 0
margaret.ns.cloudflare.com. 76296 IN AAAA 2606:4700:50::a29f:266b
margaret.ns.cloudflare.com. 76296 IN AAAA 2803:f800:50::6ca2:c26b
margaret.ns.cloudflare.com. 76296 IN AAAA 2a06:98c1:50::ac40:226b
;rrset 76552 1 0 8 0
ns-914.awsdns-50.net. 76552 IN AAAA 2600:9000:5303:9200::1
;rrset 76522 4 0 2 0
awsdns-11.co.uk. 76522 IN NS g-ns-331.awsdns-11.co.uk.
awsdns-11.co.uk. 76522 IN NS g-ns-907.awsdns-11.co.uk.
awsdns-11.co.uk. 76522 IN NS g-ns-1486.awsdns-11.co.uk.
awsdns-11.co.uk. 76522 IN NS g-ns-1807.awsdns-11.co.uk.
;rrset 76522 4 0 2 0
settings.services.mozilla.com. 76522 IN NS ns-1364.awsdns-42.org.
settings.services.mozilla.com. 76522 IN NS ns-1627.awsdns-11.co.uk.
settings.services.mozilla.com. 76522 IN NS ns-166.awsdns-20.com.
settings.services.mozilla.com. 76522 IN NS ns-972.awsdns-57.net.
;rrset 76526 1 0 1 0
g-ns4.amzndns.com. 76526 IN A 205.251.193.229
;rrset 75197 1 0 1 0
l.de.net. 75197 IN A 77.67.63.105
;rrset 77048 1 0 1 0
g-ns-473.awsdns-24.net. 77048 IN A 205.251.193.217
;rrset 76034 1 0 8 0
a3-66.akam.net. 76034 IN AAAA 2600:1408:1c::42
;rrset 76521 1 0 1 0
dns1.nic.uk. 76521 IN A 213.248.216.1
;rrset 76526 1 0 8 0
ns-904.awsdns-49.net. 76526 IN A 205.251.195.136
;rrset 76553 1 0 8 0
ns-221.awsdns-27.com. 76553 IN AAAA 2600:9000:5300:dd00::1
;rrset 78477 3 1 8 0
casey.ns.cloudflare.com. 78477 IN A 172.64.35.158
casey.ns.cloudflare.com. 78477 IN A 108.162.195.158
casey.ns.cloudflare.com. 78477 IN A 162.159.44.158
casey.ns.cloudflare.com. 78477 IN RRSIG A 13 4 86353 20260130110218 20260128090218 34505 cloudflare.com. onPuVGPn3kS+vG3nyHxIwmmfbjJeIu+D6GlZaIgTRUsDg6BcGyKwBhe9I+2DgGLP6lcBN7BPd/azixBEcnhF4w== ;{id = 34505}
;rrset 75197 1 0 1 0
d.ip6-servers.arpa. 75197 IN AAAA 2001:13c7:7012::53
;rrset 83451 1 0 1 0
ns3.inexio.net. 83451 IN A 217.19.180.251
;rrset 76553 1 0 1 0
g-ns-1798.awsdns-02.co.uk. 76553 IN A 205.251.199.6
;rrset 76522 1 0 8 0
ns-1364.awsdns-42.org. 76522 IN AAAA 2600:9000:5305:5400::1
;rrset 76553 1 0 1 0
g-ns-1743.awsdns-15.com. 76553 IN A 205.251.198.207
;rrset 76081 1 0 1 0
ns1.apnic.net. 76081 IN A 203.119.42.53
;rrset 76552 1 0 1 0
g-ns-1508.awsdns-33.co.uk. 76552 IN A 205.251.197.228
;rrset 76524 1 0 1 0
g-ns-1376.awsdns-32.net. 76524 IN AAAA 2600:9000:5305:6000::1
;rrset 76081 1 0 1 0
a.dns.br. 76081 IN AAAA 2001:12f8:6::10
;rrset 83388 1 0 1 0
g-ns-1399.awsdns-55.net. 83388 IN A 205.251.197.119
;rrset 76608 3 1 8 0
quincy.ns.cloudflare.com. 76608 IN AAAA 2a06:98c1:50::ac40:2327
quincy.ns.cloudflare.com. 76608 IN AAAA 2803:f800:50::6ca2:c327
quincy.ns.cloudflare.com. 76608 IN AAAA 2606:4700:58::a29f:2c27
quincy.ns.cloudflare.com. 76608 IN RRSIG AAAA 13 4 86353 20260130103109 20260128083109 34505 cloudflare.com. dY1baDM8A5h9gMrJHNCWV+n4VsmTvu6MYNk/PGdbIAzd80JA+aKJD0MHqbdkw6pcQRV+Q1nnOhFcEfMLKMgD/g== ;{id = 34505}
;rrset 78526 1 0 1 0
g-ns-947.awsdns-51.co.uk. 78526 IN AAAA 2600:9000:5303:b300::1
;rrset 78579 1 0 1 0
g-ns-379.awsdns-59.co.uk. 78579 IN AAAA 2600:9000:5301:7b00::1
;rrset 83480 1 0 8 0
dns.dns3.de. 83480 IN A 217.146.22.194
;rrset 76553 1 0 1 0
g-ns-28.awsdns-27.com. 76553 IN A 205.251.192.28
;rrset 83564 1 0 8 0
ns-805.awsdns-36.net. 83564 IN AAAA 2600:9000:5303:2500::1
;rrset 76034 1 0 1 0
a12-67.akam.net. 76034 IN AAAA 2600:1480:f000::43
;rrset 76524 2 0 8 2
ipv4only.arpa. 76524 IN A 192.0.0.170
ipv4only.arpa. 76524 IN A 192.0.0.171
;rrset 78264 1 0 1 0
g-ns-1345.awsdns-01.net. 78264 IN AAAA 2600:9000:5305:4100::1
;rrset 77957 1 0 8 0
ns-1441.awsdns-52.org. 77957 IN A 205.251.197.161
;rrset 76526 1 0 1 0
g-ns-454.awsdns-05.net. 76526 IN A 205.251.193.198
;rrset 76034 1 0 8 0
a11-66.akam.net. 76034 IN AAAA 2600:1480:1::42
;rrset 76526 1 0 1 0
w.gtld.biz. 76526 IN A 37.209.192.13
;rrset 83564 1 0 8 0
ns-1065.awsdns-05.org. 83564 IN A 205.251.196.41
;rrset 77284 3 0 1 0
karina.ns.cloudflare.com. 77284 IN A 108.162.192.178
karina.ns.cloudflare.com. 77284 IN A 172.64.32.178
karina.ns.cloudflare.com. 77284 IN A 173.245.58.178
;rrset 83452 1 0 1 0
g-ns-1493.awsdns-18.co.uk. 83452 IN AAAA 2600:9000:5305:d500::1
;rrset 80172 1 0 1 0
b.iana-servers.net. 80172 IN AAAA 2001:500:8d::53
;rrset 77066 1 0 1 0
ns03.quack-dns.com. 77066 IN A 148.163.196.129
;rrset 76526 1 0 8 2
www.wikipedia.org. 76526 IN CNAME dyna.wikimedia.org.
;rrset 83452 1 0 1 0
f.nic.space. 83452 IN AAAA 2a04:2b00:13ff::51
;rrset 584 1 0 8 0
ns1.3qsdn.net. 584 IN A 91.242.173.28
;rrset 76523 1 0 1 0
g-ns-928.awsdns-32.co.uk. 76523 IN A 205.251.195.160
;rrset 76597 1 0 8 0
d.ns.facebook.com. 76597 IN AAAA 2a03:2880:f1fd:c:face:b00c:0:35
;rrset 581 1 0 7 2
duckduckgo.com. 581 IN SOA dns1.p05.nsone.net. hostmaster.nsone.net. 1655203370 7200 7200 1209600 14400
;rrset 76081 1 1 2 0
br. 76081 IN DS 38298 13 2 9F2D4993F47B0F2751DE0007D70A2754EE532FE373761154D9EA7A8CB9D8EA18
br. 76081 IN RRSIG DS 8 1 86400 20260211050000 20260129040000 21831 . GOQRWm82RY0f4E251UtjjO6a/HjPXK9JH/nqVuK4NSxJ3KeeyNTmfAnLUQH+bPKzsAkxjG+7wNI3sFk5eaA0Zaz0cUyE1obW4NTiZpdKOHIvuDU0EGb4xsHWBDfLq5jjUDAzjV60lfZ30AGBT+uhfm4y+XPLQUJ/OXKoeq8KxTguao2fxkEf3PJk05VBuYpn5sLXpyw8FvaAIlPtruOHfA73D7Ci2uWNUv6eg+y7P1k15Y00QuBUysIz8WjTHyMDqn0WOUgblABmkacg/upenfxgB7uMRjmy1VkWRe6hciycUHV1ntLO6x5OLg0SiwPjFv+qLfhVTprB09RYi9oGkw== ;{id = 21831}
;rrset 78526 1 0 1 0
g-ns-627.awsdns-51.com. 78526 IN A 205.251.194.115
;rrset 76658 1 0 1 0
g-ns-1527.awsdns-52.co.uk. 76658 IN AAAA 2600:9000:5305:f700::1
;rrset 83530 1 0 8 0
ns-62.awsdns-07.com. 83530 IN AAAA 2600:9000:5300:3e00::1
;rrset 75197 1 0 1 0
n.de.net. 75197 IN A 194.146.107.6
;rrset 76521 4 0 2 0
mozilla.com. 76521 IN NS ns1-240.akam.net.
mozilla.com. 76521 IN NS ns7-66.akam.net.
mozilla.com. 76521 IN NS ns5-65.akam.net.
mozilla.com. 76521 IN NS ns4-64.akam.net.
;rrset 83388 1 0 8 0
ns-193.awsdns-24.com. 83388 IN A 205.251.192.193
;rrset 76521 1 0 1 0
nsa.nic.uk. 76521 IN AAAA 2001:502:ad09::3
;rrset 78264 1 0 8 0
ns-1283.awsdns-32.org. 78264 IN A 205.251.197.3
;rrset 78361 1 0 8 0
ns-1707.awsdns-21.co.uk. 78361 IN AAAA 2600:9000:5306:ab00::1
;rrset 20 1 1 2 0
0tosrp6mfitgsprjjvq7lpcka7tv96ur.org. 20 IN NSEC3 1 1 0 332539EE7F95C32A 0toue02tlo6n6abcok7bipti63j65j47 NS DS RRSIG ;{flags: optout}
0tosrp6mfitgsprjjvq7lpcka7tv96ur.org. 20 IN RRSIG NSEC3 8 2 3600 20260215152414 20260125142414 37176 org. mxAqxVGy9idXNklqQ/6yrv2BIZM0ptLnGRAEuA7FmLsLANRGaxpom3Hg/TM5PAhxYUpPEpKv1Eo9o4G5dwpgfaRbu5MdKtmvxdS8aOa2zG3H5t8f1UIIlL4PWimRS8ftMDxLSttX+4KzANMXwd4HjVzAL2QxyOThhDwNTq1MF0o= ;{id = 37176}
;rrset 75197 5 0 2 0
t-ipnet.de. 75197 IN NS dns20.dns.t-ipnet.de.
t-ipnet.de. 75197 IN NS dns00.dns.t-ipnet.de.
t-ipnet.de. 75197 IN NS pns.dtag.de.
t-ipnet.de. 75197 IN NS dns02.dns.t-ipnet.de.
t-ipnet.de. 75197 IN NS dns50.dns.t-ipnet.de.
;rrset 76597 1 0 1 0
g-ns-482.awsdns-33.net. 76597 IN AAAA 2600:9000:5301:e200::1
;rrset 76524 1 0 8 0
ns-1537.awsdns-00.co.uk. 76524 IN AAAA 2600:9000:5306:100::1
;rrset 76526 1 0 1 0
g-ns3.amzndns.co.uk. 76526 IN AAAA 2600:9000:5303:9e00::1
;rrset 78265 1 0 8 0
ns-1867.awsdns-41.co.uk. 78265 IN AAAA 2600:9000:5307:4b00::1
;rrset 76596 1 0 8 0
ns-1691.awsdns-19.co.uk. 76596 IN A 205.251.198.155
;rrset 76523 1 0 8 0
ns-cloud-d1.googledomains.com. 76523 IN A 216.239.32.109
;rrset 76526 1 0 8 0
ns-1029.awsdns-00.org. 76526 IN AAAA 2600:9000:5304:500::1
;rrset 76655 3 0 1 0
michelle.ns.cloudflare.com. 76655 IN AAAA 2606:4700:50::adf5:3ac9
michelle.ns.cloudflare.com. 76655 IN AAAA 2803:f800:50::6ca2:c0c9
michelle.ns.cloudflare.com. 76655 IN AAAA 2a06:98c1:50::ac40:20c9
;rrset 76523 1 0 8 0
ns-1995.awsdns-57.co.uk. 76523 IN A 205.251.199.203
;rrset 76553 4 0 2 0
awsdns-00.net. 76553 IN NS g-ns-449.awsdns-00.net.
awsdns-00.net. 76553 IN NS g-ns-770.awsdns-00.net.
awsdns-00.net. 76553 IN NS g-ns-1344.awsdns-00.net.
awsdns-00.net. 76553 IN NS g-ns-1920.awsdns-00.net.
;rrset 83564 1 0 1 0
g-ns-1963.awsdns-43.net. 83564 IN AAAA 2600:9000:5307:ab00::1
;rrset 577 1 0 8 0
ns3.fastly.net. 577 IN A 23.235.36.32
;rrset 2761 1 1 2 0
1U5HGRQ3BHUUPH36SJLCEE79PCQ540DQ.co.uk. 2761 IN NSEC3 1 1 0 - 1u5rg98h37lj8s53sp7u0g7ucuhlrp9r NS DS RRSIG ;{flags: optout}
1U5HGRQ3BHUUPH36SJLCEE79PCQ540DQ.co.uk. 2761 IN RRSIG NSEC3 8 3 10800 20260227125755 20260123122512 44346 co.uk. P2t1ZD1Ppnq9uof6DKvSfRVvp9OkqOdJnsEHe8Yq5gfLTeIBPMO3UHDo1obKSPnYi61O8jiJjUPH9mZ7mCW54bDJbZUsVa8BigpUZDrmh3PXHnLwDtPzbbYleZqC4/ZbrFrJAAn7COaX4A4HWyv44THT54k05wgE6k088Dy9ZsRP5K7WjtIK6ja47RRhQrg5J9J3dlIaCySTPvVFgtxAdvfKmof7pqq/UmyMVoV0lVXyU1Ltn2Jq8Y1UfEZldzaIxHNHvY7qzEk+PcqeY67d+Y0bnlhZrv+V+bPkd0mkTQKJ/Cwdh7fypIBck765SbOsW7/TsiMCunD3VJgIzCG5Eg== ;{id = 44346}
;rrset 76668 1 0 8 0
ns-479.awsdns-59.com. 76668 IN AAAA 2600:9000:5301:df00::1
;rrset 76523 1 0 8 0
ns-cloud-b1.googledomains.com. 76523 IN AAAA 2001:4860:4802:32::6b
;rrset 83388 4 0 2 0
oblookup.com. 83388 IN NS dns1.p08.nsone.net.
oblookup.com. 83388 IN NS dns2.p08.nsone.net.
oblookup.com. 83388 IN NS dns3.p08.nsone.net.
oblookup.com. 83388 IN NS dns4.p08.nsone.net.
;rrset 76608 3 1 8 0
dayana.ns.cloudflare.com. 76608 IN AAAA 2a06:98c1:50::ac40:2267
dayana.ns.cloudflare.com. 76608 IN AAAA 2606:4700:50::a29f:2667
dayana.ns.cloudflare.com. 76608 IN AAAA 2803:f800:50::6ca2:c267
dayana.ns.cloudflare.com. 76608 IN RRSIG AAAA 13 4 86353 20260130103109 20260128083109 34505 cloudflare.com. VJxsBi2c9+rewPvVJLeUz1Yu+sOnPiPsFmE/+8z/esA8cfMe78F3IEGwmbgQvt59AbTu4AgJOg67WZfwa14Zcw== ;{id = 34505}
;rrset 75574 1 0 1 0
ns3.second-ns.de. 75574 IN AAAA 2001:67c:192c::add:b3
;rrset 343 1 0 7 2
services.mozilla.com. 343 IN SOA ns-679.awsdns-20.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400
;rrset 76477 2 1 8 0
ns.cloudflare.com. 76477 IN A 173.245.58.100
ns.cloudflare.com. 76477 IN A 173.245.59.100
ns.cloudflare.com. 76477 IN RRSIG A 13 3 86353 20260130102849 20260128082849 34505 cloudflare.com. rQw0HVGHkimCTdHeksMQOTAp1lEAl8eGvjMiZVI12qOA0WfE7IhdZKvp8D03lvNuk4uIuf9kap0qJn+hThQyQQ== ;{id = 34505}
;rrset 76526 1 0 1 0
ns1.google.com. 76526 IN A 216.239.32.10
;rrset 76552 1 0 1 0
g-ns-929.awsdns-33.co.uk. 76552 IN AAAA 2600:9000:5303:a100::1
;rrset 76551 1 0 8 0
ns-144.awsdns-18.com. 76551 IN A 205.251.192.144
;rrset 77048 1 0 1 0
g-ns-1771.awsdns-43.com. 77048 IN A 205.251.198.235
;rrset 76551 1 0 8 0
ns-967.awsdns-56.net. 76551 IN A 205.251.195.199
;rrset 76249 3 1 8 0
red.foundationdns.net. 76249 IN AAAA 2606:4700:57::6ca2:c621
red.foundationdns.net. 76249 IN AAAA 2803:f800:52::a29f:3c21
red.foundationdns.net. 76249 IN AAAA 2a06:98c1:56::ac40:2821
red.foundationdns.net. 76249 IN RRSIG AAAA 13 3 86353 20260130102510 20260128082510 34505 foundationdns.net. PjztS0MN77vrMKJrWfJJB7l6Iu6Y3GU/C77f+0nCZwWRjU8a6NvWgEkszDsr7oBhV8KSkv4Gq6scvxlMkXiIwA== ;{id = 34505}
;rrset 76658 4 0 2 0
awsdns-52.co.uk. 76658 IN NS g-ns-372.awsdns-52.co.uk.
awsdns-52.co.uk. 76658 IN NS g-ns-948.awsdns-52.co.uk.
awsdns-52.co.uk. 76658 IN NS g-ns-1527.awsdns-52.co.uk.
awsdns-52.co.uk. 76658 IN NS g-ns-1848.awsdns-52.co.uk.
;rrset 76596 1 0 1 0
g-ns-1784.awsdns-56.com. 76596 IN AAAA 2600:9000:5306:f800::1
;rrset 652 4 0 2 0
awsdns-50.org. 652 IN NS g-ns-1077.awsdns-50.org.
awsdns-50.org. 652 IN NS g-ns-178.awsdns-50.org.
awsdns-50.org. 652 IN NS g-ns-1650.awsdns-50.org.
awsdns-50.org. 652 IN NS g-ns-756.awsdns-50.org.
;rrset 76526 1 0 1 0
g-ns-1934.awsdns-14.net. 76526 IN AAAA 2600:9000:5307:8e00::1
;rrset 76081 7 0 2 0
cl. 76081 IN NS a.nic.cl.
cl. 76081 IN NS b.nic.cl.
cl. 76081 IN NS c.nic.cl.
cl. 76081 IN NS cl1.dnsnode.net.
cl. 76081 IN NS cl-ns.anycast.pch.net.
cl. 76081 IN NS cl1-tld.d-zone.ca.
cl. 76081 IN NS cl2-tld.d-zone.ca.
;rrset 83388 1 0 1 0
g-ns-1812.awsdns-16.co.uk. 83388 IN A 205.251.199.20
;rrset 584 1 1 2 0
lp0pt6lafsnb99nqibchhj89m11ntkpc.org. 584 IN NSEC3 1 1 0 332539EE7F95C32A lp0vft4dh0ra68ar5cds76lfdl00is76 NS DS RRSIG ;{flags: optout}
lp0pt6lafsnb99nqibchhj89m11ntkpc.org. 584 IN RRSIG NSEC3 8 2 3600 20260215152414 20260125142414 37176 org. pKTC/V0NE1j2kzr398FaEpKTW2uRQhvo5jbsEMMprfblbIbqIAUWSRaMm75/p5/OsIGvI/mjqNuRFN6t1TnzOhTqcWLXZtynFMSRhYHpKdYQeNRykQiLtxKrvAoOF6T4Agbtfrc1bR/xvtGi289O6ws4DJ36aoro6JmmVqJzMKA= ;{id = 37176}
;rrset 764 1 0 1 0
g-ns-165.awsdns-37.org. 764 IN AAAA 2600:9000:5300:a500::1
;rrset 83564 1 0 1 0
g-ns-1505.awsdns-30.co.uk. 83564 IN A 205.251.197.225
;rrset 83452 1 0 1 0
g-ns-338.awsdns-18.co.uk. 83452 IN AAAA 2600:9000:5301:5200::1
;rrset 76526 1 0 1 0
w.gtld.biz. 76526 IN AAAA 2001:dcd:1::13
;rrset 83464 3 0 2 0
de-en-es.com. 83464 IN NS s01.de-en-es.com.
de-en-es.com. 83464 IN NS s02.de-en-es.com.
de-en-es.com. 83464 IN NS s03.de-en-es.com.
;rrset 76523 1 0 1 0
g-ns-952.awsdns-56.co.uk. 76523 IN AAAA 2600:9000:5303:b800::1
;rrset 76034 1 0 1 0
a4-67.akam.net. 76034 IN AAAA 2600:1480:9000::43
;rrset 32881 1 1 8 0
rirns.arin.net. 32881 IN AAAA 2620:38:2000::53
rirns.arin.net. 32881 IN RRSIG AAAA 8 3 43200 20260211130019 20260128120019 39303 arin.net. anufREsLU+toFcLTznZdjfKQ0a6My4ItWr8AX1JcdkmX3CI9AcNNUVaTi0JBStAOiMovs7QWvPPk4oe9l+MAuAKWrytoODc79n+uYuNa19FddmaTQTZ37bH/ywMc2bBEF8CeppSRx9oBkfPpGTAVknGqM15RFgSg01Crt3Nk/4w= ;{id = 39303}
;rrset 76523 1 0 1 0
g-ns-1174.awsdns-22.com. 76523 IN A 205.251.196.150
;rrset 76526 1 0 8 0
a12-64.akam.net. 76526 IN A 184.26.160.64
;rrset 78264 1 1 8 0
dns2.p08.nsone.net. 78264 IN A 198.51.45.8
dns2.p08.nsone.net. 78264 IN RRSIG A 13 4 86400 20260130105758 20260129085758 12196 nsone.net. /BgAuTn/XtyYGSLfHFMG8ILzjfqdgvU2YSR+zvOaxP+B1MKkMBnt82drfhu2MVddcZUxn7FLvxUnb0KbLm9FFA== ;{id = 12196}
;rrset 83530 1 0 1 0
g-ns-8.awsdns-07.com. 83530 IN AAAA 2600:9000:5300:800::1
;rrset 83452 1 0 1 0
g-ns-959.awsdns-63.co.uk. 83452 IN A 205.251.195.191
;rrset 76523 3 0 1 0
ingrid.ns.cloudflare.com. 76523 IN A 108.162.192.165
ingrid.ns.cloudflare.com. 76523 IN A 172.64.32.165
ingrid.ns.cloudflare.com. 76523 IN A 173.245.58.165
;rrset 83452 1 0 8 0
ns-2042.awsdns-63.co.uk. 83452 IN AAAA 2600:9000:5307:fa00::1
;rrset 83452 1 0 1 0
e.nic.space. 83452 IN AAAA 2a04:2b00:13ee::51
;rrset 76526 1 0 1 0
g-ns-784.awsdns-14.net. 76526 IN AAAA 2600:9000:5303:1000::1
;rrset 76523 1 0 1 0
g-ns-623.awsdns-47.com. 76523 IN A 205.251.194.111
;rrset 78265 1 0 1 0
g-ns-1503.awsdns-28.co.uk. 78265 IN A 205.251.197.223
;rrset 76296 1 0 8 0
ns-global.kjsl.com. 76296 IN AAAA 2607:7c80:53::53
;rrset 76668 1 0 1 0
a.nic.ch. 76668 IN AAAA 2001:620:0:ff::56
;rrset 76524 4 0 2 0
ipv4only.arpa. 76524 IN NS a.iana-servers.net.
ipv4only.arpa. 76524 IN NS b.iana-servers.net.
ipv4only.arpa. 76524 IN NS c.iana-servers.net.
ipv4only.arpa. 76524 IN NS ns.icann.org.
;rrset 652 1 0 1 0
g-ns-1077.awsdns-50.org. 652 IN A 205.251.196.53
;rrset 77284 3 0 1 0
carmelo.ns.cloudflare.com. 77284 IN A 108.162.195.129
carmelo.ns.cloudflare.com. 77284 IN A 162.159.44.129
carmelo.ns.cloudflare.com. 77284 IN A 172.64.35.129
;rrset 764 1 0 1 0
g-ns-757.awsdns-51.org. 764 IN AAAA 2600:9000:5302:f500::1
;rrset 76523 1 0 8 0
ns-cloud-a1.googledomains.com. 76523 IN AAAA 2001:4860:4802:32::6a
;rrset 77048 1 0 1 0
g-ns-1368.awsdns-24.net. 77048 IN A 205.251.197.88
;rrset 78265 1 0 8 0
ns-596.awsdns-10.net. 78265 IN A 205.251.194.84
;rrset 76526 1 0 1 0
g-ns1.amzndns.co.uk. 76526 IN A 205.251.196.59
;rrset 76668 1 0 1 0
f.ext.nic.fr. 76668 IN AAAA 2001:67c:1010:11::53
;rrset 77066 1 0 1 0
ns01.quack-dns.com. 77066 IN AAAA 2607:f740:e049::1
;rrset 78579 1 0 1 0
g-ns-621.awsdns-45.com. 78579 IN A 205.251.194.109
;rrset 77882 3 1 8 0
kia.ns.cloudflare.com. 77882 IN AAAA 2803:f800:50::6ca2:c0b3
kia.ns.cloudflare.com. 77882 IN AAAA 2a06:98c1:50::ac40:20b3
kia.ns.cloudflare.com. 77882 IN AAAA 2606:4700:50::adf5:3ab3
kia.ns.cloudflare.com. 77882 IN RRSIG AAAA 13 4 86353 20260130105223 20260128085223 34505 cloudflare.com. H6oJzP2ZVI79bThyvrxjsyir0d2DFoATI5yjow3kcxkOGXWsjMfG3MfBpsOXxBnjtAiFCkQMdP5zLieV2qezkg== ;{id = 34505}
;rrset 76523 1 0 8 0
ns-1260.awsdns-29.org. 76523 IN AAAA 2600:9000:5304:ec00::1
;rrset 76522 1 0 1 0
g-ns-1977.awsdns-57.net. 76522 IN A 205.251.199.185
;rrset 75197 1 0 1 0
f.nic.de. 75197 IN A 81.91.164.5
;rrset 76668 1 0 8 0
ns-1800.awsdns-33.co.uk. 76668 IN A 205.251.199.8
;rrset 76551 4 0 2 0
awsdns-07.net. 76551 IN NS g-ns-456.awsdns-07.net.
awsdns-07.net. 76551 IN NS g-ns-777.awsdns-07.net.
awsdns-07.net. 76551 IN NS g-ns-1351.awsdns-07.net.
awsdns-07.net. 76551 IN NS g-ns-1927.awsdns-07.net.
;rrset 76521 1 0 1 0
dns2.nic.uk. 76521 IN AAAA 2401:fd80:400::1
;rrset 76526 1 0 8 0
ns-557.awsdns-05.net. 76526 IN A 205.251.194.45
;rrset 83564 1 0 1 0
g-ns-1777.awsdns-49.com. 83564 IN AAAA 2600:9000:5306:f100::1
;rrset 76526 1 0 1 0
pdns196.ultradns.com. 76526 IN A 156.154.64.196
;rrset 76551 1 0 1 0
g-ns-1522.awsdns-47.co.uk. 76551 IN A 205.251.197.242
;rrset 77048 1 0 1 0
g-ns-1483.awsdns-08.co.uk. 77048 IN A 205.251.197.203
;rrset 2837 1 1 11 5
7.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. 2837 IN DNSKEY 257 3 13 NOXY2KEvdZjDaBc1NI1MAaq2ZEVpQuDZZbBftHjw4qLAFQ+CRk0ccSEextbhEjkQl+VlwKpyn/OH5UvMLbn/kQ== ;{id = 31560 (ksk), size = 256b}
7.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. 2837 IN RRSIG DNSKEY 13 18 3600 20260212075344 20260129065344 31560 7.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. D0DTBdv9xDz94ZS8HpxH8gwKdTCy1Yrr+6bQpqJzEXkvi6thegFZSgKT0KW45hD0YP38QQvq6YfTZAe3zxrd4g== ;{id = 31560}
;rrset 77882 3 1 8 0
kia.ns.cloudflare.com. 77882 IN A 108.162.192.179
kia.ns.cloudflare.com. 77882 IN A 172.64.32.179
kia.ns.cloudflare.com. 77882 IN A 173.245.58.179
kia.ns.cloudflare.com. 77882 IN RRSIG A 13 4 86353 20260130105223 20260128085223 34505 cloudflare.com. pJxppHjoXJRE3WDRsxDSgJxjwVqh9D9DEk1F2NaAtvFsrWNkuuf02FMtFt/lShpjjkAWcmpwHaFRoGjlzHUBPw== ;{id = 34505}
;rrset 76552 1 0 1 0
g-ns-1970.awsdns-50.net. 76552 IN A 205.251.199.178
;rrset 83564 1 0 1 0
g-ns-41.awsdns-40.com. 83564 IN A 205.251.192.41
;rrset 76526 1 0 1 0
a12-65.akam.net. 76526 IN A 184.26.160.65
;rrset 75197 1 0 3 0
l.root-servers.net. 75197 IN AAAA 2001:500:9f::42
;rrset 76596 1 0 1 0
g-ns-915.awsdns-19.co.uk. 76596 IN AAAA 2600:9000:5303:9300::1
;rrset 76553 1 0 1 0
g-ns-1179.awsdns-27.com. 76553 IN AAAA 2600:9000:5304:9b00::1
;rrset 568 1 1 2 0
52ko96budrr3nmfkc8cbka2vfqnm5jps.io. 568 IN NSEC3 1 1 0 73 52lutsdksgkqrk7m3ijuqcal9s5c8tt3 NS SOA RRSIG DNSKEY NSEC3PARAM ;{flags: optout}
52ko96budrr3nmfkc8cbka2vfqnm5jps.io. 568 IN RRSIG NSEC3 8 2 3600 20260219112129 20260129102129 44475 io. o/Z1yY3AMfePNTexWgz0B5Mxsd53NEU448FEgiCupHBJXxWPH8rrJxG3txFuytZ1UhpM8/dToAcRrAIFqcJa4OlOgnDayaoCLrREI6zKhlo9JOhw7UFB8LsFwamvxNEaESEikKtwbqAHC/1fPPBGZzm7rup4XovAXsD5ICti10g= ;{id = 44475}
;rrset 76526 1 0 1 0
g-ns-1839.awsdns-43.co.uk. 76526 IN A 205.251.199.47
;rrset 3620 1 0 8 0
ns.second-ns.com. 3620 IN A 213.239.204.242
;rrset 83452 1 0 8 0
ns-381.awsdns-47.com. 83452 IN A 205.251.193.125
;rrset 76551 1 0 1 0
g-ns-505.awsdns-56.net. 76551 IN A 205.251.193.249
;rrset 76658 1 0 1 0
g-ns-49.awsdns-48.com. 76658 IN A 205.251.192.49
;rrset 76658 1 0 1 0
g-ns-502.awsdns-53.net. 76658 IN AAAA 2600:9000:5301:f600::1
;rrset 588 1 0 8 0
ns01.oblookup.com. 588 IN A 104.225.40.1
;rrset 76296 3 0 1 0
woz.ns.cloudflare.com. 76296 IN AAAA 2606:4700:58::adf5:3b96
woz.ns.cloudflare.com. 76296 IN AAAA 2803:f800:50::6ca2:c196
woz.ns.cloudflare.com. 76296 IN AAAA 2a06:98c1:50::ac40:2196
;rrset 76521 4 0 2 0
awsdns-14.co.uk. 76521 IN NS g-ns-334.awsdns-14.co.uk.
awsdns-14.co.uk. 76521 IN NS g-ns-910.awsdns-14.co.uk.
awsdns-14.co.uk. 76521 IN NS g-ns-1489.awsdns-14.co.uk.
awsdns-14.co.uk. 76521 IN NS g-ns-1810.awsdns-14.co.uk.
;rrset 76526 1 0 1 0
n.gtld.biz. 76526 IN A 204.74.107.1
;rrset 76523 1 0 1 0
g-ns-377.awsdns-57.co.uk. 76523 IN A 205.251.193.121
;rrset 75574 1 0 1 0
b2.org.afilias-nst.org. 75574 IN AAAA 2001:500:48::1
;rrset 75197 1 0 1 0
d.gtld-servers.net. 75197 IN AAAA 2001:500:856e::30
;rrset 78361 1 0 1 0
g-ns-341.awsdns-21.co.uk. 78361 IN A 205.251.193.85
;rrset 76524 1 0 8 0
ns-206.awsdns-25.com. 76524 IN AAAA 2600:9000:5300:ce00::1
;rrset 77957 1 0 1 0
g-ns-592.awsdns-16.com. 77957 IN AAAA 2600:9000:5302:5000::1
;rrset 18924 1 1 8 0
b.icann-servers.net. 18924 IN AAAA 2001:500:8d::53
b.icann-servers.net. 18924 IN RRSIG AAAA 13 3 28800 20260207012500 20260117035519 44294 icann-servers.net. yfnPYx5KzRH0WDRensxj6ps375p3BN4JK9JN8pWN9kXXaqr285Gb0LpowzgqiaZfpU8nKfVHuF8/i+gjfoCGmA== ;{id = 44294}
;rrset 76658 1 0 8 0
ns-940.awsdns-53.net. 76658 IN AAAA 2600:9000:5303:ac00::1
;rrset 999 4 0 2 0
adtrafficquality.google. 999 IN NS ns1.google.com.
adtrafficquality.google. 999 IN NS ns4.google.com.
adtrafficquality.google. 999 IN NS ns3.google.com.
adtrafficquality.google. 999 IN NS ns2.google.com.
;rrset 76553 1 0 8 0
ns-664.awsdns-19.net. 76553 IN AAAA 2600:9000:5302:9800::1
;rrset 76034 1 0 1 0
a1-67.akam.net. 76034 IN AAAA 2600:1401:2::43
;rrset 78526 1 0 1 0
g-ns-1779.awsdns-51.com. 78526 IN A 205.251.198.243
;rrset 76521 1 0 1 0
g-ns-1760.awsdns-32.com. 76521 IN A 205.251.198.224
;rrset 78264 1 0 8 0
ns-421.awsdns-52.com. 78264 IN AAAA 2600:9000:5301:a500::1
;rrset 75197 1 0 1 0
k.gtld-servers.net. 75197 IN AAAA 2001:503:d2d::30
;rrset 76551 1 0 1 0
g-ns-1746.awsdns-18.com. 76551 IN A 205.251.198.210
;rrset 75574 3 0 2 0
hetzner.de. 75574 IN NS ns.second-ns.com.
hetzner.de. 75574 IN NS ns1.your-server.de.
hetzner.de. 75574 IN NS ns3.second-ns.de.
;rrset 76551 1 0 1 0
g-ns-1757.awsdns-29.com. 76551 IN A 205.251.198.221
;rrset 76526 1 0 1 0
ns3-194.akamaiedge.net. 76526 IN A 23.61.199.194
;rrset 75197 3 1 2 0
ip6.arpa. 75197 IN DS 13880 8 2 068554EFCB5861F42AF93EF8E79C442A86C16FC5652E6B6D2419ED527F344D17
ip6.arpa. 75197 IN DS 45094 8 2 E6B54E0A20CE1EDBFCB6879C02F5782059CECB043A31D804A04AFA51AF01D5FB
ip6.arpa. 75197 IN DS 64060 8 2 8A11501086330132BE2C23F22DEDF0634AD5FF668B4AA1988E172C6A2A4E5F7B
ip6.arpa. 75197 IN RRSIG DS 8 2 86400 20260211060000 20260129050000 41323 arpa. oWV16s7JfHJ2iJ6iPAiR/PEViinBSA9x/TvwcM0S7Jh6jKN7SD6EBj5Vi/E61OUivQPVcUpUY0tN4bHihv6B8rRbRYKEtyVJwKOGVO54Jp11mgadi4z9lrFBbBuAfcXXRLUbliTeZB05j5BbyN0gJDT897CuRqa+SBnT8aZyzaksDnFMIb2fKLVc/MHjaUTWrpecDCXiwssL5NvlpyhcffwDM7jJC4D464plyRqszft1IgVkCpUCWzsCWKHGz3dDq1ojXPd6VYPgudwFSIw7src8rsuYT1+Gxs/tL+UCXGKnIyGrTWhJxGbEO+8w2DAO0qQl3pLIDeeqXtNYsv+m7A== ;{id = 41323}
;rrset 75197 1 0 3 0
k.root-servers.net. 75197 IN AAAA 2001:7fd::1
;rrset 83388 1 0 1 0
g-ns-1399.awsdns-55.net. 83388 IN AAAA 2600:9000:5305:7700::1
;rrset 83388 1 0 1 0
g-ns-504.awsdns-55.net. 83388 IN A 205.251.193.248
;rrset 76553 1 0 8 0
ns-1543.awsdns-00.co.uk. 76553 IN A 205.251.198.7
;rrset 76553 1 0 8 0
ns-1625.awsdns-11.co.uk. 76553 IN A 205.251.198.89
;rrset 78265 1 0 8 0
ns-370.awsdns-46.com. 78265 IN AAAA 2600:9000:5301:7200::1
;rrset 20 1 0 7 0
hetzner.de. 20 IN SOA ns1.your-server.de. postmaster.your-server.de. 2026010901 86400 1800 3600000 3600
;rrset 76526 1 0 1 0
g-ns-921.awsdns-25.co.uk. 76526 IN A 205.251.195.153
;rrset 76553 1 0 1 0
g-ns-1167.awsdns-15.com. 76553 IN AAAA 2600:9000:5304:8f00::1
;rrset 75574 13 0 2 0
com. 75574 IN NS i.gtld-servers.net.
com. 75574 IN NS f.gtld-servers.net.
com. 75574 IN NS g.gtld-servers.net.
com. 75574 IN NS l.gtld-servers.net.
com. 75574 IN NS d.gtld-servers.net.
com. 75574 IN NS j.gtld-servers.net.
com. 75574 IN NS a.gtld-servers.net.
com. 75574 IN NS e.gtld-servers.net.
com. 75574 IN NS h.gtld-servers.net.
com. 75574 IN NS b.gtld-servers.net.
com. 75574 IN NS c.gtld-servers.net.
com. 75574 IN NS k.gtld-servers.net.
com. 75574 IN NS m.gtld-servers.net.
;rrset 77048 1 0 8 0
ns-704.awsdns-24.net. 77048 IN A 205.251.194.192
;rrset 76655 2 0 2 0
deepl.com. 76655 IN NS walt.ns.cloudflare.com.
deepl.com. 76655 IN NS michelle.ns.cloudflare.com.
;rrset 77929 2 0 2 0
thunderbird.net. 77929 IN NS nick.ns.cloudflare.com.
thunderbird.net. 77929 IN NS kia.ns.cloudflare.com.
;rrset 83564 1 0 1 0
g-ns-1826.awsdns-30.co.uk. 83564 IN A 205.251.199.34
;rrset 76596 3 0 1 0
amber.ns.cloudflare.com. 76596 IN AAAA 2606:4700:50::adf5:3a40
amber.ns.cloudflare.com. 76596 IN AAAA 2803:f800:50::6ca2:c040
amber.ns.cloudflare.com. 76596 IN AAAA 2a06:98c1:50::ac40:2040
;rrset 76597 4 0 2 0
awsdns-33.net. 76597 IN NS g-ns-482.awsdns-33.net.
awsdns-33.net. 76597 IN NS g-ns-803.awsdns-33.net.
awsdns-33.net. 76597 IN NS g-ns-1377.awsdns-33.net.
awsdns-33.net. 76597 IN NS g-ns-1953.awsdns-33.net.
;rrset 83388 1 0 8 0
ns-1227.awsdns-25.org. 83388 IN A 205.251.196.203
;rrset 83388 1 0 1 0
g-ns-1510.awsdns-35.co.uk. 83388 IN A 205.251.197.230
;rrset 953 1 1 2 0
jlivjl59tm8gk4p27iu8l97a2au723r5.co.uk. 953 IN NSEC3 1 1 0 - jlj7j8qjft77msesms5lkpt74v78n3ib NS DS RRSIG ;{flags: optout}
jlivjl59tm8gk4p27iu8l97a2au723r5.co.uk. 953 IN RRSIG NSEC3 8 3 10800 20260301185916 20260125182802 44346 co.uk. XlSa9pGvGdAm+eflr6D4wc/4H0G4+jGo1sTuExZ8t5Ca4GUOKcyNzg5MuL5OhmV2t8fM2ijWoWV4ppE5W5o/XdRIzg/O8ArAsVtBZBcVi027+ZJCMazgHV3uA2HR53+UDdjB0ysrlv7TAdXbyy1I241OTVSboYJO9xLfKOkrseRswgbJGNVzo2D14Yde46Cx8758GJlR15Ex4SVIVTXTrBxL9SFVUSm8rCQ3HPl+XEYE1eBfto3Dx4RUICb/p6TGefiZYAwZ7atYoVJC0CLwTcA4fm14GgqCgGFIllgaM6BNHBCxqWB/tbhCvpmEIEi6JSqY9lfkU/bgVT8aDlnDKA== ;{id = 44346}
;rrset 78265 1 0 1 0
g-ns-1516.awsdns-41.co.uk. 78265 IN A 205.251.197.236
;rrset 83452 1 0 1 0
g-ns-785.awsdns-15.net. 83452 IN AAAA 2600:9000:5303:1100::1
;rrset 76521 1 0 8 0
ns-1655.awsdns-14.co.uk. 76521 IN A 205.251.198.119
;rrset 588 1 0 8 0
ns02.oblookup.com. 588 IN A 104.225.40.65
;rrset 76668 1 0 8 0
ns-507.awsdns-63.com. 76668 IN AAAA 2600:9000:5301:fb00::1
;rrset 76526 1 0 1 0
x.gtld.biz. 76526 IN A 37.209.194.13
;rrset 76658 1 0 1 0
g-ns-1973.awsdns-53.net. 76658 IN A 205.251.199.181
;rrset 77067 1 1 8 0
dns3.p05.nsone.net. 77067 IN AAAA 2620:4d:4000:6259:7:5:0:3
dns3.p05.nsone.net. 77067 IN RRSIG AAAA 13 4 86400 20260130103801 20260129083801 12196 nsone.net. etQmgFmHMKpSdVJ7FuQ5h/nKXZKwdLEwrPUH5yl+4mVotykEnOpDCYIX5C8bl+Nts6IW6SkodyS6YEoeBKh+Vg== ;{id = 12196}
;rrset 76523 1 0 1 0
g-ns-1532.awsdns-57.co.uk. 76523 IN A 205.251.197.252
;rrset 76596 1 0 1 0
g-ns-632.awsdns-56.com. 76596 IN AAAA 2600:9000:5302:7800::1
;rrset 76596 2 0 2 0
mybrowseraddon.com. 76596 IN NS phil.ns.cloudflare.com.
mybrowseraddon.com. 76596 IN NS amber.ns.cloudflare.com.
;rrset 76523 4 0 2 0
awsdns-12.net. 76523 IN NS g-ns-461.awsdns-12.net.
awsdns-12.net. 76523 IN NS g-ns-782.awsdns-12.net.
awsdns-12.net. 76523 IN NS g-ns-1356.awsdns-12.net.
awsdns-12.net. 76523 IN NS g-ns-1932.awsdns-12.net.
;rrset 76526 1 0 1 0
g-ns-340.awsdns-20.co.uk. 76526 IN AAAA 2600:9000:5301:5400::1
;rrset 76551 1 0 1 0
g-ns-30.awsdns-29.com. 76551 IN AAAA 2600:9000:5300:1e00::1
;rrset 32881 1 1 8 0
rirns.arin.net. 32881 IN A 199.253.249.53
rirns.arin.net. 32881 IN RRSIG A 8 3 43200 20260211130019 20260128120019 39303 arin.net. NHVzaAhtTh/Q0mS0MYCofVxqsFegMloc9YTWWtHcISXI8HZoPDjF79T0V6GMK9DFIfrAVl3DMo2lsytaI0Efelp5iWpGJNIiBJny9yhE6FRkHGVx+DoZ7PSdPvhSdfhUS4O7G8Uu7Iu4pcwr9Hwy+lUlDshg4KQpRlqw022KfIU= ;{id = 39303}
;rrset 77067 1 1 8 0
dns3.p05.nsone.net. 77067 IN A 198.51.44.69
dns3.p05.nsone.net. 77067 IN RRSIG A 13 4 86400 20260130103801 20260129083801 12196 nsone.net. 15VC1LMVLGXorPI6vhBL977WcPorfKag0wlGd5tr4efF2Qkz870w0FMoZYR93oQVyGZHEFPCcK1ShEihGSK3oA== ;{id = 12196}
;rrset 76658 1 0 1 0
g-ns-1200.awsdns-48.com. 76658 IN AAAA 2600:9000:5304:b000::1
;rrset 76658 1 0 1 0
g-ns-1776.awsdns-48.com. 76658 IN A 205.251.198.240
;rrset 76526 1 0 1 0
d0.info.afilias-nst.org. 76526 IN AAAA 2001:500:1c::1
;rrset 76668 1 1 8 0
nsusa.comlaude.net. 76668 IN AAAA 2620:4d:4000:6259:7:11:0:3
nsusa.comlaude.net. 76668 IN RRSIG AAAA 13 3 86400 20260130103122 20260129083122 8875 comlaude.net. CF+qh3HA4xoZ8VJW1a5oOO5HNJLyhzZhQl7l/t+3w+bSRGvlPq/0yUHhxEvyVuZpHhobe0w/BJojjdlNcxkIag== ;{id = 8875}
;rrset 76576 4 0 2 0
googletagmanager.com. 76576 IN NS ns2.google.com.
googletagmanager.com. 76576 IN NS ns1.google.com.
googletagmanager.com. 76576 IN NS ns3.google.com.
googletagmanager.com. 76576 IN NS ns4.google.com.
;rrset 76526 1 0 1 0
g-ns-363.awsdns-43.co.uk. 76526 IN AAAA 2600:9000:5301:6b00::1
;rrset 76523 4 0 2 0
awsdns-56.co.uk. 76523 IN NS g-ns-952.awsdns-56.co.uk.
awsdns-56.co.uk. 76523 IN NS g-ns-1852.awsdns-56.co.uk.
awsdns-56.co.uk. 76523 IN NS g-ns-376.awsdns-56.co.uk.
awsdns-56.co.uk. 76523 IN NS g-ns-1531.awsdns-56.co.uk.
;rrset 78265 1 0 1 0
g-ns-1837.awsdns-41.co.uk. 78265 IN A 205.251.199.45
;rrset 76552 1 0 1 0
g-ns-53.awsdns-52.com. 76552 IN A 205.251.192.53
;rrset 83388 1 0 1 0
g-ns-355.awsdns-35.co.uk. 83388 IN A 205.251.193.99
;rrset 568 1 1 2 0
2t53b8j6q3gl3c7giai458rtnbd7u4rj.io. 568 IN NSEC3 1 1 0 73 2t58qbe3bqi92p0i0se3kkmpgdmhtctt NS DS RRSIG ;{flags: optout}
2t53b8j6q3gl3c7giai458rtnbd7u4rj.io. 568 IN RRSIG NSEC3 8 2 3600 20260215154530 20260125144530 44475 io. mHTxyHjMEeS8D8cfI12K0AUa91q0HPqnp12Pk7LQ4QsZ8OR6r92i+7v3Qg9+V9zCFApHtQXdI55/C6efAQSYMXtbL3G9XyjygqcP/7/xAH8ov9WxbMNv/o41xSIXVaHzYunLsc1vccPCFhb+dUQQacDg0BvlIGryRqJhXvo5Rf8= ;{id = 44475}
;rrset 83383 3 0 2 0
iocnt.net. 83383 IN NS ns.infonline.de.
iocnt.net. 83383 IN NS ns3.infonline.de.
iocnt.net. 83383 IN NS ns4.infonline.de.
;rrset 76553 1 0 1 0
g-ns-1389.awsdns-45.net. 76553 IN AAAA 2600:9000:5305:6d00::1
;rrset 75197 4 0 2 0
telekom.de. 75197 IN NS ns1.telekom.net.
telekom.de. 75197 IN NS pns.dtag.de.
telekom.de. 75197 IN NS dns1.telekom.de.
telekom.de. 75197 IN NS dns2.telekom.de.
;rrset 76620 3 1 8 0
gabe.ns.cloudflare.com. 76620 IN A 172.64.33.114
gabe.ns.cloudflare.com. 76620 IN A 173.245.59.114
gabe.ns.cloudflare.com. 76620 IN A 108.162.193.114
gabe.ns.cloudflare.com. 76620 IN RRSIG A 13 4 86353 20260130103121 20260128083121 34505 cloudflare.com. 1PzjWROme6YuS2WnGkI8M+RqXymx1TKndS3kdIvsu+seKgRCVSmX1JBW/JDi02vSqvwcQMZSQ67iC52U3oCkAw== ;{id = 34505}
;rrset 764 1 0 1 0
g-ns-133.awsdns-05.org. 764 IN A 205.251.192.133
;rrset 76668 1 0 1 0
d.nic.fr. 76668 IN AAAA 2001:678:c::1
;rrset 76526 1 0 1 0
pdns109.ultradns.net. 76526 IN A 156.154.65.109
;rrset 76524 1 0 1 0
g-ns-1796.awsdns-00.co.uk. 76524 IN AAAA 2600:9000:5307:400::1
;rrset 76668 1 0 1 0
f.ext.nic.fr. 76668 IN A 194.146.106.46
;rrset 76296 1 1 2 0
foundationdns.net. 76296 IN DS 2371 13 2 75A54A833569CF9384395F952A3D65ED157C715EA1BA6E86703278FC35162255
foundationdns.net. 76296 IN RRSIG DS 13 2 86400 20260202032034 20260126021034 44109 net. LbkgcIF03eyUhCX6LZj2FYvslFe8Xfw7KFX9klvMG7lDgsntFUXNkqjnnbJ3xDM0Ep6RNIlWQOOStN/Fnog/rg== ;{id = 44109}
;rrset 76249 3 1 8 0
blue.foundationdns.com. 76249 IN A 172.64.40.1
blue.foundationdns.com. 76249 IN A 108.162.198.1
blue.foundationdns.com. 76249 IN A 162.159.60.1
blue.foundationdns.com. 76249 IN RRSIG A 13 3 86353 20260130102510 20260128082510 34505 foundationdns.com. cb/r/jwF+W7CnyQDXc/2/TA403S7N9ooRHg1xF6NQEWPv6lJfnLBjS4Kro77zAogCCvkrxhutISRS/2QkwEQWQ== ;{id = 34505}
;rrset 76553 1 0 8 0
ns-1295.awsdns-33.org. 76553 IN AAAA 2600:9000:5305:f00::1
;rrset 76081 1 0 1 0
apnic.authdns.ripe.net. 76081 IN AAAA 2a13:27c0:30::9
;rrset 76081 1 0 1 0
b.dns.br. 76081 IN A 200.189.41.10
;rrset 19069 1 1 8 0
dns2.cscdns.net. 19069 IN A 156.154.131.100
dns2.cscdns.net. 19069 IN RRSIG A 13 3 28800 20260208103340 20260125103340 17243 cscdns.net. szmOhWyGh7/SPFHR/VTQkqX8scR7TVJe1zA77nxrgDeoLUziC/jXi0U7ue93ykwB++tjyUVSiUb/pIX0GjbrLg== ;{id = 17243}
;rrset 75197 1 0 1 0
e.gtld-servers.net. 75197 IN A 192.12.94.30
;rrset 926 1 1 2 0
5U0GL29VNM36F8VL4KEGIQAUQ2DJJKCF.co.uk. 926 IN NSEC3 1 1 0 - 5u0stk6gkkkn0b1hlppb7un5f5dj208o NS DS RRSIG ;{flags: optout}
5U0GL29VNM36F8VL4KEGIQAUQ2DJJKCF.co.uk. 926 IN RRSIG NSEC3 8 3 10800 20260305042511 20260129042035 44346 co.uk. MSJ5qTnQR4ssuPjqaPK0zFVCBZ3kzheDBlHi76NY26KzU5Vh49G/YDv9/xMC/Rsauj95EoD5QqlySQql96rYWxLLW59/TR2QxYAxfAiI4y9jmgmoloRG85/p+DikYtcS0mIF99ozAegfm26hlVzHOQ4Bn92vg9nDLbLrw7k+s1TlWH5lJFB/HOX0FxADUqyupMFTznZqEfbLY+FWHdNGIBbfacIk6Y+3W8Uwa388Hc/fmTgds/Hl11B/PmUo6T/Zyp7siUuAkGFtKeV4Qato9CQOgox7+Vc06Si9P5GsuUGR2Sli5b3hMiPruoYZRc1wt8u4Rker6E9HrrHG8wBThQ== ;{id = 44346}
;rrset 76034 1 0 1 0
a1-67.akam.net. 76034 IN A 193.108.91.67
;rrset 76034 1 0 1 0
a18-67.akam.net. 76034 IN AAAA 2600:1480:4800::43
;rrset 76523 1 0 1 0
g-ns-1356.awsdns-12.net. 76523 IN AAAA 2600:9000:5305:4c00::1
;rrset 76551 1 0 1 0
g-ns-367.awsdns-47.co.uk. 76551 IN A 205.251.193.111
;rrset 76526 1 0 1 0
c0.info.afilias-nst.info. 76526 IN AAAA 2001:500:1b::1
;rrset 76526 4 0 2 0
brandshelter.net. 76526 IN NS pdns109.ultradns.net.
brandshelter.net. 76526 IN NS pdns109.ultradns.com.
brandshelter.net. 76526 IN NS pdns109.ultradns.biz.
brandshelter.net. 76526 IN NS pdns109.ultradns.org.
;rrset 76523 4 0 2 0
awsdns-03.com. 76523 IN NS g-ns-4.awsdns-03.com.
awsdns-03.com. 76523 IN NS g-ns-579.awsdns-03.com.
awsdns-03.com. 76523 IN NS g-ns-1155.awsdns-03.com.
awsdns-03.com. 76523 IN NS g-ns-1731.awsdns-03.com.
;rrset 76599 5 0 2 0
google. 76599 IN NS ns-tld1.charlestonroadregistry.com.
google. 76599 IN NS ns-tld2.charlestonroadregistry.com.
google. 76599 IN NS ns-tld3.charlestonroadregistry.com.
google. 76599 IN NS ns-tld4.charlestonroadregistry.com.
google. 76599 IN NS ns-tld5.charlestonroadregistry.com.
;rrset 76526 1 0 1 0
ns61.ultradns2.com. 76526 IN AAAA 2610:a1:313d::53
;rrset 76523 1 0 1 0
g-ns-1388.awsdns-44.net. 76523 IN A 205.251.197.108
;rrset 76526 1 0 1 0
ns2.google.com. 76526 IN A 216.239.34.10
;rrset 988 1 0 8 0
n7g.akamaiedge.net. 988 IN A 2.16.240.148
;rrset 76553 1 0 1 0
g-ns-1798.awsdns-02.co.uk. 76553 IN AAAA 2600:9000:5307:600::1
;rrset 83564 1 0 8 0
ns-2043.awsdns-63.co.uk. 83564 IN A 205.251.199.251
;rrset 77048 1 0 1 0
g-ns-794.awsdns-24.net. 77048 IN AAAA 2600:9000:5303:1a00::1
;rrset 76553 1 0 1 0
g-ns-603.awsdns-27.com. 76553 IN A 205.251.194.91
;rrset 76526 1 0 1 0
ns3.google.com. 76526 IN A 216.239.36.10
;rrset 76082 6 0 2 0
afrinic.net. 76082 IN NS ns1.afrinic.net.
afrinic.net. 76082 IN NS ns4.apnic.net.
afrinic.net. 76082 IN NS ns3.afrinic.net.
afrinic.net. 76082 IN NS ns2.afrinic.net.
afrinic.net. 76082 IN NS afrinic.authdns.ripe.net.
afrinic.net. 76082 IN NS rirns.arin.net.
;rrset 83452 1 0 8 0
ns-1072.awsdns-06.org. 83452 IN A 205.251.196.48
;rrset 76521 1 0 8 0
ns-1471.awsdns-55.org. 76521 IN AAAA 2600:9000:5305:bf00::1
;rrset 83452 1 0 8 0
ns-1431.awsdns-50.org. 83452 IN A 205.251.197.151
;rrset 83388 1 0 1 0
g-ns-336.awsdns-16.co.uk. 83388 IN A 205.251.193.80
;rrset 76553 4 0 2 0
awsdns-45.net. 76553 IN NS g-ns-494.awsdns-45.net.
awsdns-45.net. 76553 IN NS g-ns-815.awsdns-45.net.
awsdns-45.net. 76553 IN NS g-ns-1389.awsdns-45.net.
awsdns-45.net. 76553 IN NS g-ns-1965.awsdns-45.net.
;rrset 83452 1 0 1 0
g-ns-1493.awsdns-18.co.uk. 83452 IN A 205.251.197.213
;rrset 76522 1 0 1 0
g-ns-1172.awsdns-20.com. 76522 IN AAAA 2600:9000:5304:9400::1
;rrset 76081 1 0 1 0
u.arin.net. 76081 IN AAAA 2001:500:14:6050:ad::1
;rrset 76597 1 0 1 0
g-ns-1377.awsdns-33.net. 76597 IN A 205.251.197.97
;rrset 76521 1 0 1 0
g-ns-1184.awsdns-32.com. 76521 IN AAAA 2600:9000:5304:a000::1
;rrset 76526 1 0 8 0
a5-67.akam.net. 76526 IN A 95.100.168.67
;rrset 83564 1 0 8 0
ns-562.awsdns-06.net. 83564 IN A 205.251.194.50
;rrset 76526 1 0 1 0
g-ns2.amzndns.co.uk. 76526 IN A 205.251.192.126
;rrset 76553 1 0 8 0
ns-1502.awsdns-59.org. 76553 IN AAAA 2600:9000:5305:de00::1
;rrset 76668 1 0 1 0
g-ns-360.awsdns-40.co.uk. 76668 IN A 205.251.193.104
;rrset 76596 1 0 8 0
d.ns.facebook.com. 76596 IN A 185.89.219.12
;rrset 78361 1 0 1 0
g-ns-1817.awsdns-21.co.uk. 78361 IN AAAA 2600:9000:5307:1900::1
;rrset 76668 1 0 1 0
g-ns-1984.awsdns-63.com. 76668 IN AAAA 2600:9000:5307:c000::1
;rrset 76551 4 0 2 0
awsdns-18.com. 76551 IN NS g-ns-19.awsdns-18.com.
awsdns-18.com. 76551 IN NS g-ns-594.awsdns-18.com.
awsdns-18.com. 76551 IN NS g-ns-1170.awsdns-18.com.
awsdns-18.com. 76551 IN NS g-ns-1746.awsdns-18.com.
;rrset 76523 1 0 1 0
g-ns-928.awsdns-32.co.uk. 76523 IN AAAA 2600:9000:5303:a000::1
;rrset 83452 1 0 1 0
g-ns-1936.awsdns-16.net. 83452 IN A 205.251.199.144
;rrset 76526 1 0 8 0
ns-629.awsdns-14.net. 76526 IN AAAA 2600:9000:5302:7500::1
;rrset 76526 4 0 2 0
google.com. 76526 IN NS ns2.google.com.
google.com. 76526 IN NS ns1.google.com.
google.com. 76526 IN NS ns3.google.com.
google.com. 76526 IN NS ns4.google.com.
;rrset 4669 1 0 8 0
udns1.cscudns.com. 4669 IN A 204.74.66.14
;rrset 75197 1 0 3 0
d.root-servers.net. 75197 IN A 199.7.91.13
;rrset 77066 1 0 1 0
ns02.quack-dns.com. 77066 IN AAAA 2607:f740:e049:4::1
;rrset 76551 1 0 1 0
g-ns-1976.awsdns-56.net. 76551 IN A 205.251.199.184
;rrset 76081 1 1 2 0
0.a.2.ip6.arpa. 76081 IN DS 33108 13 2 82A4585F9949992B5D446D71FE8855BC3EE46D00291ADD210C5C4F187AB4C33E
0.a.2.ip6.arpa. 76081 IN RRSIG DS 8 5 86400 20260211133305 20260121052035 39156 ip6.arpa. M8JRblwOMdirQtFrO2Cg1yfS9O50et0exDkCNgsV12VgwhcNbh4Ha/+ONzaVxn2Tmu5kZxD6Brdb0LS5Oas9YcpiEr04br41E/dHJfXgKohTNnxk7fE8PbNx+Pc7O3LdMudjCinH8oyvLDE+KIIfj3jDxdaBsBKKjXpKEvAm6+s= ;{id = 39156}
;rrset 76668 4 0 2 0
ne. 76668 IN NS ne.cctld.authdns.ripe.net.
ne. 76668 IN NS ns.intnet.ne.
ne. 76668 IN NS bow.rain.fr.
ne. 76668 IN NS ns-ne.afrinic.net.
;rrset 76599 1 0 1 0
ns-tld3.charlestonroadregistry.com. 76599 IN A 216.239.36.105
;rrset 76523 1 0 1 0
g-ns-623.awsdns-47.com. 76523 IN AAAA 2600:9000:5302:6f00::1
;rrset 76521 1 0 1 0
g-ns-608.awsdns-32.com. 76521 IN A 205.251.194.96
;rrset 76668 1 0 1 0
g-ns-635.awsdns-59.com. 76668 IN A 205.251.194.123
;rrset 76552 1 0 1 0
g-ns-820.awsdns-50.net. 76552 IN A 205.251.195.52
;rrset 83451 1 0 1 0
ns3.inexio.net. 83451 IN AAAA 2a00:1f08:4047::2
;rrset 83388 1 0 1 0
g-ns-1752.awsdns-24.com. 83388 IN A 205.251.198.216
;rrset 76658 1 0 1 0
g-ns-948.awsdns-52.co.uk. 76658 IN A 205.251.195.180
;rrset 77066 1 0 1 0
dns1.p01.nsone.net. 77066 IN AAAA 2620:4d:4000:6259:7:1:0:1
;rrset 76552 1 0 1 0
g-ns-43.awsdns-42.com. 76552 IN A 205.251.192.43
;rrset 76249 3 1 8 0
red.foundationdns.org. 76249 IN AAAA 2606:4700:57::6ca2:c63f
red.foundationdns.org. 76249 IN AAAA 2a06:98c1:56::ac40:283f
red.foundationdns.org. 76249 IN AAAA 2803:f800:52::a29f:3c3f
red.foundationdns.org. 76249 IN RRSIG AAAA 13 3 86353 20260130102510 20260128082510 34505 foundationdns.org. BsY01JMbguwiryEptOdoMXTfSJVdmSRNBNI2r9rwV4AXjjdi63Qj3tG98tClALikUMD9M9CJq4LvQ3dqDdfgmQ== ;{id = 34505}
;rrset 75197 1 0 8 0
dns02.dns.t-ipnet.de. 75197 IN AAAA 2003:180:4:a::1:53
;rrset 1770 1 1 11 5
0.0.10.in-addr.arpa. 1770 IN DNSKEY 257 3 13 kw0kc3Zqwc7oMD7Ag8fjIBcercCngxd3x5G/AvUsoNUJq82aAYNIiRipCxJfdHKTeXKwElqhZnpTE4qNCvALfA== ;{id = 6101 (ksk), size = 256b}
0.0.10.in-addr.arpa. 1770 IN RRSIG DNSKEY 13 5 3600 20260212075344 20260129065344 6101 0.0.10.in-addr.arpa. XgXidv8H3arqneAWcmWWk+YiQRXN4Eb1BYTstf+tqUFpKnyJCTjoBSoL64ezmYYCWRJO4WdtrDXm2ZHWeE3AZA== ;{id = 6101}
;rrset 78526 1 0 8 0
ns-409.awsdns-51.com. 78526 IN AAAA 2600:9000:5301:9900::1
;rrset 3620 1 0 8 0
oxygen.ns.hetzner.com. 3620 IN AAAA 2a01:4f8:0:1::add:2992
;rrset 1217 1 1 7 0
6URQR9IA73I7D6SAAHRPPVL2BOFGR8F7.13.92.217.in-addr.arpa. 1217 IN NSEC3 1 0 0 - bapvhm28eh7au2o6tvuv10t1di95g4m8 NS SOA MX RRSIG DNSKEY NSEC3PARAM TYPE65534
6URQR9IA73I7D6SAAHRPPVL2BOFGR8F7.13.92.217.in-addr.arpa. 1217 IN RRSIG NSEC3 13 6 3600 20260211092948 20260128191743 7117 13.92.217.in-addr.arpa. Wb/clwOCQlFfVD3hFWmvyJa5phg3R4sbuggoOuIw6UY0MUf1t5M01SxLoDtQgOTyp+6wPJn6VVNSThrnldpTpg== ;{id = 7117}
;rrset 83564 1 0 1 0
g-ns-485.awsdns-36.net. 83564 IN A 205.251.193.229
;rrset 76526 1 0 8 0
pdns109.ultradns.com. 76526 IN AAAA 2001:502:f3ff::91
;rrset 76523 1 0 8 0
ns-cloud-b3.googledomains.com. 76523 IN A 216.239.36.107
;rrset 83452 1 0 1 0
g-ns-1935.awsdns-15.net. 83452 IN AAAA 2600:9000:5307:8f00::1
;rrset 76522 4 0 2 0
awsdns-20.com. 76522 IN NS g-ns-21.awsdns-20.com.
awsdns-20.com. 76522 IN NS g-ns-596.awsdns-20.com.
awsdns-20.com. 76522 IN NS g-ns-1172.awsdns-20.com.
awsdns-20.com. 76522 IN NS g-ns-1748.awsdns-20.com.
;rrset 76553 1 0 1 0
g-ns-16.awsdns-15.com. 76553 IN AAAA 2600:9000:5300:1000::1
;rrset 83452 1 0 1 0
g-ns-1359.awsdns-15.net. 83452 IN AAAA 2600:9000:5305:4f00::1
;rrset 76249 3 1 8 0
blue.foundationdns.org. 76249 IN AAAA 2803:f800:52::a29f:3c3d
blue.foundationdns.org. 76249 IN AAAA 2606:4700:57::6ca2:c63d
blue.foundationdns.org. 76249 IN AAAA 2a06:98c1:56::ac40:283d
blue.foundationdns.org. 76249 IN RRSIG AAAA 13 3 86353 20260130102510 20260128082510 34505 foundationdns.org. 0hn5S7O8I9onRFmOq8nm6Jkh3lKyo97wKa5z7TwJXFH9wKdyoLiSHFfxUXpOYUgkGqqG8Vv7HKCfYji9lLgxTg== ;{id = 34505}
;rrset 83564 4 0 2 0
awsdns-43.net. 83564 IN NS g-ns-492.awsdns-43.net.
awsdns-43.net. 83564 IN NS g-ns-813.awsdns-43.net.
awsdns-43.net. 83564 IN NS g-ns-1387.awsdns-43.net.
awsdns-43.net. 83564 IN NS g-ns-1963.awsdns-43.net.
;rrset 76526 1 0 1 0
ns.txx.plusline.de. 76526 IN AAAA 2a02:788:102:100:d::1
;rrset 75574 1 0 1 0
c0.org.afilias-nst.info. 75574 IN AAAA 2001:500:b::1
;rrset 76296 3 0 2 0
kjsl.com. 76296 IN NS puck.nether.net.
kjsl.com. 76296 IN NS ns2.afraid.org.
kjsl.com. 76296 IN NS ns-global.kjsl.com.
;rrset 76521 1 0 1 0
g-ns-790.awsdns-20.net. 76521 IN AAAA 2600:9000:5303:1600::1
;rrset 76524 1 0 1 0
g-ns-1952.awsdns-32.net. 76524 IN A 205.251.199.160
;rrset 764 4 0 2 0
awsdns-05.org. 764 IN NS g-ns-133.awsdns-05.org.
awsdns-05.org. 764 IN NS g-ns-1605.awsdns-05.org.
awsdns-05.org. 764 IN NS g-ns-1032.awsdns-05.org.
awsdns-05.org. 764 IN NS g-ns-711.awsdns-05.org.
;rrset 83564 1 0 1 0
g-ns-1785.awsdns-57.com. 83564 IN AAAA 2600:9000:5306:f900::1
;rrset 83383 2 0 2 0
dns4.de. 83383 IN NS anycast.regdns1.de.
dns4.de. 83383 IN NS anycast.regdns2.net.
;rrset 76669 2 0 2 0
intnet.ne. 76669 IN NS ns.intnet.ne.
intnet.ne. 76669 IN NS bow.rain.fr.
;rrset 77066 1 0 1 0
dns4.p01.nsone.net. 77066 IN AAAA 2a00:edc0:6259:7:1::4
;rrset 76249 3 1 8 0
red.foundationdns.com. 76249 IN A 162.159.60.3
red.foundationdns.com. 76249 IN A 108.162.198.3
red.foundationdns.com. 76249 IN A 172.64.40.3
red.foundationdns.com. 76249 IN RRSIG A 13 3 86353 20260130102510 20260128082510 34505 foundationdns.com. b+D1en5FyrCrWyYi/gVOxTjaogUh73sZOApGXQJ1hatHkUxPp28SKl8Z8/nr0zDJXz59veJ2EiCgCjY3fwEGow== ;{id = 34505}
;rrset 83530 1 0 1 0
g-ns-583.awsdns-07.com. 83530 IN A 205.251.194.71
;rrset 76668 1 0 8 0
dns2.equant.net. 76668 IN A 57.73.127.194
;rrset 988 1 0 8 0
n4g.akamaiedge.net. 988 IN A 2.16.240.138
;rrset 78361 1 0 1 0
g-ns-1496.awsdns-21.co.uk. 78361 IN AAAA 2600:9000:5305:d800::1
;rrset 76034 1 0 8 0
secondary004.dtag.net. 76034 IN AAAA 2a00:fa8:3:0:100:0:4:1
;rrset 32881 1 1 8 0
nic.cl. 32881 IN A 200.7.7.3
nic.cl. 32881 IN RRSIG A 13 2 43200 20260206045157 20260123000612 10973 nic.cl. zVj948RerBlniylO45jkUYbYGMHk0M0rJgtmD98WvP/XwVFEBCajAZGSpP+om3xkRlg3+MIxRerIG3LhpoE96w== ;{id = 10973}
;rrset 75197 4 0 2 0
0.3.0.0.2.ip6.arpa. 75197 IN NS pns.dtag.de.
0.3.0.0.2.ip6.arpa. 75197 IN NS dns02.dns.t-ipnet.de.
0.3.0.0.2.ip6.arpa. 75197 IN NS dns50.dns.t-ipnet.de.
0.3.0.0.2.ip6.arpa. 75197 IN NS secondary007.dtag.net.
;rrset 4183 1 1 2 0
u93tac7toafd4evqos8o07gj2a15v87j.de. 4183 IN NSEC3 1 1 15 CA12B74ADB90591A u93tqi4cp7886rgvceds2vbdrmqug6su ;{flags: optout}
u93tac7toafd4evqos8o07gj2a15v87j.de. 4183 IN RRSIG NSEC3 8 2 7200 20260208072125 20260125055125 14058 de. o7g7XGS7HT1u2V57kTIXofvnjh8vtgEVO5DVJgv5GS7GpvGcMtcir+y7HQwo2H0E2HFPe4I8dhtHN7V0rCq4fQ/8Vb/iu4GKX0q1B+lZ8TtOZMuExqLGrns06+8yaev5EU1hShogVpBAvNwNo6GNMyKER7MjEI0AR1MC02aM2mM= ;{id = 14058}
;rrset 77957 1 0 1 0
g-ns-193.awsdns-63.net. 77957 IN AAAA 2600:9000:5300:c100::1
;rrset 76522 1 0 1 0
g-ns-596.awsdns-20.com. 76522 IN A 205.251.194.84
;rrset 76526 1 0 1 0
c.gtld.biz. 76526 IN A 156.154.127.65
;rrset 76620 3 1 8 0
elinore.ns.cloudflare.com. 76620 IN AAAA 2803:f800:50::6ca2:c099
elinore.ns.cloudflare.com. 76620 IN AAAA 2606:4700:50::adf5:3a99
elinore.ns.cloudflare.com. 76620 IN AAAA 2a06:98c1:50::ac40:2099
elinore.ns.cloudflare.com. 76620 IN RRSIG AAAA 13 4 86353 20260130103121 20260128083121 34505 cloudflare.com. YIon8/Cig9b6eR0LygawW/wdzWJT2WrbXH/pJEwdl33CqQWntms86ZrT6Mi//o+ACBdch/Va0pmOz7/66NcnRA== ;{id = 34505}
;rrset 76552 1 0 1 0
g-ns-628.awsdns-52.com. 76552 IN A 205.251.194.116
;rrset 76551 1 0 1 0
g-ns-456.awsdns-07.net. 76551 IN A 205.251.193.200
;rrset 83564 1 0 1 0
g-ns-806.awsdns-36.net. 83564 IN A 205.251.195.38
;rrset 75197 1 0 8 0
secondary007.dtag.net. 75197 IN A 195.244.245.24
;rrset 76526 1 0 1 0
g-ns-1762.awsdns-34.com. 76526 IN AAAA 2600:9000:5306:e200::1
;rrset 76668 1 0 1 0
g-ns-360.awsdns-40.co.uk. 76668 IN AAAA 2600:9000:5301:6800::1
;rrset 7852 1 1 2 0
MKHSQOUL633CP4FDS52HGPRRT3M61A3L.co.uk. 7852 IN NSEC3 1 1 0 - mkie19098mmi9s65egahoq3skfi4dlue NS DS RRSIG ;{flags: optout}
MKHSQOUL633CP4FDS52HGPRRT3M61A3L.co.uk. 7852 IN RRSIG NSEC3 8 3 10800 20260304235137 20260128225207 44346 co.uk. jUMD+nrJB7JAVHsvMdPZB50ySkT1IaXpZLA8ZobzMrulAjIQXbgAq+hd/tRYrnLGX7FxqApWQg5jRikE21LnL0z03oDwd54gS2b//+X7Ygu4+Mng2vsiFDOXPDbxXlTyn3wlBCO5GU5PTlB+63UGlTW0ntjn9gyIqAYVXO7646zhBUX+ZaIA4o1qASlPQ2ZOhAmDigZ+eAe3bOHP3gQ3HWNR7NtlE/2hqyDJVSLAQ+GP4L1273fg/Pvsj4GBd93K2RFvtAf4lNviJMqayNQ1tVZ825wCFVANh0PM2MaGRcogOtjpSOLrbyvyTjwMIA6YMZ/kKnk5Nh2tuHdS3ohOjg== ;{id = 44346}
;rrset 76521 1 0 1 0
g-ns-1489.awsdns-14.co.uk. 76521 IN AAAA 2600:9000:5305:d100::1
;rrset 76526 1 0 8 0
ns-1701.awsdns-20.co.uk. 76526 IN AAAA 2600:9000:5306:a500::1
;rrset 83564 1 0 1 0
g-ns-1350.awsdns-06.net. 83564 IN AAAA 2600:9000:5305:4600::1
;rrset 82207 1 0 8 0
ns-1402.awsdns-47.org. 82207 IN A 205.251.197.122
;rrset 76658 1 0 8 0
ns-1178.awsdns-19.org. 76658 IN AAAA 2600:9000:5304:9a00::1
;rrset 76522 1 0 1 0
g-ns-907.awsdns-11.co.uk. 76522 IN A 205.251.195.139
;rrset 76082 1 1 2 0
afrinic.net. 76082 IN DS 29929 8 2 CD4E37DBA33326CED80384F8C939D49049EC5B6E56BC2444ED6226CB66E0A72D
afrinic.net. 76082 IN RRSIG DS 13 2 86400 20260204032716 20260128021716 44109 net. woW3MoMUyXI5RfN4pSt2kCAfQ1TXeTMh3oaSr5Y/8a0w3irYxsdQ8YuvDMdeSILT5R3WtgqvkskIi6n1G78LSA== ;{id = 44109}
;rrset 76524 1 0 1 0
ns2.cloudflare-dns.com. 76524 IN A 162.159.1.33
;rrset 76523 1 0 1 0
g-ns-1775.awsdns-47.com. 76523 IN A 205.251.198.239
;rrset 75197 1 0 1 0
dns20.dns.t-ipnet.de. 75197 IN A 212.185.24.129
;rrset 77957 1 0 8 0
ns-1441.awsdns-52.org. 77957 IN AAAA 2600:9000:5305:a100::1
;rrset 76034 1 0 1 0
a6-67.akam.net. 76034 IN A 23.211.133.67
;rrset 140 1 1 7 0
DHR8NL5DOH6OB2SFO1BST9HKQ1FUG5HS.nausch.org. 140 IN NSEC3 1 0 0 - djbh46devj9uplq5tvdss9iibh2k3unv A AAAA RRSIG
DHR8NL5DOH6OB2SFO1BST9HKQ1FUG5HS.nausch.org. 140 IN RRSIG NSEC3 13 3 3600 20260211154546 20260128191743 8020 nausch.org. rX1SS3p8DtOKjcoeSqovEC99lngEz7JUIknV68hwFquSwQgcBoHtYKh20s9cBUtjPGVLjNXWW+FNkvpT2KHaAQ== ;{id = 8020}
;rrset 76553 1 0 1 0
g-ns-591.awsdns-15.com. 76553 IN A 205.251.194.79
;rrset 76526 1 0 1 0
a7-64.akam.net. 76526 IN AAAA 2600:1406:32::40
;rrset 76526 4 0 2 0
awsdns-05.net. 76526 IN NS g-ns-454.awsdns-05.net.
awsdns-05.net. 76526 IN NS g-ns-775.awsdns-05.net.
awsdns-05.net. 76526 IN NS g-ns-1349.awsdns-05.net.
awsdns-05.net. 76526 IN NS g-ns-1925.awsdns-05.net.
;rrset 76523 1 0 8 0
ns-cloud-b4.googledomains.com. 76523 IN AAAA 2001:4860:4802:38::6b
;rrset 76668 1 0 1 0
e.nic.ch. 76668 IN AAAA 2001:678:3::1
;rrset 77048 1 0 1 0
g-ns-1944.awsdns-24.net. 77048 IN A 205.251.199.152
;rrset 76552 1 0 1 0
g-ns-903.awsdns-07.co.uk. 76552 IN AAAA 2600:9000:5303:8700::1
;rrset 76040 1 0 8 0
a1-214.akam.net. 76040 IN A 193.108.91.214
;rrset 76296 1 0 1 0
a2.nic.me. 76296 IN A 199.249.119.1
;rrset 76522 1 0 1 0
g-ns-1807.awsdns-11.co.uk. 76522 IN AAAA 2600:9000:5307:f00::1
;rrset 83564 1 0 1 0
g-ns-616.awsdns-40.com. 83564 IN AAAA 2600:9000:5302:6800::1
;rrset 76296 2 0 2 0
name.com. 76296 IN NS woz.ns.cloudflare.com.
name.com. 76296 IN NS margaret.ns.cloudflare.com.
;rrset 75197 1 0 1 0
f.gtld-servers.net. 75197 IN AAAA 2001:503:d414::30
;rrset 76552 1 0 8 0
ns-418.awsdns-52.com. 76552 IN A 205.251.193.162
;rrset 76526 8 0 2 0
akamaiedge.net. 76526 IN NS la1.akamaiedge.net.
akamaiedge.net. 76526 IN NS la3.akamaiedge.net.
akamaiedge.net. 76526 IN NS lar2.akamaiedge.net.
akamaiedge.net. 76526 IN NS ns3-194.akamaiedge.net.
akamaiedge.net. 76526 IN NS a12-192.akamaiedge.net.
akamaiedge.net. 76526 IN NS a28-192.akamaiedge.net.
akamaiedge.net. 76526 IN NS a6-192.akamaiedge.net.
akamaiedge.net. 76526 IN NS a1-192.akamaiedge.net.
;rrset 76081 1 0 1 0
cl-ns.anycast.pch.net. 76081 IN AAAA 2001:500:14:6030:ad::1
;rrset 76081 1 0 1 0
ns2.arin.net. 76081 IN A 199.71.0.108
;rrset 76551 1 0 1 0
g-ns-1927.awsdns-07.net. 76551 IN AAAA 2600:9000:5307:8700::1
;rrset 78265 1 0 1 0
g-ns-622.awsdns-46.com. 78265 IN AAAA 2600:9000:5302:6e00::1
;rrset 76296 1 1 2 0
me. 76296 IN DS 45352 8 2 7708C8A6D5D72B63214BBFF50CB54553F7E07A1FA5E9074BD8D63C43102D8559
me. 76296 IN RRSIG DS 8 1 86400 20260211050000 20260129040000 21831 . IlDRm/NGGK7M52DSK+tEJJJYqO7ud1cc4xLUTiET/325fkF/9jbRly+2W/YiouzGnuCIHCEV5lGnJyHd9wb7RRXhN/Dp45HS+cuvrIp9Zn6uld9SewGel42nmuLoQCA+Ti1XUSp2gj2KXk/x9jjgZDMTyjbGtyL1uuku7CKrH8ZoUy0JmaoCiDQzb9Bt6gOTDZ+3eaWYlA6GeJpt0qTNhfhp1qKIJ37N1kwEdlpIdkuk6Tfx26Jwh/usXsv/pRldRET8shsCchP3NCl7tq64Kb8xGp1LOsR/u6Ilsv1ZpvmFzjVVafHfN1igViMbLcXHmsBhOJySJ6GpnQ0GXCdCoQ== ;{id = 21831}
;rrset 83452 4 0 2 0
space. 83452 IN NS b.nic.space.
space. 83452 IN NS a.nic.space.
space. 83452 IN NS f.nic.space.
space. 83452 IN NS e.nic.space.
;rrset 76553 1 0 1 0
g-ns-449.awsdns-00.net. 76553 IN A 205.251.193.193
;rrset 76477 3 1 8 0
katelyn.ns.cloudflare.com. 76477 IN A 108.162.194.235
katelyn.ns.cloudflare.com. 76477 IN A 172.64.34.235
katelyn.ns.cloudflare.com. 76477 IN A 162.159.38.235
katelyn.ns.cloudflare.com. 76477 IN RRSIG A 13 4 86353 20260130102858 20260128082858 34505 cloudflare.com. 4TvDhIFzULvtgzPSM8YgTsUAhqo96Er4HllUAjntbTn7VDcphej6WKwnZ4Eg3CJ3A5LIRTUT/6C+U0UNOh6bpg== ;{id = 34505}
;rrset 76523 1 0 8 0
ns-cloud-a4.googledomains.com. 76523 IN A 216.239.38.106
;rrset 140 1 1 7 0
nausch.org. 140 IN SOA ns1.nausch.org. hostmaster.nausch.org. 2026011290 28800 7200 1209600 3600
nausch.org. 140 IN RRSIG SOA 13 2 3600 20260212075344 20260129065344 8020 nausch.org. sIaQBD4vs9loJAeIlFv2YG0qfFqs0jY3VR2gt1T10EqNJlHapvRuaZRW/A9v/BFCjQGnaz7nnWSsIhOHWpyA9w== ;{id = 8020}
;rrset 78579 1 0 1 0
g-ns-489.awsdns-40.net. 78579 IN AAAA 2600:9000:5301:e900::1
;rrset 78579 1 0 1 0
g-ns-46.awsdns-45.com. 78579 IN A 205.251.192.46
;rrset 76526 1 0 8 0
la1.akamaiedge.net. 76526 IN A 184.26.161.192
;rrset 76526 1 0 1 0
b0.nic.io. 76526 IN AAAA 2a01:8840:9f::17
;rrset 76552 1 0 1 0
g-ns-1803.awsdns-07.co.uk. 76552 IN AAAA 2600:9000:5307:b00::1
;rrset 76523 1 0 1 0
g-ns-814.awsdns-44.net. 76523 IN AAAA 2600:9000:5303:2e00::1
;rrset 75197 1 0 1 0
j.gtld-servers.net. 75197 IN AAAA 2001:502:7094::30
;rrset 75197 1 0 1 0
f.gtld-servers.net. 75197 IN A 192.35.51.30
;rrset 76526 1 0 1 0
g-ns-340.awsdns-20.co.uk. 76526 IN A 205.251.193.84
;rrset 77957 1 0 8 0
ns-132.awsdns-16.com. 77957 IN A 205.251.192.132
;rrset 76523 1 0 8 0
ns-cloud-d3.googledomains.com. 76523 IN A 216.239.36.109
;rrset 76521 1 0 1 0
dns4.nic.uk. 76521 IN AAAA 2401:fd80:404::1
;rrset 83388 1 0 1 0
g-ns-25.awsdns-24.com. 83388 IN AAAA 2600:9000:5300:1900::1
;rrset 83452 1 0 1 0
g-ns-465.awsdns-16.net. 83452 IN AAAA 2600:9000:5301:d100::1
;rrset 76552 1 0 1 0
g-ns-618.awsdns-42.com. 76552 IN A 205.251.194.106
;rrset 1448 1 1 2 0
8vhaj002i7civur8rakjm3dncq8plonv.co.uk. 1448 IN NSEC3 1 1 0 - 8vhg23gcmo41qicg86ri3si1mtodpr0j NS DS RRSIG ;{flags: optout}
8vhaj002i7civur8rakjm3dncq8plonv.co.uk. 1448 IN RRSIG NSEC3 8 3 10800 20260304223717 20260128215558 44346 co.uk. gDdulSRzvfnMfgVpZzO8gxfxcOhIgufYURJ9s63yrskQXDDU5lMg5/MApCFHVB6G9bTLcm8vgUSRwOY3NfZzPnuFt0JSLSXn63aTRewExkRPctZLUbZtUsVh6IM4F6HLP2pXLWq+AnI9jWJLyQytQ4U6eat3olc6x53ROcDE7WXMvKbBKrq+r9oGhRVSt/BW4dcpjeat1bYfdkwGfxlJgQU5Xr7JF6CpCcx/iVojKDIYpA2VcKAqzi2B/mX9oO7MaSxnyR0ufDhtl7M7dP4xYDuA86bBY9NKrAuHsQk7zRreLHPflkja55Etlpn8oFwoRaroisXMDqC3YxpQ7qvCZw== ;{id = 44346}
;rrset 1068 1 1 2 0
0ILNHDQ85OE90E97FPSQIT82B84MMU4K.co.uk. 1068 IN NSEC3 1 1 0 - 0ilunlk8rmnll89fi4bj2l091tlrm75n NS DS RRSIG ;{flags: optout}
0ILNHDQ85OE90E97FPSQIT82B84MMU4K.co.uk. 1068 IN RRSIG NSEC3 8 3 10800 20260305032253 20260129022511 44346 co.uk. TiuMpeijk2ovlv5wLuDU1FWAD68duQmf2JF6CEyzOr39tksp7+IBzAhDfDXH/eZ/EAeJiUbf0Luz6eSGxOU8W8fijNf65zEZSUDcZmoLArA4w3RV9FcPSjSzl/p3LA1B9Fsb+LE0FTQn18Hsr5pgm0qe/0DWJPMeC+tHfN/DsrHJCSWswJDjSq6xGVbtDLGjCdTdyr2HQj0J5fWwd70HvLOePTwIgV0QFPmnLbkjn8Gew2SOrplF7WpGlkgYjKDS4j/zPWgUJm8mkqui790RNlt6Ne6tIKkq1hVx3Ekp/xXT4PpfATiHsjqSHMDFzX4EJ9d/1mAkcJQ0r6nCwYFHyA== ;{id = 44346}
;rrset 83564 1 0 8 0
ns-321.awsdns-40.com. 83564 IN AAAA 2600:9000:5301:4100::1
;rrset 584 1 0 8 0
ns1.3qsdn.net. 584 IN AAAA 2a14:30c1:11::1
;rrset 76596 1 0 1 0
g-ns-1208.awsdns-56.com. 76596 IN A 205.251.196.184
;rrset 78265 1 1 8 0
dns2.p02.nsone.net. 78265 IN A 198.51.45.2
dns2.p02.nsone.net. 78265 IN RRSIG A 13 4 86400 20260130105759 20260129085759 12196 nsone.net. /dFy5NYjgz2TRAsuhu6/KD1n8rf8X9mPBGNBcqtNF8epBFjMlItJi+Ya5ok3wIkVRPIscpkL96P6vaM57ETw6g== ;{id = 12196}
;rrset 83564 4 0 2 0
awsdns-49.com. 83564 IN NS g-ns-50.awsdns-49.com.
awsdns-49.com. 83564 IN NS g-ns-625.awsdns-49.com.
awsdns-49.com. 83564 IN NS g-ns-1201.awsdns-49.com.
awsdns-49.com. 83564 IN NS g-ns-1777.awsdns-49.com.
;rrset 78526 1 0 1 0
g-ns-1847.awsdns-51.co.uk. 78526 IN A 205.251.199.55
;rrset 921 1 1 2 0
kjlt93lvuggjb16qcokdqc6stttl4e76.co.uk. 921 IN NSEC3 1 1 0 - kjm35sr2m1o28gjag446ckbgea6jpsa2 NS DS RRSIG ;{flags: optout}
kjlt93lvuggjb16qcokdqc6stttl4e76.co.uk. 921 IN RRSIG NSEC3 8 3 10800 20260304102340 20260128101828 44346 co.uk. fYbhm1juMJnHLJ/JVP+Lc+iW4+zz2YdmBL+FkvMEU5nbDTZ2H4lJ9m2k5Jc1gYm6wJJskcsJdvpO/0sSF11/apjTR5AAiheBGVw/TrMUmJ7qtgf4dyHR9e2fa9AoiXoVn1W8Gy80qXEH1BNuwYZz6rVsqrhBfIFpWliHwh4VHCSL6b+TTl23X/Mrh0wbdV+31NVkm0y3sjqqJx84tNjO73C9S+oxDY11EZ5c9ZdHyVSIbfdwPwkbzo7+4jT6IzmxKxBGc/CWvsZReNE0TBLKOJy+CDxb1y3sVw1LwHLY+7ubWwrYPVO/tM1kDSMZ3bDXpyLzNx39bJ05SUx1Vxlmow== ;{id = 44346}
;rrset 76526 1 0 1 0
a10-66.akam.net. 76526 IN A 96.7.50.66
;rrset 83530 1 0 1 0
g-ns-583.awsdns-07.com. 83530 IN AAAA 2600:9000:5302:4700::1
;rrset 76668 1 0 1 0
g-ns-936.awsdns-40.co.uk. 76668 IN A 205.251.195.168
;rrset 76553 1 0 1 0
g-ns-494.awsdns-45.net. 76553 IN AAAA 2600:9000:5301:ee00::1
;rrset 764 1 0 1 0
g-ns-179.awsdns-51.org. 764 IN AAAA 2600:9000:5300:b300::1
;rrset 78264 1 0 8 0
ns-1283.awsdns-32.org. 78264 IN AAAA 2600:9000:5305:300::1
;rrset 78264 1 0 8 0
ns-520.awsdns-01.net. 78264 IN A 205.251.194.8
;rrset 76526 4 0 2 0
awsdns-34.com. 76526 IN NS g-ns-35.awsdns-34.com.
awsdns-34.com. 76526 IN NS g-ns-610.awsdns-34.com.
awsdns-34.com. 76526 IN NS g-ns-1186.awsdns-34.com.
awsdns-34.com. 76526 IN NS g-ns-1762.awsdns-34.com.
;rrset 76658 1 0 8 0
ns-1952.awsdns-52.co.uk. 76658 IN AAAA 2600:9000:5307:a000::1
;rrset 77048 1 0 1 0
g-ns-44.awsdns-43.com. 77048 IN AAAA 2600:9000:5300:2c00::1
;rrset 75574 1 0 1 0
d0.org.afilias-nst.org. 75574 IN AAAA 2001:500:f::1
;rrset 584 3 0 2 0
k5a.io. 584 IN NS oxygen.ns.hetzner.com.
k5a.io. 584 IN NS helium.ns.hetzner.de.
k5a.io. 584 IN NS hydrogen.ns.hetzner.com.
;rrset 76668 3 0 2 0
fr. 76668 IN NS d.nic.fr.
fr. 76668 IN NS f.ext.nic.fr.
fr. 76668 IN NS g.ext.nic.fr.
;rrset 76668 1 0 8 0
ns-1528.awsdns-63.org. 76668 IN A 205.251.197.248
;rrset 680 1 0 8 0
dns.dns3.de. 680 IN AAAA 2a00:11c0:e:766::2
;rrset 76552 1 0 8 0
ns-1805.awsdns-33.co.uk. 76552 IN A 205.251.199.13
;rrset 76552 1 0 8 0
ns-1444.awsdns-52.org. 76552 IN AAAA 2600:9000:5305:a400::1
;rrset 76526 1 0 1 0
a16-65.akam.net. 76526 IN AAAA 2600:1406:1b::41
;rrset 75197 13 1 8 0
. 75197 IN NS l.root-servers.net.
. 75197 IN NS j.root-servers.net.
. 75197 IN NS f.root-servers.net.
. 75197 IN NS h.root-servers.net.
. 75197 IN NS d.root-servers.net.
. 75197 IN NS b.root-servers.net.
. 75197 IN NS k.root-servers.net.
. 75197 IN NS i.root-servers.net.
. 75197 IN NS m.root-servers.net.
. 75197 IN NS e.root-servers.net.
. 75197 IN NS g.root-servers.net.
. 75197 IN NS c.root-servers.net.
. 75197 IN NS a.root-servers.net.
. 75197 IN RRSIG NS 8 0 518400 20260211050000 20260129040000 21831 . cLgkWEdzQt4atlbHcCAwUvAJzHgxu0p3dOdw4mwyYSMhtfRg5M2zWmOXfeiN+SgK5MJV/gGJcd2CNgbhP+BQhE8HuqLMsrWtYfm3iF7pHEWIZQVuRxvjY3fpQN8fkEIH7RVf46/ZVR/p2KEN5ks2BKUw3MPAgwn/m+BtZ66VpRpku8Qk72i9NrfXZcXUEyURnHXBHigtl7N5kVZV9TC5HjUG2I48dSXXgD8BQt1URZY+v/+LbnZryuVcDzxHZXBTChO5BdFRrKZ8+/k3Lnp5vb+l7+tcYB5nnJJqgNVeQgCPTGQUd0OE1E3/QnpWBy+7jcOnMTMHcEp5U6JwdeVKeQ== ;{id = 21831}
;rrset 78265 1 0 1 0
g-ns-937.awsdns-41.co.uk. 78265 IN A 205.251.195.169
;rrset 76523 1 0 8 0
ns-cloud-c2.googledomains.com. 76523 IN A 216.239.34.108
;rrset 76521 1 0 1 0
g-ns-1364.awsdns-20.net. 76521 IN A 205.251.197.84
;rrset 76522 4 0 2 0
awsdns-57.net. 76522 IN NS g-ns-506.awsdns-57.net.
awsdns-57.net. 76522 IN NS g-ns-827.awsdns-57.net.
awsdns-57.net. 76522 IN NS g-ns-1401.awsdns-57.net.
awsdns-57.net. 76522 IN NS g-ns-1977.awsdns-57.net.
;rrset 83383 1 1 8 0
ns.infonline.de. 83383 IN A 193.46.63.18
ns.infonline.de. 83383 IN RRSIG A 8 3 86400 20260212000000 20260122000000 12679 infonline.de. Ym2OcA/B+WAqHOWaF16O/qoez+YBD7V1j0vk3arQtF9JIBWpr/r0/stqrOY3CtR7+vnVSAe0l02wp6Yx+HvLkilLfNAezJL0jk+N5lDWXEbWk6Qu1cJafdjBXBZFvmM17xpwdsU0pZgVg3qtiHmzWK3jsUUj4GXq3NrsPQJ6CxY= ;{id = 12679}
;rrset 76526 1 0 1 0
g-ns-454.awsdns-05.net. 76526 IN AAAA 2600:9000:5301:c600::1
;rrset 83388 1 0 1 0
g-ns-931.awsdns-35.co.uk. 83388 IN AAAA 2600:9000:5303:a300::1
;rrset 140 1 1 7 0
BKAEUG26R59V4VAECPL32PJC7BK55ETC.nausch.org. 140 IN NSEC3 1 0 0 - c5sinc95j1hbio2sblpdkl70v0jjet4k A AAAA RRSIG
BKAEUG26R59V4VAECPL32PJC7BK55ETC.nausch.org. 140 IN RRSIG NSEC3 13 3 3600 20260211190847 20260128191743 8020 nausch.org. Cf2uhdWTR8qNtdbY6enUiRLbi0adQ0JUv6OjgVZr1hJc6u/1YVSX5eXYALe936ze4V+hKmPBYX5qhcZJOSom7Q== ;{id = 8020}
;rrset 83564 1 0 8 0
ns-1433.awsdns-51.org. 83564 IN A 205.251.197.153
;rrset 764 1 0 1 0
g-ns-165.awsdns-37.org. 764 IN A 205.251.192.165
;rrset 923 1 1 2 0
s6fclrk9nbb47oevge9691snv4ipi6ar.co.uk. 923 IN NSEC3 1 1 0 - s6fhpbqj27d2jaqps2sinitvoact18re NS DS RRSIG ;{flags: optout}
s6fclrk9nbb47oevge9691snv4ipi6ar.co.uk. 923 IN RRSIG NSEC3 8 3 10800 20260304210621 20260128204107 44346 co.uk. abrnRJ6I9VwMbwG9aUmlGy+rSGUpK4siTlL2B8QT8pLFh1/+egoaF4x8urt16QGY7QtyUck5OnamGOGYMZnU9+IEMTK3x6NVYqaBL5wt2RTwzt0D5dlIvPGg9lP3wsGfKXUy5RUglmgiwyt0F6Cwget357BPf+HV1AEPeI1l1lIMdg/deRBzcbYrRwg7Hb4PR5WLWAizWM8HI7tn+3tqMTpE75g6JgyKAp03HCP3dGJeNJzPgaQFszVLYNW22V3Wc38FwLYzlbQpj7DfwtV66ArllX+FXfSVGj5ESYwSgvyfa3YbC838xpgJGXGFgsQXJOA9AuoZNTMb0V/0EAmfuw== ;{id = 44346}
;rrset 4280 1 1 2 0
13rmj7ttibprdhquc1cfbuv710dl52cf.de. 4280 IN NSEC3 1 1 15 CA12B74ADB90591A 13ro39bdonn959tq991t9k794ngae0hc NS DS RRSIG ;{flags: optout}
13rmj7ttibprdhquc1cfbuv710dl52cf.de. 4280 IN RRSIG NSEC3 8 2 7200 20260208072125 20260125055125 14058 de. oGf3dOw+mrl0BalWNAkLDOmYRqAgkTrYvR+ROIv9sCJLQARvHbhXjr/akMFGpRlLXqkTT84uDLgWNPbkEZ0QFuRYYZUaNZrxWRB0A33z5BNcpkwepNlubhe5pW2OUdGQ31n2UyjM0Ag9IQYJOXf9uPRjoTFx98enF0kMjWEg1dY= ;{id = 14058}
;rrset 78579 1 0 8 0
ns-834.awsdns-40.net. 78579 IN AAAA 2600:9000:5303:4200::1
;rrset 76523 1 0 1 0
g-ns-1155.awsdns-03.com. 76523 IN A 205.251.196.131
;rrset 4183 1 1 2 0
81do77meklsia66eflv30upjitrpoeo3.de. 4183 IN NSEC3 1 1 15 CA12B74ADB90591A 81drddlml225826m3ik66ibq1chioled NS DS RRSIG ;{flags: optout}
81do77meklsia66eflv30upjitrpoeo3.de. 4183 IN RRSIG NSEC3 8 2 7200 20260208072125 20260125055125 14058 de. uirt0GEByXH1AyLpDpHC7wpsfAuHBD6Btk+dQam1ddq7JSRqwFZQtnupRbJv4KgO8SFJx/gqgQT65MrSasfWvF99etFGh1eiEjj/+nn2pWwibJwu0AKn5cpJ9w0TT7JDEUebiGXvdX825xUAYCnjEkUYjRaOFEYPN6VtSwv+2+E= ;{id = 14058}
;rrset 76521 1 0 8 0
ns-1471.awsdns-55.org. 76521 IN A 205.251.197.191
;rrset 75197 4 0 2 0
telekom.net. 75197 IN NS pns.dtag.de.
telekom.net. 75197 IN NS dns1.telekom.de.
telekom.net. 75197 IN NS dns2.telekom.de.
telekom.net. 75197 IN NS ns1.telekom.net.
;rrset 76524 1 0 8 0
ns-1507.awsdns-60.org. 76524 IN A 205.251.197.227
;rrset 83564 1 0 1 0
g-ns-1201.awsdns-49.com. 83564 IN AAAA 2600:9000:5304:b100::1
;rrset 78265 1 1 8 0
dns1.p02.nsone.net. 78265 IN A 198.51.44.2
dns1.p02.nsone.net. 78265 IN RRSIG A 13 4 86400 20260130105759 20260129085759 12196 nsone.net. zNcxrtMoejA3uaKWNsrj+adCfl0lJU5FGK/GjoU/AF9IVieSeMIFmAAaDvkOCNAato9bofnI6cCHPtP9n3AWOQ== ;{id = 12196}
;rrset 43455 4 0 2 0
eu-central-1.amazonaws.com. 43455 IN NS ns-1433.awsdns-51.org.
eu-central-1.amazonaws.com. 43455 IN NS ns-1630.awsdns-11.co.uk.
eu-central-1.amazonaws.com. 43455 IN NS ns-398.awsdns-49.com.
eu-central-1.amazonaws.com. 43455 IN NS ns-862.awsdns-43.net.
;rrset 77048 1 0 8 0
ns-351.awsdns-43.com. 77048 IN A 205.251.193.95
;rrset 78265 1 0 1 0
g-ns-47.awsdns-46.com. 78265 IN AAAA 2600:9000:5300:2f00::1
;rrset 76553 1 0 1 0
g-ns-449.awsdns-00.net. 76553 IN AAAA 2600:9000:5301:c100::1
;rrset 76596 1 0 8 0
ns-1691.awsdns-19.co.uk. 76596 IN AAAA 2600:9000:5306:9b00::1
;rrset 83452 1 0 8 0
ns-643.awsdns-16.net. 83452 IN A 205.251.194.131
;rrset 76526 2 0 2 0
plusline.net. 76526 IN NS ns.s.plusline.de.
plusline.net. 76526 IN NS ns.plusline.de.
;rrset 76526 1 0 1 0
g-ns2.amzndns.co.uk. 76526 IN AAAA 2600:9000:5300:7e00::1
;rrset 76526 1 0 1 0
g-ns-463.awsdns-14.net. 76526 IN AAAA 2600:9000:5301:cf00::1
;rrset 76551 1 0 1 0
g-ns-456.awsdns-07.net. 76551 IN AAAA 2600:9000:5301:c800::1
;rrset 75197 1 0 1 0
h.gtld-servers.net. 75197 IN A 192.54.112.30
;rrset 76082 1 0 1 0
afrinic.authdns.ripe.net. 76082 IN AAAA 2a13:27c0:30::8
;rrset 988 1 0 1 0
n1g.akamaiedge.net. 988 IN A 104.126.37.37
;rrset 76552 1 0 8 0
ns-1108.awsdns-10.org. 76552 IN A 205.251.196.84
;rrset 75197 1 0 1 0
dns00.dns.t-ipnet.de. 75197 IN A 194.25.2.170
;rrset 76668 1 0 1 0
ne.cctld.authdns.ripe.net. 76668 IN AAAA 2001:67c:e0::101
;rrset 76526 4 0 2 0
amzndns.com. 76526 IN NS g-ns1.amzndns.com.
amzndns.com. 76526 IN NS g-ns2.amzndns.com.
amzndns.com. 76526 IN NS g-ns3.amzndns.com.
amzndns.com. 76526 IN NS g-ns4.amzndns.com.
;rrset 75574 6 0 2 0
org. 75574 IN NS a0.org.afilias-nst.info.
org. 75574 IN NS b2.org.afilias-nst.org.
org. 75574 IN NS b0.org.afilias-nst.org.
org. 75574 IN NS a2.org.afilias-nst.info.
org. 75574 IN NS c0.org.afilias-nst.info.
org. 75574 IN NS d0.org.afilias-nst.org.
;rrset 83480 2 0 2 0
dns3.de. 83480 IN NS anycast.regdns1.de.
dns3.de. 83480 IN NS anycast.regdns2.net.
;rrset 76296 3 0 1 0
margaret.ns.cloudflare.com. 76296 IN A 108.162.194.107
margaret.ns.cloudflare.com. 76296 IN A 162.159.38.107
margaret.ns.cloudflare.com. 76296 IN A 172.64.34.107
;rrset 76081 1 0 1 0
a.dns.br. 76081 IN A 200.219.148.10
;rrset 76295 1 1 8 0
ns1.leaseweb.com. 76295 IN AAAA 2607:f5b5:1::53
ns1.leaseweb.com. 76295 IN RRSIG AAAA 13 3 86400 20260212000000 20260122000000 34591 leaseweb.com. 6btM0HyszWkSFgETDgOts5gRv66QGLUV9Ypqll0OjHjuqwdjsE7TSX0CKMOXdLCKxxfsN/tmFRvmG9YoWk8bsQ== ;{id = 34591}
;rrset 76552 1 0 8 0
ns-666.awsdns-19.net. 76552 IN A 205.251.194.154
;rrset 76597 1 0 1 0
g-ns-803.awsdns-33.net. 76597 IN A 205.251.195.35
;rrset 75197 1 0 1 0
s.de.net. 75197 IN AAAA 2003:8:14::53
;rrset 76523 1 0 8 0
ns-377.awsdns-47.com. 76523 IN AAAA 2600:9000:5301:7900::1
;rrset 75574 1 0 1 0
c0.org.afilias-nst.info. 75574 IN A 199.19.53.1
;rrset 75197 1 0 1 0
a.ip6-servers.arpa. 75197 IN A 199.180.182.53
;rrset 76552 1 0 1 0
g-ns-1204.awsdns-52.com. 76552 IN AAAA 2600:9000:5304:b400::1
;rrset 76524 1 0 8 0
ns-772.awsdns-32.net. 76524 IN AAAA 2600:9000:5303:400::1
;rrset 78264 1 0 1 0
g-ns-450.awsdns-01.net. 78264 IN A 205.251.193.194
;rrset 76526 1 0 1 0
g-ns-819.awsdns-49.net. 76526 IN A 205.251.195.51
;rrset 78579 1 0 1 0
g-ns-489.awsdns-40.net. 78579 IN A 205.251.193.233
;rrset 83564 1 0 1 0
g-ns-926.awsdns-30.co.uk. 83564 IN A 205.251.195.158
;rrset 76526 1 0 8 0
ns-557.awsdns-05.net. 76526 IN AAAA 2600:9000:5302:2d00::1
;rrset 75197 1 0 3 0
j.root-servers.net. 75197 IN A 192.58.128.30
;rrset 83452 2 1 2 0
space. 83452 IN DS 33010 8 2 53E37640A028FA26A4ED6306AA07C506BF037FC414AF9CAF0E41ADFFF87CCB72
space. 83452 IN DS 63881 8 2 85EE1264739A00FB6139712C3D7227721D99654226B0140F14A3E3D1A63B315F
space. 83452 IN RRSIG DS 8 1 86400 20260211050000 20260129040000 21831 . EXYA79/4+HPnxHbTSnzVeFWBzbYgdf5hsQfLOPDoQj6lNFrP7KGjl4LE2EPHkmyTglM0QK9/tsV4Wq8I8MVh8rKbjqs3WlhjkP7i663ntdvDXSvP6XmAMEHZ7C5kpbzlFIHuYZgn6TjWoevzIor2uCDYYzIWiDVTn4mdFYQRo8eoSZnR/0iF/huttBQGquOuy57l5vXW7hICcfQFin5BkuH5UIpMkPyu2L+r8ocqAPYdL5hvGcwDZvxuhsS9F8AtjdsDH5szHn5a3n3nbG7BpyCzh1iUACoNe04XUpeuamxq1LwcEmY+1mMiun33hS6/MX0uQ1KAGO2B7D5hvC/UXg== ;{id = 21831}
;rrset 76523 1 0 8 0
ns-cloud-e4.googledomains.com. 76523 IN A 216.239.38.110
;rrset 77957 1 0 1 0
g-ns-1407.awsdns-63.net. 77957 IN AAAA 2600:9000:5305:7f00::1
;rrset 76551 1 0 1 0
g-ns-1757.awsdns-29.com. 76551 IN AAAA 2600:9000:5306:dd00::1
;rrset 76526 1 0 1 0
d0.info.afilias-nst.org. 76526 IN A 199.254.50.1
;rrset 76523 1 0 1 0
g-ns-4.awsdns-03.com. 76523 IN A 205.251.192.4
;rrset 76526 1 0 1 0
c0.nic.io. 76526 IN AAAA 2a01:8840:a0::17
;rrset 75197 1 0 3 0
e.root-servers.net. 75197 IN AAAA 2001:500:a8::e
;rrset 76551 1 0 1 0
g-ns-605.awsdns-29.com. 76551 IN AAAA 2600:9000:5302:5d00::1
;rrset 76526 8 0 2 0
edgekey.net. 76526 IN NS a6-65.akam.net.
edgekey.net. 76526 IN NS a12-65.akam.net.
edgekey.net. 76526 IN NS a7-64.akam.net.
edgekey.net. 76526 IN NS a16-65.akam.net.
edgekey.net. 76526 IN NS a18-65.akam.net.
edgekey.net. 76526 IN NS a1-66.akam.net.
edgekey.net. 76526 IN NS a28-65.akam.net.
edgekey.net. 76526 IN NS a10-66.akam.net.
;rrset 83452 1 0 1 0
g-ns-1360.awsdns-16.net. 83452 IN A 205.251.197.80
;rrset 76526 1 0 1 0
g-ns-775.awsdns-05.net. 76526 IN A 205.251.195.7
;rrset 3620 1 0 8 0
oxygen.ns.hetzner.com. 3620 IN A 88.198.229.192
;rrset 78265 1 0 1 0
g-ns-1503.awsdns-28.co.uk. 78265 IN AAAA 2600:9000:5305:df00::1
;rrset 76526 1 0 1 0
a18-65.akam.net. 76526 IN AAAA 2600:1480:4800::41
;rrset 76553 1 0 8 0
ns-120.awsdns-15.com. 76553 IN AAAA 2600:9000:5300:7800::1
;rrset 76668 1 0 8 0
ns-1859.awsdns-40.co.uk. 76668 IN A 205.251.199.67
;rrset 76553 1 0 1 0
g-ns-1179.awsdns-27.com. 76553 IN A 205.251.196.155
;rrset 83564 1 0 1 0
g-ns-350.awsdns-30.co.uk. 83564 IN AAAA 2600:9000:5301:5e00::1
;rrset 764 1 0 1 0
g-ns-1078.awsdns-51.org. 764 IN A 205.251.196.54
;rrset 76521 1 0 1 0
g-ns-33.awsdns-32.com. 76521 IN AAAA 2600:9000:5300:2100::1
;rrset 76524 2 0 1 0
ns3.cloudflare.com. 76524 IN A 162.159.0.33
ns3.cloudflare.com. 76524 IN A 162.159.7.226
;rrset 83564 1 0 1 0
g-ns-813.awsdns-43.net. 83564 IN AAAA 2600:9000:5303:2d00::1
;rrset 76523 1 0 8 0
ns-cloud-c4.googledomains.com. 76523 IN A 216.239.38.108
;rrset 78264 1 0 1 0
g-ns-771.awsdns-01.net. 78264 IN AAAA 2600:9000:5303:300::1
;rrset 76296 4 0 2 0
ns37.net. 76296 IN NS ns1mpz.name.com.
ns37.net. 76296 IN NS ns2bkr.name.com.
ns37.net. 76296 IN NS ns3sxz.name.com.
ns37.net. 76296 IN NS ns4lny.name.com.
;rrset 76523 1 0 8 0
ns-cloud-e4.googledomains.com. 76523 IN AAAA 2001:4860:4802:38::6e
;rrset 76553 1 0 1 0
g-ns-770.awsdns-00.net. 76553 IN A 205.251.195.2
;rrset 78265 1 1 8 0
dns3.p02.nsone.net. 78265 IN A 198.51.44.66
dns3.p02.nsone.net. 78265 IN RRSIG A 13 4 86400 20260130105759 20260129085759 12196 nsone.net. p0u0HCv6hP5d2OgeWic7Sp7x1DsP1ZG8grjW4Bw+whRxYBO/2mYF1TUo9ZPpngB0HJcij1JzuxlOmh+F8qVYow== ;{id = 12196}
;rrset 76669 2 0 2 0
cscdns.net. 76669 IN NS udns1.cscudns.com.
cscdns.net. 76669 IN NS udns2.cscudns.org.
;rrset 76523 1 0 1 0
g-ns-598.awsdns-22.com. 76523 IN A 205.251.194.86
;rrset 76526 1 0 1 0
a.gtld.biz. 76526 IN AAAA 2001:502:ad09::30
;rrset 76526 1 0 8 0
a12-192.akamaiedge.net. 76526 IN A 184.26.160.192
;rrset 652 1 0 1 0
g-ns-1033.awsdns-06.org. 652 IN A 205.251.196.9
;rrset 75197 1 0 3 0
l.root-servers.net. 75197 IN A 199.7.83.42
;rrset 75197 2 0 2 0
dtag.de. 75197 IN NS ns1.telekom.net.
dtag.de. 75197 IN NS pns.dtag.de.
;rrset 76524 3 0 2 0
cloudflare-dns.com. 76524 IN NS ns1.cloudflare-dns.com.
cloudflare-dns.com. 76524 IN NS ns2.cloudflare-dns.com.
cloudflare-dns.com. 76524 IN NS ns3.cloudflare-dns.com.
;rrset 76553 1 0 1 0
g-ns-1920.awsdns-00.net. 76553 IN A 205.251.199.128
;rrset 76668 3 0 2 0
awsdns-42.ne. 76668 IN NS nsgbr.comlaude.co.uk.
awsdns-42.ne. 76668 IN NS nssui.comlaude.ch.
awsdns-42.ne. 76668 IN NS nsusa.comlaude.net.
;rrset 76524 1 0 1 0
g-ns-601.awsdns-25.com. 76524 IN A 205.251.194.89
;rrset 76521 1 0 1 0
nsb.nic.uk. 76521 IN A 156.154.101.3
;rrset 76553 1 0 1 0
g-ns-322.awsdns-02.co.uk. 76553 IN AAAA 2600:9000:5301:4200::1
;rrset 76551 1 0 8 0
ns-144.awsdns-18.com. 76551 IN AAAA 2600:9000:5300:9000::1
;rrset 76526 1 0 1 0
g-ns-784.awsdns-14.net. 76526 IN A 205.251.195.16
;rrset 75197 1 0 8 0
dns02.dns.t-ipnet.de. 75197 IN A 194.25.2.172
;rrset 76081 7 0 2 0
lacnic.net. 76081 IN NS ns.lacnic.net.
lacnic.net. 76081 IN NS ns4.apnic.net.
lacnic.net. 76081 IN NS ns2.lacnic.net.
lacnic.net. 76081 IN NS a.lactld.org.
lacnic.net. 76081 IN NS lacnic.authdns.ripe.net.
lacnic.net. 76081 IN NS rirns.arin.net.
lacnic.net. 76081 IN NS ns4.lacnic.net.
;rrset 76521 1 0 1 0
dns4.nic.uk. 76521 IN A 43.230.48.1
;rrset 76551 1 0 1 0
g-ns-1976.awsdns-56.net. 76551 IN AAAA 2600:9000:5307:b800::1
;rrset 588 1 0 1 0
g-ns-731.awsdns-25.org. 588 IN AAAA 2600:9000:5302:db00::1
;rrset 78265 1 1 8 0
dns1.p02.nsone.net. 78265 IN AAAA 2620:4d:4000:6259:7:2:0:1
dns1.p02.nsone.net. 78265 IN RRSIG AAAA 13 4 86400 20260130105759 20260129085759 12196 nsone.net. JaXDv4osEc7vT1QE+7xARGiSngPPel7m4J7WdOnSAEKLnf2NdPn20B/G1DSihRgcGR/l52+C/EXI9mT3g81Jww== ;{id = 12196}
;rrset 2724 1 1 7 0
I4M5I8Q57K0R42VIGEU41AATCOIK29MV.wetterstation-pliening.info. 2724 IN NSEC3 1 0 0 - kavfi9tptp0fpuffabov3o6pb3thc6rp TXT RRSIG
I4M5I8Q57K0R42VIGEU41AATCOIK29MV.wetterstation-pliening.info. 2724 IN RRSIG NSEC3 13 3 3600 20260211083137 20260128191743 3760 wetterstation-pliening.info. pQzmkpPYD0p/yh1uQ7hnqsuoebpney/DdlvBONs6pFsk+aFcA9TBSOQ8ihRs2KvMbltINnm/ww5/J360BUNXQw== ;{id = 3760}
;rrset 76081 1 1 8 0
pri.authdns.ripe.net. 76081 IN A 193.0.9.5
pri.authdns.ripe.net. 76081 IN RRSIG A 13 4 86400 20260205133944 20260122120944 38758 ripe.net. DHRqPheBHBhKYzrVhVHvQgFJFrlHxgmXuFAOdk/yFfgZwAGguL5ghWuAZi6f6diSplLg8X96j8lJOJ/WUb0g9w== ;{id = 38758}
;rrset 76526 1 0 8 0
ns-1741.awsdns-25.co.uk. 76526 IN A 205.251.198.205
;rrset 83388 1 0 8 0
ns-193.awsdns-24.com. 83388 IN AAAA 2600:9000:5300:c100::1
;rrset 83388 1 0 8 0
ns-953.awsdns-55.net. 83388 IN A 205.251.195.185
;rrset 76551 1 0 1 0
g-ns-367.awsdns-47.co.uk. 76551 IN AAAA 2600:9000:5301:6f00::1
;rrset 76553 1 0 1 0
g-ns-1920.awsdns-00.net. 76553 IN AAAA 2600:9000:5307:8000::1
;rrset 76523 1 0 1 0
g-ns-1356.awsdns-12.net. 76523 IN A 205.251.197.76
;rrset 76477 3 1 8 0
mitch.ns.cloudflare.com. 76477 IN A 172.64.33.208
mitch.ns.cloudflare.com. 76477 IN A 108.162.193.208
mitch.ns.cloudflare.com. 76477 IN A 173.245.59.208
mitch.ns.cloudflare.com. 76477 IN RRSIG A 13 4 86353 20260130102858 20260128082858 34505 cloudflare.com. NAJlJJkoilmn7ZjI7vSpK2zec11yIL7JZfxsLImpnbxmgH9/g3l37yYVcBSjMdGqX/m+nyZnRfZbdwXzq4PHHg== ;{id = 34505}
;rrset 78265 4 0 2 0
awsdns-28.co.uk. 78265 IN NS g-ns-924.awsdns-28.co.uk.
awsdns-28.co.uk. 78265 IN NS g-ns-348.awsdns-28.co.uk.
awsdns-28.co.uk. 78265 IN NS g-ns-1824.awsdns-28.co.uk.
awsdns-28.co.uk. 78265 IN NS g-ns-1503.awsdns-28.co.uk.
;rrset 78265 1 0 1 0
g-ns-1824.awsdns-28.co.uk. 78265 IN AAAA 2600:9000:5307:2000::1
;rrset 83564 1 0 8 0
ns-1670.awsdns-16.co.uk. 83564 IN A 205.251.198.134
;rrset 83452 1 0 1 0
g-ns-383.awsdns-63.co.uk. 83452 IN A 205.251.193.127
;rrset 76526 1 1 2 0
info. 76526 IN DS 5104 8 2 1AF7548A8D3E2950C20303757DF9390C26CFA39E26C8B6A8F6C8B1E72DD8F744
info. 76526 IN RRSIG DS 8 1 86400 20260211050000 20260129040000 21831 . ABu4FEF+coC7vLoG+nUeZolFUMS8fvgv5Hjj4i1r8O0mm6g6dbqZmE3qYzCe8uSIs3TCtWthy6hvmlRSgDpc6WG0ym0pnUhj8BvrAtNGsvif0fa7gMLQIESmgyglgylFSTRqYdzAC9krpb8BPLGzG+iHAur1VeAjbN0MF9YCBzY59x11Nru1Rw1n2d3O/k7enH3VPLCdHkoy+8UpSbb4/dTuKXWMS8qK6kxsj3aVZD3lNNL4aYm2+vbojkIBxV0JhdkQL9ULpEFI7aXj9MSqtR7yN6I0DbCSqq2HISmdkR/qa+kHVDZOT/SkXeW6ZpPKNRB6ycRunnSX1FFDSvOdGg== ;{id = 21831}
;rrset 78265 1 0 1 0
g-ns-348.awsdns-28.co.uk. 78265 IN AAAA 2600:9000:5301:5c00::1
;rrset 75197 1 0 8 0
dns50.dns.t-ipnet.de. 75197 IN A 217.5.100.183
;rrset 83530 4 0 2 0
awsdns-07.com. 83530 IN NS g-ns-8.awsdns-07.com.
awsdns-07.com. 83530 IN NS g-ns-583.awsdns-07.com.
awsdns-07.com. 83530 IN NS g-ns-1159.awsdns-07.com.
awsdns-07.com. 83530 IN NS g-ns-1735.awsdns-07.com.
;rrset 83384 4 0 2 0
3qsdn.net. 83384 IN NS ns1.3qsdn.net.
3qsdn.net. 83384 IN NS ns2.3qsdn.net.
3qsdn.net. 83384 IN NS ns3.3qsdn.net.
3qsdn.net. 83384 IN NS ns4.3qsdn.net.
;rrset 76526 1 0 1 0
g-ns-498.awsdns-49.net. 76526 IN AAAA 2600:9000:5301:f200::1
;rrset 76524 1 0 1 0
g-ns-320.awsdns-00.co.uk. 76524 IN AAAA 2600:9000:5301:4000::1
;rrset 83564 1 0 8 0
ns-805.awsdns-36.net. 83564 IN A 205.251.195.37
;rrset 76524 4 0 2 0
iana-servers.net. 76524 IN NS ns.icann.org.
iana-servers.net. 76524 IN NS a.iana-servers.net.
iana-servers.net. 76524 IN NS b.iana-servers.net.
iana-servers.net. 76524 IN NS c.iana-servers.net.
;rrset 83530 1 0 1 0
g-ns-1735.awsdns-07.com. 83530 IN AAAA 2600:9000:5306:c700::1
;rrset 76658 1 0 1 0
g-ns-1397.awsdns-53.net. 76658 IN A 205.251.197.117
;rrset 78264 1 0 8 0
ns-520.awsdns-01.net. 78264 IN AAAA 2600:9000:5302:800::1
;rrset 78265 1 0 8 0
ns-1766.awsdns-28.co.uk. 78265 IN AAAA 2600:9000:5306:e600::1
;rrset 939 1 1 7 0
1E93L6R5OS67N6645CUIN8428HQK1B0O.omni128.de. 939 IN NSEC3 1 0 0 - 1kijka46v3jhcqs25ltecc61lvbe80m5 A NS SOA MX TXT AAAA RRSIG DNSKEY NSEC3PARAM TYPE65534
1E93L6R5OS67N6645CUIN8428HQK1B0O.omni128.de. 939 IN RRSIG NSEC3 13 3 3600 20260211091405 20260128191743 29371 omni128.de. o/cMgxEoDMmIu+1sQ8s5SBgvSrn2YV9TeLfQ7eedHPkKYgKTnZgp2+xqaPHjidMQ6kxfw+yzwOVjX0mU91MSJQ== ;{id = 29371}
;rrset 76526 6 0 2 0
info. 76526 IN NS a0.info.afilias-nst.info.
info. 76526 IN NS a2.info.afilias-nst.info.
info. 76526 IN NS b0.info.afilias-nst.org.
info. 76526 IN NS b2.info.afilias-nst.org.
info. 76526 IN NS c0.info.afilias-nst.info.
info. 76526 IN NS d0.info.afilias-nst.org.
;rrset 76553 1 0 1 0
g-ns-16.awsdns-15.com. 76553 IN A 205.251.192.16
;rrset 76551 1 0 1 0
g-ns-777.awsdns-07.net. 76551 IN A 205.251.195.9
;rrset 76526 1 0 1 0
g-ns-1500.awsdns-25.co.uk. 76526 IN AAAA 2600:9000:5305:dc00::1
;rrset 76658 4 0 2 0
awsdns-53.net. 76658 IN NS g-ns-502.awsdns-53.net.
awsdns-53.net. 76658 IN NS g-ns-823.awsdns-53.net.
awsdns-53.net. 76658 IN NS g-ns-1397.awsdns-53.net.
awsdns-53.net. 76658 IN NS g-ns-1973.awsdns-53.net.
;rrset 76523 1 0 1 0
ns8.googledomains.com. 76523 IN AAAA 2001:4860:4802:38::a
;rrset 76526 1 0 1 0
a16-65.akam.net. 76526 IN A 23.211.132.65
;rrset 83564 1 0 1 0
g-ns-455.awsdns-06.net. 83564 IN A 205.251.193.199
;rrset 83452 1 0 1 0
g-ns-1814.awsdns-18.co.uk. 83452 IN A 205.251.199.22
;rrset 76249 3 1 8 0
blue.foundationdns.net. 76249 IN A 172.64.40.31
blue.foundationdns.net. 76249 IN A 108.162.198.31
blue.foundationdns.net. 76249 IN A 162.159.60.31
blue.foundationdns.net. 76249 IN RRSIG A 13 3 86353 20260130102510 20260128082510 34505 foundationdns.net. zNmfc0s9f1BvXUvAgFvGGGwMXz2euI78AQqv00in2eKn7vtp0qCuHOsScnOlsq6e0H6v5p7bT8UWXmsw7B4K/g== ;{id = 34505}
;rrset 76526 3 0 2 0
plusline.de. 76526 IN NS ns.s.plusline.de.
plusline.de. 76526 IN NS ns.txx.plusline.de.
plusline.de. 76526 IN NS ns.plusline.de.
;rrset 83564 1 0 8 0
ns-27.awsdns-03.com. 83564 IN AAAA 2600:9000:5300:1b00::1
;rrset 652 1 0 1 0
g-ns-1606.awsdns-06.org. 652 IN A 205.251.198.70
;rrset 78526 1 0 1 0
g-ns-371.awsdns-51.co.uk. 78526 IN A 205.251.193.115
;rrset 76523 1 0 1 0
ns5.googledomains.com. 76523 IN AAAA 2001:4860:4802:32::a
;rrset 76081 1 0 1 0
lacnic.authdns.ripe.net. 76081 IN A 193.0.9.11
;rrset 76522 1 0 1 0
g-ns-1807.awsdns-11.co.uk. 76522 IN A 205.251.199.15
;rrset 76576 4 0 2 0
google-analytics.com. 76576 IN NS ns2.google.com.
google-analytics.com. 76576 IN NS ns1.google.com.
google-analytics.com. 76576 IN NS ns3.google.com.
google-analytics.com. 76576 IN NS ns4.google.com.
;rrset 76523 1 0 1 0
g-ns-461.awsdns-12.net. 76523 IN AAAA 2600:9000:5301:cd00::1
;rrset 76081 1 0 1 0
ns1.apnic.net. 76081 IN AAAA 2001:dd8:e::53
;rrset 76296 1 0 1 0
ams.nether.net. 76296 IN A 165.254.255.4
;rrset 76668 1 0 8 0
ns-1198.awsdns-21.org. 76668 IN A 205.251.196.174
;rrset 76526 1 0 8 2
tagesschau.de. 76526 IN A 34.110.152.241
;rrset 76526 1 0 8 0
a22-66.akam.net. 76526 IN AAAA 2600:1480:7800::42
;rrset 926 1 1 2 0
PC6JKTEPF4SQK8NHBNL8KNJB0F7QGL7O.co.uk. 926 IN NSEC3 1 1 0 - pc6lujhjd5ctnru33r7cuo7havhauivq NS DS RRSIG ;{flags: optout}
PC6JKTEPF4SQK8NHBNL8KNJB0F7QGL7O.co.uk. 926 IN RRSIG NSEC3 8 3 10800 20260305005953 20260129001157 44346 co.uk. Q9/nYUDZ/y0O+4gfW+DpU6ZAxd+C7tSfKkyw28KSlvUK8OrviLVtaNMo/HTF6HASJBnSeogTdhRPjXMT6GT3qK6yk7xH7ovFnuh0JmCNhGWcmdz1lfRoO63zC7ZbpETiPgU8MzhQNEcqA7mwRU3KfZPH/mrMy9en/RDzQupq8TihTs8AQ8wic8jVS8MyxfbrigbK4U1cHuE8F+rJk936oCX3krcT5TG90zOBdu2iZElLOFQVjK6dpbFE2MVhAVEEPB5TKudFPOP9vAt/Q5K3gxBfKaf/5X6c8AABExwAR43xDF4TFc95lC7p8IasZyb+0OGA7J/BIGLf3mEIJx9W3g== ;{id = 44346}
;rrset 76081 1 0 1 0
ns2.lacnic.net. 76081 IN A 200.3.13.11
;rrset 77048 1 0 1 0
g-ns-904.awsdns-08.co.uk. 77048 IN AAAA 2600:9000:5303:8800::1
;rrset 76034 1 0 1 0
a22-67.akam.net. 76034 IN AAAA 2600:1480:7800::43
;rrset 76034 8 0 2 0
akam.net. 76034 IN NS a18-67.akam.net.
akam.net. 76034 IN NS a28-67.akam.net.
akam.net. 76034 IN NS a22-67.akam.net.
akam.net. 76034 IN NS a11-67.akam.net.
akam.net. 76034 IN NS a1-67.akam.net.
akam.net. 76034 IN NS a12-67.akam.net.
akam.net. 76034 IN NS a4-67.akam.net.
akam.net. 76034 IN NS a6-67.akam.net.
;rrset 76668 1 1 8 0
nssui.comlaude.ch. 76668 IN A 198.51.45.11
nssui.comlaude.ch. 76668 IN RRSIG A 13 3 86400 20260130103122 20260129083122 8875 comlaude.ch. 3/6gYb6ejXvlFw77B/b/jeIZfc4fkxuEgaTdm9ftCoeHl6bxfEj7KxpXMhfYXrQ151M5P+je0LK6qBpAEDBxqA== ;{id = 8875}
;rrset 652 1 0 1 0
g-ns-1033.awsdns-06.org. 652 IN AAAA 2600:9000:5304:900::1
;rrset 83451 1 0 1 0
ns2.inexio.net. 83451 IN AAAA 2a01:5c0:6:8::194
;rrset 76551 1 0 1 0
g-ns-594.awsdns-18.com. 76551 IN AAAA 2600:9000:5302:5200::1
;rrset 76523 1 0 1 0
g-ns-579.awsdns-03.com. 76523 IN A 205.251.194.67
;rrset 78265 1 0 1 0
g-ns-1198.awsdns-46.com. 78265 IN AAAA 2600:9000:5304:ae00::1
;rrset 76034 1 0 1 0
a4-67.akam.net. 76034 IN A 72.246.46.67
;rrset 78606 4 0 2 0
googlehosted.com. 78606 IN NS ns2.google.com.
googlehosted.com. 78606 IN NS ns1.google.com.
googlehosted.com. 78606 IN NS ns3.google.com.
googlehosted.com. 78606 IN NS ns4.google.com.
;rrset 76295 1 1 8 0
ns1.leaseweb.com. 76295 IN A 23.19.197.53
ns1.leaseweb.com. 76295 IN RRSIG A 13 3 86400 20260212000000 20260122000000 34591 leaseweb.com. LtwEwif8iu+97gAreV1nJBLIXBcfmfPlTL+V3lgJQ3ETKfoZ1iPKYsD3kqTqS9RLvODOhigdm+tbhhPBn0lzQw== ;{id = 34591}
;rrset 83452 1 0 1 0
e.nic.space. 83452 IN A 212.18.248.51
;rrset 76522 1 0 8 0
ns-972.awsdns-57.net. 76522 IN AAAA 2600:9000:5303:cc00::1
;rrset 76296 1 0 1 0
b2.nic.me. 76296 IN AAAA 2001:500:4f::1
;rrset 76526 1 0 8 0
ns-1111.awsdns-10.org. 76526 IN AAAA 2600:9000:5304:5700::1
;rrset 76521 1 0 8 0
ns-1655.awsdns-14.co.uk. 76521 IN AAAA 2600:9000:5306:7700::1
;rrset 1949 1 1 11 5
idmz.nausch.org. 1949 IN DNSKEY 257 3 13 pyRFcLHYcmJ1uOVupwr+xNIkSIIwY9rP+Qlj3CaIFxGZBn7PcqwG6WF6omMYSML9eT3GNsqkKpBY4XzBONcrKQ== ;{id = 46346 (ksk), size = 256b}
idmz.nausch.org. 1949 IN RRSIG DNSKEY 13 3 3600 20260212075344 20260129065344 46346 idmz.nausch.org. xuCiijMpUCTzsRWczuuKEhra2JFqrbmul4gJZYGqsNcNCzQc3K9vYsFL9Vezj0S2lmKndF/7Ates72wd/WEOHQ== ;{id = 46346}
;rrset 76524 4 0 2 0
awsdns-25.com. 76524 IN NS g-ns-26.awsdns-25.com.
awsdns-25.com. 76524 IN NS g-ns-601.awsdns-25.com.
awsdns-25.com. 76524 IN NS g-ns-1177.awsdns-25.com.
awsdns-25.com. 76524 IN NS g-ns-1753.awsdns-25.com.
;rrset 83388 1 0 1 0
g-ns-1176.awsdns-24.com. 83388 IN A 205.251.196.152
;rrset 76658 1 0 1 0
g-ns-372.awsdns-52.co.uk. 76658 IN A 205.251.193.116
;rrset 76526 1 0 1 0
g-ns-1969.awsdns-49.net. 76526 IN AAAA 2600:9000:5307:b100::1
;rrset 76523 1 0 8 0
ns-cloud-a3.googledomains.com. 76523 IN AAAA 2001:4860:4802:36::6a
;rrset 75574 3 0 2 0
hetzner.com. 75574 IN NS ns1.your-server.de.
hetzner.com. 75574 IN NS ns.second-ns.com.
hetzner.com. 75574 IN NS ns3.second-ns.de.
;rrset 76524 1 0 1 0
ns3.cloudflare-dns.com. 76524 IN A 162.159.2.9
;rrset 83452 1 0 1 0
a.nic.space. 83452 IN AAAA 2001:67c:13cc::1:51
;rrset 76526 1 0 1 0
g-ns-1762.awsdns-34.com. 76526 IN A 205.251.198.226
;rrset 76597 4 0 2 0
fbcdn.net. 76597 IN NS a.ns.facebook.com.
fbcdn.net. 76597 IN NS b.ns.facebook.com.
fbcdn.net. 76597 IN NS c.ns.facebook.com.
fbcdn.net. 76597 IN NS d.ns.facebook.com.
;rrset 76552 1 0 1 0
g-ns-1482.awsdns-07.co.uk. 76552 IN AAAA 2600:9000:5305:ca00::1
;rrset 78579 4 0 2 0
awsdns-40.net. 78579 IN NS g-ns-489.awsdns-40.net.
awsdns-40.net. 78579 IN NS g-ns-810.awsdns-40.net.
awsdns-40.net. 78579 IN NS g-ns-1384.awsdns-40.net.
awsdns-40.net. 78579 IN NS g-ns-1960.awsdns-40.net.
;rrset 78265 1 0 8 0
ns-1354.awsdns-41.org. 78265 IN AAAA 2600:9000:5305:4a00::1
;rrset 76526 1 0 1 0
a0.info.afilias-nst.info. 76526 IN AAAA 2001:500:19::1
;rrset 76551 4 0 2 0
awsdns-56.net. 76551 IN NS g-ns-505.awsdns-56.net.
awsdns-56.net. 76551 IN NS g-ns-826.awsdns-56.net.
awsdns-56.net. 76551 IN NS g-ns-1400.awsdns-56.net.
awsdns-56.net. 76551 IN NS g-ns-1976.awsdns-56.net.
;rrset 78477 3 1 8 0
mina.ns.cloudflare.com. 78477 IN AAAA 2a06:98c1:50::ac40:22fb
mina.ns.cloudflare.com. 78477 IN AAAA 2803:f800:50::6ca2:c2fb
mina.ns.cloudflare.com. 78477 IN AAAA 2606:4700:50::a29f:26fb
mina.ns.cloudflare.com. 78477 IN RRSIG AAAA 13 4 86353 20260130110218 20260128090218 34505 cloudflare.com. FtI06EuQbkcBPtXbop4tpY4975BufYaaWixx8caQXtwqbHL5sRDtD47qLi61CtH0TW34EYSFxWHOCrxt2EOwXw== ;{id = 34505}
;rrset 76521 4 0 2 0
awsdns-32.com. 76521 IN NS g-ns-33.awsdns-32.com.
awsdns-32.com. 76521 IN NS g-ns-608.awsdns-32.com.
awsdns-32.com. 76521 IN NS g-ns-1184.awsdns-32.com.
awsdns-32.com. 76521 IN NS g-ns-1760.awsdns-32.com.
;rrset 77066 1 0 1 0
dns2.p01.nsone.net. 77066 IN A 198.51.45.1
;rrset 76551 1 0 8 0
ns-1696.awsdns-20.co.uk. 76551 IN AAAA 2600:9000:5306:a000::1
;rrset 78579 1 0 1 0
g-ns-1960.awsdns-40.net. 78579 IN A 205.251.199.168
;rrset 83452 1 0 8 0
ns-634.awsdns-15.net. 83452 IN A 205.251.194.122
;rrset 76668 1 0 1 0
g-ns-257.awsdns-63.com. 76668 IN AAAA 2600:9000:5301:100::1
;rrset 76658 1 0 1 0
g-ns-1527.awsdns-52.co.uk. 76658 IN A 205.251.197.247
;rrset 76040 1 0 8 0
a8-66.akam.net. 76040 IN AAAA 2600:1403:a::42
;rrset 652 1 0 1 0
g-ns-1077.awsdns-50.org. 652 IN AAAA 2600:9000:5304:3500::1
;rrset 75197 1 0 1 0
c.ip6-servers.arpa. 75197 IN A 196.216.169.11
;rrset 83564 1 0 1 0
g-ns-776.awsdns-06.net. 83564 IN AAAA 2600:9000:5303:800::1
;rrset 83564 1 0 8 0
ns-398.awsdns-49.com. 83564 IN A 205.251.193.142
;rrset 78264 1 0 1 0
g-ns-450.awsdns-01.net. 78264 IN AAAA 2600:9000:5301:c200::1
;rrset 75574 1 0 1 0
ns1.your-server.de. 75574 IN AAAA 2a01:4f8:0:1::5ddc:1
;rrset 77048 1 0 1 0
g-ns-1483.awsdns-08.co.uk. 77048 IN AAAA 2600:9000:5305:cb00::1
;rrset 76668 1 0 1 0
d.nic.ch. 76668 IN AAAA 2001:678:20::39
;rrset 83388 1 0 1 0
g-ns-600.awsdns-24.com. 83388 IN AAAA 2600:9000:5302:5800::1
;rrset 78526 1 0 8 0
ns-1484.awsdns-57.org. 78526 IN A 205.251.197.204
;rrset 76526 1 0 8 0
la3.akamaiedge.net. 76526 IN A 95.101.36.192
;rrset 83564 1 0 1 0
g-ns-1192.awsdns-40.com. 83564 IN A 205.251.196.168
;rrset 588 1 1 2 0
tgbo5ir2m7vuhif8oep2170s7caufb88.org. 588 IN NSEC3 1 1 0 332539EE7F95C32A tgbp57k4da5t9cqngdo2c495ojkbgqho NS DS RRSIG ;{flags: optout}
tgbo5ir2m7vuhif8oep2170s7caufb88.org. 588 IN RRSIG NSEC3 8 2 3600 20260215152414 20260125142414 37176 org. fVmReT+U4AESLxVuFsuRJlwAV3foYwfjTc+sTyiIEChDzBsr8Z/QzvrASeSY8VLEgiYNK6b24hstdWXP6w3JV9S0JcT/ywdn4kw7eIvQIkPN4fRDOKYpCMrMS8iHnG5hfcBGDAsE2EkJ+8ZIqEgdWHZJ9FGzaMEoPN2t/A0VavA= ;{id = 37176}
;rrset 76597 1 0 8 0
ns-1521.awsdns-62.org. 76597 IN AAAA 2600:9000:5305:f100::1
;rrset 952 1 1 2 0
snkidu6fs173jt3q8riv4cbu3qodk7o7.co.uk. 952 IN NSEC3 1 1 0 - snkohf88p0jjh4t83jo18rdfj33tt4ue NS DS RRSIG ;{flags: optout}
snkidu6fs173jt3q8riv4cbu3qodk7o7.co.uk. 952 IN RRSIG NSEC3 8 3 10800 20260305050911 20260129042724 44346 co.uk. GZPymDrDCSKY5z8B42wbqRIzJ9n7gSfZImdQ4PZF3R/4wAKavxSShkxtw2GsuwXgi60I96BCOIFAfKsFLsK3rI+ggPLnpZOE37WYk+jKcx2HD19ug9wdsRTO6oJCi+a6FvZ1z2PfGbpsl0F3GSdpB0BYqToiLnxKr0sU6/Ah8bwpTLRtEvgLXXRz7aa9Ne3c78FFi2pR3Y6B2EIh4AMPOGm5wRs+gLP2NxLlKrKZmLvO1xh+O6bklXsdLZO+o8lGZ/tx7v714nN8FCEiHw+kRDL7BdQVHH4nflJJjG54PoVaDl9WzDnHKs4Mw9Yqr8TAiCeSrU42sOo/n6kohCucWg== ;{id = 44346}
;rrset 1217 1 1 7 0
BAPVHM28EH7AU2O6TVUV10T1DI95G4M8.13.92.217.in-addr.arpa. 1217 IN NSEC3 1 0 0 - miulor7v6aph9d03ffvel0jvqrlmrnqc PTR RRSIG
BAPVHM28EH7AU2O6TVUV10T1DI95G4M8.13.92.217.in-addr.arpa. 1217 IN RRSIG NSEC3 13 6 3600 20260211084320 20260128191743 7117 13.92.217.in-addr.arpa. 0XiNftNJsLcNv+Mdw6n8/3P+rtbj6TF47WtdF5d8AewkXqpMjWsyFa1SlHRrl7dq95qMQtngDYLgiwG94wZoxQ== ;{id = 7117}
;rrset 83388 1 1 8 0
dns1.p07.nsone.net. 83388 IN A 198.51.44.7
dns1.p07.nsone.net. 83388 IN RRSIG A 13 4 86400 20260130122322 20260129102322 12196 nsone.net. QbKn0Y/wIj0zUKiEDLMn+NvdvVpZuNKGaJUWW2yghTBIIMOs/3e0kgWKV1Imbc3OokK6FmxlipmCj6T+Zdw9yg== ;{id = 12196}
;rrset 83388 1 0 1 0
g-ns-600.awsdns-24.com. 83388 IN A 205.251.194.88
;rrset 76526 1 0 1 0
a18-65.akam.net. 76526 IN A 95.101.36.65
;rrset 76668 1 0 1 0
ns.intnet.ne. 76668 IN A 41.138.54.10
;rrset 76081 1 0 1 0
manus.authdns.ripe.net. 76081 IN A 193.0.9.7
;rrset 76668 1 0 1 0
g-ns-1984.awsdns-63.com. 76668 IN A 205.251.199.192
;rrset 75197 1 0 3 0
j.root-servers.net. 75197 IN AAAA 2001:503:c27::2:30
;rrset 76552 1 0 1 0
g-ns-929.awsdns-33.co.uk. 76552 IN A 205.251.195.161
;rrset 4182 1 1 2 0
fo94kfnupvhb89l9so7lfeb93hb3uq76.de. 4182 IN NSEC3 1 1 15 CA12B74ADB90591A fo971hiqrtudh3hbqfs9e504pa1uvg37 NS DS RRSIG ;{flags: optout}
fo94kfnupvhb89l9so7lfeb93hb3uq76.de. 4182 IN RRSIG NSEC3 8 2 7200 20260208072125 20260125055125 14058 de. NFagMPg3wu51ZOq3SYaNfxHFPmDP6rtubo2QKhgCHQsfUlmaNT3vV+9ukrUjDARPmdVn5LGwrdZGGOrGeDQ93aDZ7SxbUe9vv7WxH+Cin3rp1KhHOlU/67ZWVN6mFBMbc8eEmX/4prBFgX02IJ5ANj//HmSISo9p0vIhg+6SdQ4= ;{id = 14058}
;rrset 76524 1 0 1 0
g-ns-896.awsdns-00.co.uk. 76524 IN AAAA 2600:9000:5303:8000::1
;rrset 76081 1 0 1 0
e.dns.br. 76081 IN AAAA 2001:12f8:2::10
;rrset 77048 1 0 1 0
g-ns-794.awsdns-24.net. 77048 IN A 205.251.195.26
;rrset 76526 1 0 1 0
ns2.google.com. 76526 IN AAAA 2001:4860:4802:34::a
;rrset 75197 1 0 1 0
a.nic.de. 75197 IN AAAA 2001:678:2::53
;rrset 588 1 0 1 0
g-ns-731.awsdns-25.org. 588 IN A 205.251.194.219
;rrset 588 1 1 7 0
nsone.net. 588 IN SOA dns1.p01.nsone.net. hostmaster.nsone.net. 1736533684 43200 7200 1209600 3600
nsone.net. 588 IN RRSIG SOA 13 2 3600 20260130122322 20260129102322 12196 nsone.net. fvcSL5E5hS27GQ13cQ7iqhLsvrP0bNu3HXhYbz32VhDSphhb5VGr4+yLTPV6kXMq0Lh7uQSkb20mml65CYu7gg== ;{id = 12196}
;rrset 583 1 1 7 0
19a9at3jdr75makmf56tif1rsomh7938.infonline.de. 83383 IN NSEC3 1 0 1 AB 19i1g3ia6fl8tav14q1v3snfm10ika90 A RRSIG
19a9at3jdr75makmf56tif1rsomh7938.infonline.de. 83383 IN RRSIG NSEC3 8 3 86400 20260212000000 20260122000000 12679 infonline.de. YktJ7BkMd2damapWFyR5hoGNhTw9D6dpQ/HS7EhHajGZMofIAlV1mSjt1K+fbGaSwvoyS1ai92IrIbv8crhaqK21veWNWJwYGmXCJ3/+Fw71/qi+gRw3s/MW9/ieOi6Y7YqXnrgbY9rsZHTI5MJOVhWrFO37ZUKwwroVfucaX0k= ;{id = 12679}
;rrset 76668 1 0 8 0
ns-1800.awsdns-33.co.uk. 76668 IN AAAA 2600:9000:5307:800::1
;rrset 76522 1 0 1 0
g-ns-1172.awsdns-20.com. 76522 IN A 205.251.196.148
;rrset 83451 1 0 1 0
ns1.inexio.net. 83451 IN AAAA 2a01:5c0:6:38::40
;rrset 4669 1 1 8 0
dns2.cscdns.net. 4669 IN AAAA 2610:a1:1023::100
dns2.cscdns.net. 4669 IN RRSIG AAAA 13 3 14400 20260208103340 20260125103340 17243 cscdns.net. X+wtX7JQO76uNs3JtdMjlzNKHUiHE3lQznMsB75qIu4dBF3qPyhm/k19vqgPie06aYB/EKD565owFjlnLdeJ8g== ;{id = 17243}
;rrset 76551 1 0 1 0
g-ns-30.awsdns-29.com. 76551 IN A 205.251.192.30
;rrset 76082 1 1 8 0
ns.dns.br. 76082 IN A 200.160.0.5
ns.dns.br. 76082 IN RRSIG A 13 3 172800 20260321024259 20260110023654 38185 dns.br. Zk6tShhR6Ukgt5CrgzD6FdUfdnpnpyHXvpYXDZaxdmbz55b1M5F+fUZj/5RWl7FIytximQSbAbg8EZPKOiKhWA== ;{id = 38185}
;rrset 75197 1 0 3 0
f.root-servers.net. 75197 IN AAAA 2001:500:2f::f
;rrset 76081 6 0 2 0
br. 76081 IN NS a.dns.br.
br. 76081 IN NS b.dns.br.
br. 76081 IN NS c.dns.br.
br. 76081 IN NS d.dns.br.
br. 76081 IN NS e.dns.br.
br. 76081 IN NS f.dns.br.
;rrset 75197 1 0 1 0
i.gtld-servers.net. 75197 IN AAAA 2001:503:39c1::30
;rrset 76524 1 0 1 0
g-ns-1177.awsdns-25.com. 76524 IN AAAA 2600:9000:5304:9900::1
;rrset 83383 3 0 1 0
frank.ns.cloudflare.com. 83383 IN A 108.162.193.166
frank.ns.cloudflare.com. 83383 IN A 172.64.33.166
frank.ns.cloudflare.com. 83383 IN A 173.245.59.166
;rrset 78265 1 0 1 0
g-ns-1774.awsdns-46.com. 78265 IN A 205.251.198.238
;rrset 76034 1 0 1 0
a11-67.akam.net. 76034 IN A 84.53.139.67
;rrset 77957 1 0 1 0
g-ns-592.awsdns-16.com. 77957 IN A 205.251.194.80
;rrset 76081 1 0 1 0
cl1.dnsnode.net. 76081 IN AAAA 2001:67c:1010:8::53
;rrset 76553 1 0 1 0
g-ns-898.awsdns-02.co.uk. 76553 IN A 205.251.195.130
;rrset 83564 1 0 1 0
g-ns-813.awsdns-43.net. 83564 IN A 205.251.195.45
;rrset 83452 1 0 1 0
g-ns-1540.awsdns-63.co.uk. 83452 IN A 205.251.198.4
;rrset 76526 1 0 1 0
g-ns-1358.awsdns-14.net. 76526 IN A 205.251.197.78
;rrset 76668 1 0 8 0
ns-627.awsdns-14.net. 76668 IN A 205.251.194.115
;rrset 76295 2 0 2 0
leaseweb.net. 76295 IN NS ns0.leaseweb.com.
leaseweb.net. 76295 IN NS ns1.leaseweb.com.
;rrset 78264 8 0 2 0
github.com. 78264 IN NS ns-520.awsdns-01.net.
github.com. 78264 IN NS ns-421.awsdns-52.com.
github.com. 78264 IN NS ns-1707.awsdns-21.co.uk.
github.com. 78264 IN NS ns-1283.awsdns-32.org.
github.com. 78264 IN NS dns1.p08.nsone.net.
github.com. 78264 IN NS dns2.p08.nsone.net.
github.com. 78264 IN NS dns3.p08.nsone.net.
github.com. 78264 IN NS dns4.p08.nsone.net.
;rrset 77048 1 0 8 0
ns-1605.awsdns-08.co.uk. 77048 IN AAAA 2600:9000:5306:4500::1
;rrset 83452 1 0 8 0
ns-643.awsdns-16.net. 83452 IN AAAA 2600:9000:5302:8300::1
;rrset 76552 1 0 1 0
g-ns-1939.awsdns-19.net. 76552 IN AAAA 2600:9000:5307:9300::1
;rrset 83529 3 0 1 0
scott.ns.cloudflare.com. 83529 IN AAAA 2606:4700:58::adf5:3be6
scott.ns.cloudflare.com. 83529 IN AAAA 2803:f800:50::6ca2:c1e6
scott.ns.cloudflare.com. 83529 IN AAAA 2a06:98c1:50::ac40:21e6
;rrset 76668 1 1 2 0
comlaude.net. 76668 IN DS 48553 13 2 5D82D2317A8667D7F85902DAD2219F73046B24DC24586E74FD001C7000938B91
comlaude.net. 76668 IN RRSIG DS 13 2 86400 20260202033034 20260126022034 44109 net. 1ZU6eqD+E2dP4yo0bsCaMbRli9is/6YWmfebG/gyxfQfAHJORlL9s+5PQNB5lI1M9LGprWbSN7g57gGiRnzcPA== ;{id = 44109}
;rrset 76523 1 0 1 0
g-ns-1964.awsdns-44.net. 76523 IN A 205.251.199.172
;rrset 77048 1 0 1 0
g-ns-1195.awsdns-43.com. 77048 IN AAAA 2600:9000:5304:ab00::1
;rrset 83564 4 0 2 0
amazonaws.com. 83564 IN NS ns-27.awsdns-03.com.
amazonaws.com. 83564 IN NS ns-967.awsdns-56.net.
amazonaws.com. 83564 IN NS ns-1670.awsdns-16.co.uk.
amazonaws.com. 83564 IN NS ns-1321.awsdns-37.org.
;rrset 76668 1 0 1 0
g-ns-1211.awsdns-59.com. 76668 IN AAAA 2600:9000:5304:bb00::1
;rrset 76668 1 0 1 0
ns-ne.afrinic.net. 76668 IN A 196.216.168.45
;rrset 76552 1 0 1 0
g-ns-1829.awsdns-33.co.uk. 76552 IN AAAA 2600:9000:5307:2500::1
;rrset 76551 1 0 1 0
g-ns-1400.awsdns-56.net. 76551 IN A 205.251.197.120
;rrset 76081 1 0 1 0
ns2.apnic.net. 76081 IN AAAA 2001:ddd::53
;rrset 76526 1 0 1 0
g-ns3.amzndns.net. 76526 IN AAAA 2600:9000:5302:9200::1
;rrset 76526 1 0 1 0
g-ns-916.awsdns-20.co.uk. 76526 IN AAAA 2600:9000:5303:9400::1
;rrset 76296 1 0 1 0
c0.nic.me. 76296 IN A 199.253.61.1
;rrset 76599 1 0 1 0
ns-tld2.charlestonroadregistry.com. 76599 IN A 216.239.34.105
;rrset 76552 1 0 1 0
g-ns-353.awsdns-33.co.uk. 76552 IN AAAA 2600:9000:5301:6100::1
;rrset 11852 4 0 2 0
de.sentry.io. 11852 IN NS ns-cloud-e4.googledomains.com.
de.sentry.io. 11852 IN NS ns-cloud-e1.googledomains.com.
de.sentry.io. 11852 IN NS ns-cloud-e3.googledomains.com.
de.sentry.io. 11852 IN NS ns-cloud-e2.googledomains.com.
;rrset 83564 1 0 1 0
g-ns-1926.awsdns-06.net. 83564 IN AAAA 2600:9000:5307:8600::1
;rrset 76553 1 0 1 0
g-ns-1477.awsdns-02.co.uk. 76553 IN AAAA 2600:9000:5305:c500::1
;rrset 76526 1 0 1 0
g-ns-1518.awsdns-43.co.uk. 76526 IN A 205.251.197.238
;rrset 76597 1 0 8 0
ns-453.awsdns-56.com. 76597 IN AAAA 2600:9000:5301:c500::1
;rrset 76523 1 0 1 0
g-ns-48.awsdns-47.com. 76523 IN A 205.251.192.48
;rrset 76523 1 0 8 0
ns-1526.awsdns-62.org. 76523 IN A 205.251.197.246
;rrset 83452 1 0 1 0
b.nic.space. 83452 IN AAAA 2a04:2b00:13cc::1:51
;rrset 78579 1 0 1 0
g-ns-1384.awsdns-40.net. 78579 IN AAAA 2600:9000:5305:6800::1
;rrset 77048 1 0 1 0
g-ns-1195.awsdns-43.com. 77048 IN A 205.251.196.171
;rrset 4669 1 0 8 0
udns2.cscudns.org. 4669 IN A 204.74.104.20
;rrset 83452 1 0 1 0
g-ns-914.awsdns-18.co.uk. 83452 IN AAAA 2600:9000:5303:9200::1
;rrset 577 1 0 8 0
ns4.fastly.net. 577 IN A 104.156.84.32
;rrset 75197 1 0 3 0
d.root-servers.net. 75197 IN AAAA 2001:500:2d::d
;rrset 78526 1 0 8 0
ns-609.awsdns-12.net. 78526 IN A 205.251.194.97
;rrset 76524 4 0 2 0
awsdns-32.net. 76524 IN NS g-ns-481.awsdns-32.net.
awsdns-32.net. 76524 IN NS g-ns-802.awsdns-32.net.
awsdns-32.net. 76524 IN NS g-ns-1376.awsdns-32.net.
awsdns-32.net. 76524 IN NS g-ns-1952.awsdns-32.net.
;rrset 76522 1 0 1 0
g-ns-1486.awsdns-11.co.uk. 76522 IN AAAA 2600:9000:5305:ce00::1
;rrset 76523 1 0 1 0
g-ns-782.awsdns-12.net. 76523 IN AAAA 2600:9000:5303:e00::1
;rrset 76658 1 0 1 0
g-ns-823.awsdns-53.net. 76658 IN A 205.251.195.55
;rrset 75574 1 0 1 0
b0.org.afilias-nst.org. 75574 IN AAAA 2001:500:c::1
;rrset 588 1 0 1 0
g-ns-153.awsdns-25.org. 588 IN A 205.251.192.153
;rrset 77957 1 0 1 0
g-ns-1744.awsdns-16.com. 77957 IN A 205.251.198.208
;rrset 75197 1 0 1 0
l.gtld-servers.net. 75197 IN A 192.41.162.30
;rrset 76081 1 0 1 0
d.dns.br. 76081 IN AAAA 2001:12f8:4::10
;rrset 76526 1 0 8 0
ns-1305.awsdns-35.org. 76526 IN A 205.251.197.25
;rrset 76296 1 0 1 0
a0.nic.me. 76296 IN A 199.253.59.1
;rrset 20 1 0 8 2
redirect.archlinux.org. 20 IN A 95.216.195.133
;rrset 77067 1 1 8 0
dns4.p05.nsone.net. 77067 IN AAAA 2a00:edc0:6259:7:5::4
dns4.p05.nsone.net. 77067 IN RRSIG AAAA 13 4 86400 20260130103801 20260129083801 12196 nsone.net. qClD6eXqV9ZljdEhyJ4EwEZlYxMpWRZAiQlLtlH1e9S6uDNeVpgFZXNUBQK/Xf2tF9IyyDGIwOY2aTB7YdQv5A== ;{id = 12196}
;rrset 76523 1 0 8 0
ns-cloud-b1.googledomains.com. 76523 IN A 216.239.32.107
;rrset 76081 4 0 2 0
arin.net. 76081 IN NS ns1.arin.net.
arin.net. 76081 IN NS ns2.arin.net.
arin.net. 76081 IN NS u.arin.net.
arin.net. 76081 IN NS ns3.arin.net.
;rrset 764 1 1 2 0
mvvl9patc5u1mhjbmk8cfk082bppqi49.org. 764 IN NSEC3 1 1 0 332539EE7F95C32A mvvmn5nrfi2r3vmpm2gp98f7dr4ml8u2 NS DS RRSIG ;{flags: optout}
mvvl9patc5u1mhjbmk8cfk082bppqi49.org. 764 IN RRSIG NSEC3 8 2 3600 20260215152414 20260125142414 37176 org. QPxVX4xkwj2LajpZmkXKZJ7JQoeoTzRVMjDuxFp6L/yu1PfrLfxmowebQdRYgUBfgm59xB0RWTaKDXoRu/VFjc5ReFCXRc7ln4F9/k00cStyRHXFT/u2TDhTi5J23wFHHxG/ZDrnrd4BLr7BBQvWZBAbGdnqc+pjy3fk9iOgNCs= ;{id = 37176}
;rrset 588 1 0 1 0
g-ns-1040.awsdns-13.org. 588 IN A 205.251.196.16
;rrset 78526 1 0 8 0
ns-1949.awsdns-51.co.uk. 78526 IN AAAA 2600:9000:5307:9d00::1
;rrset 76081 1 0 1 0
ns2.lacnic.net. 76081 IN AAAA 2001:13c7:7002:3000::11
;rrset 73868 1 0 8 0
bow.rain.fr. 73868 IN A 194.51.3.49
;rrset 76597 1 0 8 0
c.ns.facebook.com. 76597 IN AAAA 2a03:2880:f1fc:c:face:b00c:0:35
;rrset 76552 1 0 8 0
ns-1108.awsdns-10.org. 76552 IN AAAA 2600:9000:5304:5400::1
;rrset 77066 1 1 2 0
nsone.net. 77066 IN DS 48553 13 2 70480F540A700DF71B69963891948C82EAB32E9CD1D49D3C262F3B80609A75BC
nsone.net. 77066 IN RRSIG DS 13 2 86400 20260205033018 20260129022018 44109 net. 0sgjFTcrmdwGaJtqjBhzB86ggxnCOv1aHY8MyFM9oYdD5P+l8Sn0HAKpDmtMJU2FxLKfJod//ovM9IXYVLU1xw== ;{id = 44109}
;rrset 83564 1 0 1 0
g-ns-625.awsdns-49.com. 83564 IN A 205.251.194.113
;rrset 652 4 0 2 0
ippen.space. 652 IN NS ns-643.awsdns-16.net.
ippen.space. 652 IN NS ns-1431.awsdns-50.org.
ippen.space. 652 IN NS ns-1682.awsdns-18.co.uk.
ippen.space. 652 IN NS ns-163.awsdns-20.com.
;rrset 76526 1 0 1 0
g-ns-1821.awsdns-25.co.uk. 76526 IN AAAA 2600:9000:5307:1d00::1
;rrset 18924 1 1 8 0
b.icann-servers.net. 18924 IN A 199.43.133.53
b.icann-servers.net. 18924 IN RRSIG A 13 3 28800 20260206091934 20260116135519 44294 icann-servers.net. h4+SnIP/ku/p33rFZUPbusSSGutSGgNPh+1f9uW0b417ztx9tfhdToCWm3vLa/PmExHV4WE+6BmOBRHtn8mkPg== ;{id = 44294}
;rrset 76523 1 0 8 0
ns-178.awsdns-22.com. 76523 IN AAAA 2600:9000:5300:b200::1
;rrset 83452 1 0 8 0
ns-1431.awsdns-50.org. 83452 IN AAAA 2600:9000:5305:9700::1
;rrset 2979 1 1 2 0
84tqcqno1of5ivuiqmp9n9u4horh5a9b.co.uk. 2979 IN NSEC3 1 1 0 - 84u60qp6274fp9smdttc2r7aastvn1j7 NS DS RRSIG ;{flags: optout}
84tqcqno1of5ivuiqmp9n9u4horh5a9b.co.uk. 2979 IN RRSIG NSEC3 8 3 10800 20260301144239 20260125140356 44346 co.uk. NrdmzU0CLMkQ5YWKeHhIkNInMKN7Jtfd1zyNfh3yF7g+khmcad8roPdOp4hS2GdAFapGQaUoZRvliD5rWn7TNVrhOKbtFCfJP7/UXydoEiEJ7t/CnBJTyKvYLtmOhuhUBmFEvwRaFzhqbUnxNDB69fhF5eg06RUX8glmph5slgN8nZI6O7vlip+VmEjI1c4fXUlIFUo3iQ5g8kSqxH+w7RBlKvCMi0/nmYRYMJ43ldFFMRWMSSKm70NAcSL5Y91dKoHK5VP/QdwXM3FLymOYngr0InWPboKT4/Szvyj1xv8vg852WlI6cbmC1d4dXwKABtfWnanv3Sl8WXpJFgel1w== ;{id = 44346}
;rrset 83383 1 1 2 0
infonline.de. 83383 IN DS 20882 8 2 2EAE230511B083E315E384C06E5C275880AF55E6AEDC9AF8E1CC04B1CF74377D
infonline.de. 83383 IN RRSIG DS 8 2 86400 20260208072125 20260125055125 14058 de. mS747rWo4hwO7sGOymFBPW1wIhz/E2dt/vXRg+aXebhrpGvVFwByCaPiY5dAYJqovQM9SqdmT3YyYGKlvz3069ssY/nd3ZmU2KnrLMHQ51Av/FlpTtAWoeBVL/SwoiCWkuP9Cqbs2YwRW3znIyWbje+WVJjX2XCr/yzV55JqooI= ;{id = 14058}
;rrset 76524 1 0 1 0
g-ns-1753.awsdns-25.com. 76524 IN AAAA 2600:9000:5306:d900::1
;rrset 76522 1 0 1 0
g-ns-21.awsdns-20.com. 76522 IN A 205.251.192.21
;rrset 78579 1 0 8 0
ns-2014.awsdns-59.co.uk. 78579 IN AAAA 2600:9000:5307:de00::1
;rrset 76521 1 0 1 0
g-ns-1364.awsdns-20.net. 76521 IN AAAA 2600:9000:5305:5400::1
;rrset 76524 1 0 1 0
g-ns-802.awsdns-32.net. 76524 IN A 205.251.195.34
;rrset 18588 1 0 8 2
wildcard.outbrain.com.edgekey.net. 18588 IN CNAME e10883.g.akamaiedge.net.
;rrset 76599 1 0 1 0
ns-tld3.charlestonroadregistry.com. 76599 IN AAAA 2001:4860:4802:36::69
;rrset 76553 1 0 8 0
ns-879.awsdns-45.net. 76553 IN A 205.251.195.111
;rrset 652 1 0 1 0
g-ns-712.awsdns-06.org. 652 IN AAAA 2600:9000:5302:c800::1
;rrset 76668 1 0 1 0
g-ns-639.awsdns-63.com. 76668 IN A 205.251.194.127
;rrset 76524 2 0 1 0
ns3.cloudflare.com. 76524 IN AAAA 2400:cb00:2049:1::a29f:21
ns3.cloudflare.com. 76524 IN AAAA 2400:cb00:2049:1::a29f:7e2
;rrset 75197 1 0 1 0
l.de.net. 75197 IN AAAA 2001:668:1f:11::105
;rrset 78526 4 0 2 0
awsdns-51.co.uk. 78526 IN NS g-ns-371.awsdns-51.co.uk.
awsdns-51.co.uk. 78526 IN NS g-ns-1526.awsdns-51.co.uk.
awsdns-51.co.uk. 78526 IN NS g-ns-947.awsdns-51.co.uk.
awsdns-51.co.uk. 78526 IN NS g-ns-1847.awsdns-51.co.uk.
;rrset 76553 4 0 2 0
awsdns-02.co.uk. 76553 IN NS g-ns-322.awsdns-02.co.uk.
awsdns-02.co.uk. 76553 IN NS g-ns-898.awsdns-02.co.uk.
awsdns-02.co.uk. 76553 IN NS g-ns-1477.awsdns-02.co.uk.
awsdns-02.co.uk. 76553 IN NS g-ns-1798.awsdns-02.co.uk.
;rrset 75197 6 0 2 0
ip6.arpa. 75197 IN NS a.ip6-servers.arpa.
ip6.arpa. 75197 IN NS e.ip6-servers.arpa.
ip6.arpa. 75197 IN NS c.ip6-servers.arpa.
ip6.arpa. 75197 IN NS d.ip6-servers.arpa.
ip6.arpa. 75197 IN NS b.ip6-servers.arpa.
ip6.arpa. 75197 IN NS f.ip6-servers.arpa.
;rrset 77957 1 0 1 0
g-ns-1744.awsdns-16.com. 77957 IN AAAA 2600:9000:5306:d000::1
;rrset 76526 1 0 1 0
a6-65.akam.net. 76526 IN AAAA 2600:1401:1::41
;rrset 76523 1 0 1 0
g-ns-1852.awsdns-56.co.uk. 76523 IN A 205.251.199.60
;rrset 78265 1 0 8 0
ns-181.awsdns-22.com. 78265 IN A 205.251.192.181
;rrset 83389 1 1 8 0
dns1.p07.nsone.net. 83389 IN AAAA 2620:4d:4000:6259:7:7:0:1
dns1.p07.nsone.net. 83389 IN RRSIG AAAA 13 4 86400 20260130122322 20260129102322 12196 nsone.net. 8YSe0aMuDkveaskqHB2Pkv8yTwa/YjihSbsIG8M2M0/QliM/JBNRauf24vXAdF8p8NxtLr0lH7jcYqk2NvjgKg== ;{id = 12196}
;rrset 76523 1 0 1 0
g-ns-1532.awsdns-57.co.uk. 76523 IN AAAA 2600:9000:5305:fc00::1
;rrset 78526 1 0 1 0
g-ns-947.awsdns-51.co.uk. 78526 IN A 205.251.195.179
;rrset 76551 1 0 1 0
g-ns-943.awsdns-47.co.uk. 76551 IN A 205.251.195.175
;rrset 76553 1 0 1 0
g-ns-322.awsdns-02.co.uk. 76553 IN A 205.251.193.66
;rrset 76552 4 0 2 0
awsdns-33.co.uk. 76552 IN NS g-ns-353.awsdns-33.co.uk.
awsdns-33.co.uk. 76552 IN NS g-ns-929.awsdns-33.co.uk.
awsdns-33.co.uk. 76552 IN NS g-ns-1508.awsdns-33.co.uk.
awsdns-33.co.uk. 76552 IN NS g-ns-1829.awsdns-33.co.uk.
;rrset 76523 1 0 8 0
ns-cloud-d4.googledomains.com. 76523 IN AAAA 2001:4860:4802:38::6d
;rrset 75197 1 1 2 0
de. 75197 IN DS 26755 8 2 F341357809A5954311CCB82ADE114C6C1D724A75C0395137AA3978035425E78D
de. 75197 IN RRSIG DS 8 1 86400 20260211050000 20260129040000 21831 . HjWLwBUrOqz7HS2tDdy4d9YTZJ2H238T2kKAuTqkL6KLwa9dcXH0osR2kvxhwqLcXA433VZROU7PxGsR5ISnb+Dqc57hlF3a13SgLpgtZOMen4CpKnb4ZkxVvLcWkmYXIjcRDB5IP6iSBR1zVZNhtV1P19toP9iFHtzisErT2DuPvNI4W+nUHgL3enpuw0BKidvAQTeQTmwNYeJOyicOnbAu9tuBggmw1faQbbCokrQP9y/TAv9D2J7p1CU5Vvy9ZDYL4PBxWtElnBMI6MAY8M1OsQDS+MfwJWcJvUQQUN+N+BvsBuLwrbC+QZ0kvFbHWiSGIhL3326wvxfGrJT4tg== ;{id = 21831}
;rrset 76526 1 0 8 0
a20-65.akam.net. 76526 IN AAAA 2a02:26f0:67::41
;rrset 988 1 0 8 0
n5g.akamaiedge.net. 988 IN A 2.16.240.92
;rrset 988 1 0 8 0
n3g.akamaiedge.net. 988 IN A 23.53.43.134
;rrset 83382 1 0 1 0
anycast.regdns1.de. 83382 IN AAAA 2001:67c:1bc::100
;rrset 83452 1 0 1 0
g-ns-464.awsdns-15.net. 83452 IN AAAA 2600:9000:5301:d000::1
;rrset 1238 4 0 2 0
d83eunklitikj.cloudfront.net. 1238 IN NS ns-1402.awsdns-47.org.
d83eunklitikj.cloudfront.net. 1238 IN NS ns-2014.awsdns-59.co.uk.
d83eunklitikj.cloudfront.net. 1238 IN NS ns-363.awsdns-45.com.
d83eunklitikj.cloudfront.net. 1238 IN NS ns-834.awsdns-40.net.
;rrset 577 1 0 8 0
ns1.fastly.net. 577 IN A 23.235.32.32
;rrset 77048 1 0 8 0
ns-704.awsdns-24.net. 77048 IN AAAA 2600:9000:5302:c000::1
;rrset 83383 2 0 2 0
dns2.de. 83383 IN NS anycast.regdns1.de.
dns2.de. 83383 IN NS anycast.regdns2.net.
;rrset 76081 1 0 1 0
ns3.arin.net. 76081 IN A 199.5.26.108
;rrset 76526 1 0 8 0
pdns196.ultradns.net. 76526 IN AAAA 2610:a1:1014::e8
;rrset 77048 1 0 1 0
g-ns-1771.awsdns-43.com. 77048 IN AAAA 2600:9000:5306:eb00::1
;rrset 584 1 0 7 2
3qsdn.com. 584 IN SOA ns1.3qsdn.com. dns.3qsdn.com. 2025161001 604800 86400 2419200 86400
;rrset 83388 1 0 1 0
g-ns-1831.awsdns-35.co.uk. 83388 IN AAAA 2600:9000:5307:2700::1
;rrset 2926 1 1 2 0
1fq57tqqlr5tg03f8ofq072olv96aj6f.co.uk. 2926 IN NSEC3 1 1 0 - 1fqga8hcgk7ogked1cr8efj42cr35svb NS DS RRSIG ;{flags: optout}
1fq57tqqlr5tg03f8ofq072olv96aj6f.co.uk. 2926 IN RRSIG NSEC3 8 3 10800 20260304192421 20260128184939 44346 co.uk. f+7qVGAogNTvV/7EppqoXW6I8N/xlfB/Gfa+zqyNO7+ALQJzv2Lx0mB+y3lkdGRDqFNxD5s4fCMymCnNP/0suGDdSFeD/EWvJQn/baVlOr0tcQC9M6zKNUmpGCqPoKJGUNhOLm/Hlp3iqomSOrTH+vqPqDZLSeburbY8lvyAM4O7GUnnLqts4WYz4U7rVLdK+TDabwAkk+esCvir+a/ZRhHGzy5cewJmWooggF371AN2gAI7UKIUB/u1/ggoTRv7hgTqBgLyKpc+s9hbXPhU+2MXnCKhTGB/rmA93GONmKfr5s/bsWBE74hlDRSxNnejhsCGe2rZMj8jrh452b1K8g== ;{id = 44346}
;rrset 75197 1 0 1 0
k.gtld-servers.net. 75197 IN A 192.52.178.30
;rrset 76596 1 0 1 0
g-ns-1494.awsdns-19.co.uk. 76596 IN A 205.251.197.214
;rrset 77066 1 0 1 0
dns4.p01.nsone.net. 77066 IN A 198.51.45.65
;rrset 83564 1 0 1 0
g-ns-806.awsdns-36.net. 83564 IN AAAA 2600:9000:5303:2600::1
;rrset 83383 3 0 1 0
frank.ns.cloudflare.com. 83383 IN AAAA 2606:4700:58::adf5:3ba6
frank.ns.cloudflare.com. 83383 IN AAAA 2803:f800:50::6ca2:c1a6
frank.ns.cloudflare.com. 83383 IN AAAA 2a06:98c1:50::ac40:21a6
;rrset 83452 1 0 8 0
ns-163.awsdns-20.com. 83452 IN A 205.251.192.163
;rrset 76521 1 0 8 0
ns1-240.akam.net. 76521 IN A 193.108.91.240
;rrset 76526 1 0 1 0
g-ns-1925.awsdns-05.net. 76526 IN A 205.251.199.133
;rrset 83383 2 0 2 0
opencmp.net. 83383 IN NS frank.ns.cloudflare.com.
opencmp.net. 83383 IN NS gwen.ns.cloudflare.com.
;rrset 76552 1 0 1 0
g-ns-1780.awsdns-52.com. 76552 IN AAAA 2600:9000:5306:f400::1
;rrset 78265 4 0 2 0
awsdns-10.net. 78265 IN NS g-ns-459.awsdns-10.net.
awsdns-10.net. 78265 IN NS g-ns-780.awsdns-10.net.
awsdns-10.net. 78265 IN NS g-ns-1354.awsdns-10.net.
awsdns-10.net. 78265 IN NS g-ns-1930.awsdns-10.net.
;rrset 77048 1 0 1 0
g-ns-1804.awsdns-08.co.uk. 77048 IN AAAA 2600:9000:5307:c00::1
;rrset 77048 4 0 2 0
getpocket.com. 77048 IN NS ns-704.awsdns-24.net.
getpocket.com. 77048 IN NS ns-351.awsdns-43.com.
getpocket.com. 77048 IN NS ns-1605.awsdns-08.co.uk.
getpocket.com. 77048 IN NS ns-1518.awsdns-61.org.
;rrset 78265 1 0 1 0
g-ns-1516.awsdns-41.co.uk. 78265 IN AAAA 2600:9000:5305:ec00::1
;rrset 76296 1 0 8 0
ns-global.kjsl.com. 76296 IN A 23.128.97.53
;rrset 76521 1 0 8 0
ns1-240.akam.net. 76521 IN AAAA 2600:1401:2::f0
;rrset 76553 1 0 8 0
ns-1554.awsdns-02.co.uk. 76553 IN AAAA 2600:9000:5306:1200::1
;rrset 1217 1 1 11 5
13.92.217.in-addr.arpa. 1217 IN DNSKEY 257 3 13 uNtVoH+4lsy/uXgguBSFmzUYapJnqAtowJexSC3FrF+VaIWtkoIWg1dagXsXNLaiNiY6zVT40qgFt10QtbECnQ== ;{id = 7117 (ksk), size = 256b}
13.92.217.in-addr.arpa. 1217 IN RRSIG DNSKEY 13 5 3600 20260212075344 20260129065344 7117 13.92.217.in-addr.arpa. CW9qTtRtmz9c8RiZlXJxQembuUIGUiBsXI3HIsLiXI1cVX9ATBe+pbxgndmVRt5VgYiOTHyeqk2nEGtz328rtA== ;{id = 7117}
;rrset 83388 1 0 1 0
ns04.oblookup.com. 83388 IN A 104.225.40.193
;rrset 76526 1 0 1 0
c0.info.afilias-nst.info. 76526 IN A 199.254.49.1
;rrset 76524 1 0 1 0
g-ns-26.awsdns-25.com. 76524 IN A 205.251.192.26
;rrset 76526 1 0 1 0
b2.info.afilias-nst.org. 76526 IN AAAA 2001:500:49::1
;rrset 77957 1 0 1 0
g-ns-1407.awsdns-63.net. 77957 IN A 205.251.197.127
;rrset 75197 1 0 3 0
b.root-servers.net. 75197 IN AAAA 2801:1b8:10::b
;rrset 76523 1 0 1 0
g-ns-1932.awsdns-12.net. 76523 IN AAAA 2600:9000:5307:8c00::1
;rrset 76597 4 0 2 0
doubleclick.net. 76597 IN NS ns2.google.com.
doubleclick.net. 76597 IN NS ns1.google.com.
doubleclick.net. 76597 IN NS ns3.google.com.
doubleclick.net. 76597 IN NS ns4.google.com.
;rrset 76524 4 0 2 0
r53-2.services.mozilla.com. 76524 IN NS ns-1507.awsdns-60.org.
r53-2.services.mozilla.com. 76524 IN NS ns-1537.awsdns-00.co.uk.
r53-2.services.mozilla.com. 76524 IN NS ns-206.awsdns-25.com.
r53-2.services.mozilla.com. 76524 IN NS ns-772.awsdns-32.net.
;rrset 76526 1 0 1 0
g-ns1.amzndns.com. 76526 IN A 205.251.194.56
;rrset 76668 1 1 8 0
nsgbr.comlaude.co.uk. 76668 IN AAAA 2620:4d:4000:6259:7:11:0:1
nsgbr.comlaude.co.uk. 76668 IN RRSIG AAAA 13 4 86400 20260130103122 20260129083122 8875 comlaude.co.uk. h1M/qq+ljzcpA8gxlU3skujH/cYuP1cAl0eVTEyrFNXdQ6x4QO00TUXETvmYHATIjDPPp09jLOvszO7VOpIMIw== ;{id = 8875}
;rrset 76668 1 0 1 0
d.nic.ch. 76668 IN A 194.0.25.39
;rrset 83564 1 0 8 0
ns-1229.awsdns-25.org. 83564 IN AAAA 2600:9000:5304:cd00::1
;rrset 83452 1 0 1 0
g-ns-464.awsdns-15.net. 83452 IN A 205.251.193.208
;rrset 76552 1 0 8 0
ns-1306.awsdns-35.org. 76552 IN A 205.251.197.26
;rrset 76526 1 0 8 0
a1-192.akamaiedge.net. 76526 IN A 193.108.88.0
;rrset 76522 1 0 1 0
g-ns-907.awsdns-11.co.uk. 76522 IN AAAA 2600:9000:5303:8b00::1
;rrset 76553 4 0 2 0
awsdns-27.com. 76553 IN NS g-ns-28.awsdns-27.com.
awsdns-27.com. 76553 IN NS g-ns-603.awsdns-27.com.
awsdns-27.com. 76553 IN NS g-ns-1179.awsdns-27.com.
awsdns-27.com. 76553 IN NS g-ns-1755.awsdns-27.com.
;rrset 83388 1 0 8 0
ns-1668.awsdns-16.co.uk. 83388 IN A 205.251.198.132
;rrset 76523 1 0 8 0
ns-1084.awsdns-07.org. 76523 IN A 205.251.196.60
;rrset 78579 1 0 8 0
ns-834.awsdns-40.net. 78579 IN A 205.251.195.66
;rrset 76668 1 0 1 0
f.nic.ch. 76668 IN A 194.146.106.10
;rrset 83452 1 0 8 0
ns-163.awsdns-20.com. 83452 IN AAAA 2600:9000:5300:a300::1
;rrset 78477 3 1 8 0
terry.ns.cloudflare.com. 78477 IN A 172.64.33.237
terry.ns.cloudflare.com. 78477 IN A 108.162.193.237
terry.ns.cloudflare.com. 78477 IN A 173.245.59.237
terry.ns.cloudflare.com. 78477 IN RRSIG A 13 4 86353 20260130110218 20260128090218 34505 cloudflare.com. PRZwGiv56/OfJW+xJkFwmieo3GWHLO3bMGoFOsRHCNi0Zd+hPOtYwxQuQL2rr47LFw8aJGqrWArELalWxJvLQg== ;{id = 34505}
;rrset 77048 4 0 2 0
awsdns-43.com. 77048 IN NS g-ns-44.awsdns-43.com.
awsdns-43.com. 77048 IN NS g-ns-619.awsdns-43.com.
awsdns-43.com. 77048 IN NS g-ns-1195.awsdns-43.com.
awsdns-43.com. 77048 IN NS g-ns-1771.awsdns-43.com.
;rrset 76668 1 0 1 0
g-ns-635.awsdns-59.com. 76668 IN AAAA 2600:9000:5302:7b00::1
;rrset 76526 1 0 8 0
ns-1305.awsdns-35.org. 76526 IN AAAA 2600:9000:5305:1900::1
;rrset 76526 1 0 1 0
g-ns-1839.awsdns-43.co.uk. 76526 IN AAAA 2600:9000:5307:2f00::1
;rrset 76522 1 0 8 0
ns-258.awsdns-32.com. 76522 IN A 205.251.193.2
;rrset 76526 1 0 1 0
g-ns-610.awsdns-34.com. 76526 IN AAAA 2600:9000:5302:6200::1
;rrset 76526 1 0 1 0
g-ns-498.awsdns-49.net. 76526 IN A 205.251.193.242
;rrset 83452 1 0 1 0
g-ns-786.awsdns-16.net. 83452 IN A 205.251.195.18
;rrset 76552 1 0 1 0
g-ns-1970.awsdns-50.net. 76552 IN AAAA 2600:9000:5307:b200::1
;rrset 76081 1 0 1 0
manus.authdns.ripe.net. 76081 IN AAAA 2a13:27c0:30::7
;rrset 76034 1 0 8 0
a11-66.akam.net. 76034 IN A 84.53.139.66
;rrset 83564 1 0 1 0
g-ns-455.awsdns-06.net. 83564 IN AAAA 2600:9000:5301:c700::1
;rrset 76551 1 0 8 0
ns-1140.awsdns-14.org. 76551 IN A 205.251.196.116
;rrset 83382 2 0 2 0
merkur.de. 83382 IN NS anycast.regdns1.de.
merkur.de. 83382 IN NS anycast.regdns2.net.
;rrset 76551 1 0 1 0
g-ns-1927.awsdns-07.net. 76551 IN A 205.251.199.135
;rrset 76526 1 0 1 0
g-ns-345.awsdns-25.co.uk. 76526 IN AAAA 2600:9000:5301:5900::1
;rrset 78579 1 0 1 0
g-ns-955.awsdns-59.co.uk. 78579 IN AAAA 2600:9000:5303:bb00::1
;rrset 76526 1 0 1 0
ns01.brandshelter.com. 76526 IN A 193.227.117.15
;rrset 83452 1 0 1 0
g-ns-914.awsdns-18.co.uk. 83452 IN A 205.251.195.146
;rrset 76523 1 0 8 0
ns-cloud-b4.googledomains.com. 76523 IN A 216.239.38.107
;rrset 78579 1 0 1 0
g-ns-1855.awsdns-59.co.uk. 78579 IN AAAA 2600:9000:5307:3f00::1
;rrset 83564 1 0 1 0
g-ns-485.awsdns-36.net. 83564 IN AAAA 2600:9000:5301:e500::1
;rrset 77067 1 1 8 0
dns2.p05.nsone.net. 77067 IN A 198.51.45.5
dns2.p05.nsone.net. 77067 IN RRSIG A 13 4 86400 20260130103801 20260129083801 12196 nsone.net. 9Zg9iXh+FLwm3+KluY42kvYiXuMDdzD/IqJNFlGgZLMdWUgWO1q1JhKasQunfpZUzJhjOCfSB2Da3hXA9l4i4g== ;{id = 12196}
;rrset 11497 1 0 8 0
ns2bkr.name.com. 11497 IN A 163.114.216.49
;rrset 76526 1 0 1 0
g-ns-921.awsdns-25.co.uk. 76526 IN AAAA 2600:9000:5303:9900::1
;rrset 76526 1 0 1 0
g-ns4.amzndns.co.uk. 76526 IN AAAA 2600:9000:5306:2c00::1
;rrset 12 1 1 7 0
10.0.10.in-addr.arpa. 12 IN SOA ns1.10.0.10.in-addr.arpa. hostmaster.nausch.org. 2026011242 3600 900 1209600 600
10.0.10.in-addr.arpa. 12 IN RRSIG SOA 13 5 7200 20260212075344 20260129065344 34902 10.0.10.in-addr.arpa. 8tsX2ZfrhtlnIujM5MJoH/9z3ZXEF+n3un9L741HpVMdtwEFNGf4FwtSf8N//RId8HCaTLHPMoTRsC5Ke7sxMA== ;{id = 34902}
;rrset 1058 1 1 2 0
84i50edme9rdr5s91kr18hrasi5aesas.co.uk. 1058 IN NSEC3 1 1 0 - 84i7tppm3iku3ck4bs8i2psjk5k55q0g NS DS RRSIG ;{flags: optout}
84i50edme9rdr5s91kr18hrasi5aesas.co.uk. 1058 IN RRSIG NSEC3 8 3 10800 20260302120702 20260126114719 44346 co.uk. AfOAmOSGWmN5gJAv57JawkiAzkjrQpgvrgHsj1JQiez9b5i+aF5Ov2711zIqbC/Q4LFHMRMrSvX6FqYDQdIB7TL+rPEfoO+2bI+0QwAIa0qMgLbr4+fzBWbBh/MBxIoOdAt+hvjELosw7B4tOX+akrOoAv7nrCksmIQ0gt3qwpWQhONqow9ZKnGfjsMwnTqvoaGbWpSN3GoZs6GcELeNn51hKfe2rndHw7NrHYLONn1gc0c1rQ8OpZGZm53x0fq7e3wo/hruQoqL7OOWyqtAZj2Ge16e8E1N6dKlmkqDk7CmGGxO7Tv9u9S18CP0qwEtqCEavBb5t3LJ1Ui1TMGjpg== ;{id = 44346}
;rrset 76597 1 0 8 0
ns-780.awsdns-33.net. 76597 IN AAAA 2600:9000:5303:c00::1
;rrset 83564 1 0 1 0
g-ns-1777.awsdns-49.com. 83564 IN A 205.251.198.241
;rrset 75197 1 0 1 0
n.de.net. 75197 IN AAAA 2001:67c:1011:1::53
;rrset 76526 1 0 1 0
g-ns-939.awsdns-43.co.uk. 76526 IN AAAA 2600:9000:5303:ab00::1
;rrset 76596 1 0 1 0
g-ns-57.awsdns-56.com. 76596 IN A 205.251.192.57
;rrset 83388 1 0 1 0
g-ns-912.awsdns-16.co.uk. 83388 IN AAAA 2600:9000:5303:9000::1
;rrset 83564 1 0 1 0
g-ns-1387.awsdns-43.net. 83564 IN A 205.251.197.107
;rrset 78361 1 0 8 0
ns-1707.awsdns-21.co.uk. 78361 IN A 205.251.198.171
;rrset 77048 4 0 2 0
awsdns-08.co.uk. 77048 IN NS g-ns-328.awsdns-08.co.uk.
awsdns-08.co.uk. 77048 IN NS g-ns-904.awsdns-08.co.uk.
awsdns-08.co.uk. 77048 IN NS g-ns-1483.awsdns-08.co.uk.
awsdns-08.co.uk. 77048 IN NS g-ns-1804.awsdns-08.co.uk.
;rrset 939 1 1 11 5
omni128.de. 939 IN DNSKEY 257 3 13 3k2ar5pVo+Ok/9ie/E5Rr9fe34nAiunyrdGszA+b2hHBK7x8oiUWYvgnx7fPgml++1EyOaxHMfq8N0LY68Mf9g== ;{id = 29371 (ksk), size = 256b}
omni128.de. 939 IN RRSIG DNSKEY 13 2 3600 20260212075344 20260129065344 29371 omni128.de. 7XFg18qLlgVyJrim8Ao1/Npp0j6V4OwZSCMuSKJQXeZaND4JYbFYpl6QMEF7ROJjn7Ym1p8FMdUTQfSBsIL+bg== ;{id = 29371}
;rrset 83388 1 0 1 0
g-ns-912.awsdns-16.co.uk. 83388 IN A 205.251.195.144
;rrset 584 1 0 8 0
ns3.3qsdn.net. 584 IN AAAA 2a14:30c1:12::1
;rrset 78264 1 1 8 0
dns4.p08.nsone.net. 78264 IN A 198.51.45.72
dns4.p08.nsone.net. 78264 IN RRSIG A 13 4 86400 20260130105758 20260129085758 12196 nsone.net. cC/+KfrKoLtO219r7QTy3+QuHW2QYReADnJ3VpBLbykBHrFIA36BPJItfdFqlxY2oQwaQKizrSr1sipsnSuqTQ== ;{id = 12196}
;rrset 76526 1 0 1 0
ns01.brandshelter.com. 76526 IN AAAA 2a04:2b00:14cc::15
;rrset 76523 1 0 1 0
g-ns-1750.awsdns-22.com. 76523 IN AAAA 2600:9000:5306:d600::1
;rrset 76524 4 0 2 0
awsdns-00.co.uk. 76524 IN NS g-ns-320.awsdns-00.co.uk.
awsdns-00.co.uk. 76524 IN NS g-ns-1796.awsdns-00.co.uk.
awsdns-00.co.uk. 76524 IN NS g-ns-1475.awsdns-00.co.uk.
awsdns-00.co.uk. 76524 IN NS g-ns-896.awsdns-00.co.uk.
;rrset 75197 1 0 3 0
i.root-servers.net. 75197 IN AAAA 2001:7fe::53
;rrset 78526 1 0 1 0
g-ns-627.awsdns-51.com. 78526 IN AAAA 2600:9000:5302:7300::1
;rrset 76552 1 0 1 0
g-ns-1770.awsdns-42.com. 76552 IN AAAA 2600:9000:5306:ea00::1
;rrset 76596 3 0 1 0
phil.ns.cloudflare.com. 76596 IN A 108.162.193.137
phil.ns.cloudflare.com. 76596 IN A 172.64.33.137
phil.ns.cloudflare.com. 76596 IN A 173.245.59.137
;rrset 76082 1 0 1 0
afrinic.authdns.ripe.net. 76082 IN A 193.0.9.8
;rrset 76552 1 0 8 0
ns-914.awsdns-50.net. 76552 IN A 205.251.195.146
;rrset 76524 2 0 1 0
ns7.cloudflare.com. 76524 IN AAAA 2400:cb00:2049:1::a29f:408
ns7.cloudflare.com. 76524 IN AAAA 2400:cb00:2049:1::a29f:606
;rrset 76552 1 0 1 0
g-ns-1770.awsdns-42.com. 76552 IN A 205.251.198.234
;rrset 76551 4 0 2 0
awsdns-47.co.uk. 76551 IN NS g-ns-367.awsdns-47.co.uk.
awsdns-47.co.uk. 76551 IN NS g-ns-1522.awsdns-47.co.uk.
awsdns-47.co.uk. 76551 IN NS g-ns-943.awsdns-47.co.uk.
awsdns-47.co.uk. 76551 IN NS g-ns-1843.awsdns-47.co.uk.
;rrset 76524 1 0 1 0
g-ns-1177.awsdns-25.com. 76524 IN A 205.251.196.153
;rrset 76526 1 0 1 0
g-ns2.amzndns.com. 76526 IN A 205.251.198.153
;rrset 76552 1 0 8 0
ns-238.awsdns-29.com. 76552 IN AAAA 2600:9000:5300:ee00::1
;rrset 76523 1 0 8 0
ns-1084.awsdns-07.org. 76523 IN AAAA 2600:9000:5304:3c00::1
;rrset 76523 1 0 1 0
ns8.googledomains.com. 76523 IN A 216.239.38.10
;rrset 75197 1 0 3 0
g.root-servers.net. 75197 IN AAAA 2001:500:12::d0d
;rrset 76526 1 0 8 0
pdns109.ultradns.biz. 76526 IN AAAA 2610:a1:1015::91
;rrset 78264 1 0 1 0
g-ns-1921.awsdns-01.net. 78264 IN AAAA 2600:9000:5307:8100::1
;rrset 83452 1 0 1 0
f.nic.space. 83452 IN A 212.18.249.51
;rrset 76552 1 0 8 0
ns-418.awsdns-52.com. 76552 IN AAAA 2600:9000:5301:a200::1
;rrset 83452 1 0 1 0
g-ns-338.awsdns-18.co.uk. 83452 IN A 205.251.193.82
;rrset 652 1 0 1 0
g-ns-756.awsdns-50.org. 652 IN AAAA 2600:9000:5302:f400::1
;rrset 76081 1 1 8 0
a.lactld.org. 76081 IN A 200.0.68.10
a.lactld.org. 76081 IN RRSIG A 13 3 86400 20260305201842 20251225201748 24121 lactld.org. eZAF5w8m7cM7KcD0AeAMUtbJHtKlkXraTx04I0XRWz1+FGJgM+bPFMae0WLZz6kkvfYxawAZuvVL61cxpWM/Jg== ;{id = 24121}
;rrset 77048 1 0 8 0
ns-1518.awsdns-61.org. 77048 IN AAAA 2600:9000:5305:ee00::1
;rrset 77957 1 0 1 0
g-ns-1168.awsdns-16.com. 77957 IN A 205.251.196.144
;rrset 78265 1 1 8 0
dns3.p02.nsone.net. 78265 IN AAAA 2620:4d:4000:6259:7:2:0:3
dns3.p02.nsone.net. 78265 IN RRSIG AAAA 13 4 86400 20260130105759 20260129085759 12196 nsone.net. 1Plbe34kLDuXg5a3DdrQl/C+2HLFEisUPhEwpG24inh8QKp6/fPZnxa3tAYL3MCNec/5myBhdkpE/xODAI9pOQ== ;{id = 12196}
;rrset 76658 1 0 8 0
ns-1952.awsdns-52.co.uk. 76658 IN A 205.251.199.160
;rrset 83452 1 0 1 0
g-ns-1540.awsdns-63.co.uk. 83452 IN AAAA 2600:9000:5306:400::1
;rrset 76081 1 0 1 0
cl1.dnsnode.net. 76081 IN A 194.146.106.34
;rrset 83452 1 0 1 0
a.nic.space. 83452 IN A 194.169.218.51
;rrset 76552 1 0 1 0
g-ns-1363.awsdns-19.net. 76552 IN AAAA 2600:9000:5305:5300::1
;rrset 76599 1 0 1 0
ns-tld2.charlestonroadregistry.com. 76599 IN AAAA 2001:4860:4802:34::69
;rrset 76599 1 0 1 0
ns-tld4.charlestonroadregistry.com. 76599 IN AAAA 2001:4860:4802:38::69
;rrset 76521 1 0 8 0
ns5-65.akam.net. 76521 IN A 184.85.248.65
;rrset 76524 1 0 8 0
ns-1537.awsdns-00.co.uk. 76524 IN A 205.251.198.1
;rrset 78264 1 0 8 0
ns-421.awsdns-52.com. 78264 IN A 205.251.193.165
;rrset 75197 1 0 3 0
m.root-servers.net. 75197 IN AAAA 2001:dc3::35
;rrset 78265 1 0 8 0
ns-1867.awsdns-41.co.uk. 78265 IN A 205.251.199.75
;rrset 76524 1 0 1 0
g-ns-481.awsdns-32.net. 76524 IN A 205.251.193.225
;rrset 78265 1 0 1 0
g-ns-937.awsdns-41.co.uk. 78265 IN AAAA 2600:9000:5303:a900::1
;rrset 75197 1 0 1 0
z.nic.de. 75197 IN AAAA 2a02:568:fe02::de
;rrset 76477 3 1 8 0
mitch.ns.cloudflare.com. 76477 IN AAAA 2606:4700:58::adf5:3bd0
mitch.ns.cloudflare.com. 76477 IN AAAA 2a06:98c1:50::ac40:21d0
mitch.ns.cloudflare.com. 76477 IN AAAA 2803:f800:50::6ca2:c1d0
mitch.ns.cloudflare.com. 76477 IN RRSIG AAAA 13 4 86353 20260130102858 20260128082858 34505 cloudflare.com. bpKgXpBlR/71c9hno96kqUlWjBfIoerrjJnqXPTLOvxDyPRxEZdgRuxjeVD8fkpvbRsNQ8paJFSaFlDgMHZdSg== ;{id = 34505}
;rrset 652 1 0 1 0
g-ns-134.awsdns-06.org. 652 IN AAAA 2600:9000:5300:8600::1
;rrset 76596 1 0 1 0
g-ns-1815.awsdns-19.co.uk. 76596 IN A 205.251.199.23
;rrset 76596 4 0 2 0
awsdns-56.com. 76596 IN NS g-ns-57.awsdns-56.com.
awsdns-56.com. 76596 IN NS g-ns-632.awsdns-56.com.
awsdns-56.com. 76596 IN NS g-ns-1208.awsdns-56.com.
awsdns-56.com. 76596 IN NS g-ns-1784.awsdns-56.com.
;rrset 78265 1 0 1 0
g-ns-780.awsdns-10.net. 78265 IN AAAA 2600:9000:5303:c00::1
;rrset 76249 3 1 8 0
blue.foundationdns.com. 76249 IN AAAA 2803:f800:52::a29f:3c01
blue.foundationdns.com. 76249 IN AAAA 2a06:98c1:56::ac40:2801
blue.foundationdns.com. 76249 IN AAAA 2606:4700:57::6ca2:c601
blue.foundationdns.com. 76249 IN RRSIG AAAA 13 3 86353 20260130102510 20260128082510 34505 foundationdns.com. m4TPW7mE8wpCblvj4efjZDB2+QlV69NMfoVjCDXH//wdYF232/J7rkfS2d1shxLQU/cJyg4sAs4aGEfb9E0eqA== ;{id = 34505}
;rrset 76526 1 0 1 0
x.gtld.biz. 76526 IN AAAA 2001:dcd:2::13
;rrset 76522 1 0 8 0
ns-1364.awsdns-42.org. 76522 IN A 205.251.197.84
;rrset 76526 1 0 8 0
ns-904.awsdns-49.net. 76526 IN AAAA 2600:9000:5303:8800::1
;rrset 988 1 0 1 0
n0g.akamaiedge.net. 988 IN A 88.221.81.192
;rrset 76596 4 0 2 0
awsdns-19.co.uk. 76596 IN NS g-ns-339.awsdns-19.co.uk.
awsdns-19.co.uk. 76596 IN NS g-ns-1815.awsdns-19.co.uk.
awsdns-19.co.uk. 76596 IN NS g-ns-1494.awsdns-19.co.uk.
awsdns-19.co.uk. 76596 IN NS g-ns-915.awsdns-19.co.uk.
;rrset 76296 1 1 2 0
foundationdns.com. 76296 IN DS 2371 13 2 6983340CA2BC9702B1D60D6F9DDDDB613CF0B1A1DB645F094D43817F905DED7A
foundationdns.com. 76296 IN RRSIG DS 13 2 86400 20260205005550 20260128234550 35511 com. YOAESDUWkqWr9x9U4fDujUN7+5xvGoKQr6l8jK8z+Q5DHoOoC23C5qs2hdsymA6qDU+kft9XZ3pvqOSwjGOD5w== ;{id = 35511}
;rrset 76523 4 0 2 0
firefox.com. 76523 IN NS ns1-240.akam.net.
firefox.com. 76523 IN NS ns7-66.akam.net.
firefox.com. 76523 IN NS ns5-65.akam.net.
firefox.com. 76523 IN NS ns4-64.akam.net.
;rrset 76553 1 0 1 0
g-ns-1344.awsdns-00.net. 76553 IN A 205.251.197.64
;rrset 76551 1 0 1 0
g-ns-594.awsdns-18.com. 76551 IN A 205.251.194.82
;rrset 83530 1 0 8 0
ns-62.awsdns-07.com. 83530 IN A 205.251.192.62
;rrset 83452 1 0 8 0
ns-1682.awsdns-18.co.uk. 83452 IN A 205.251.198.146
;rrset 7788 1 1 2 0
MVO3OF3RSJ93K0F2RBVV5U0ID5S1G57A.co.uk. 7788 IN NSEC3 1 1 0 - mvoei72off28a8iiuocgfe855dq279ml NS DS RRSIG ;{flags: optout}
MVO3OF3RSJ93K0F2RBVV5U0ID5S1G57A.co.uk. 7788 IN RRSIG NSEC3 8 3 10800 20260305035140 20260129025612 44346 co.uk. ThoczvSWmRC3MQ0viOOPyHoJOVOhjW/opPN5mGDIpdZ5wK6Roxsk1uM2DXe/g9IealNTQ+ZIbRcmewwoy7IViscJAEyaih2d0uxJtyDMbO+0GakUUs5zjCNVGtoo33gnArXsZaEEdDglUMl2NIg/eeCsJD895xNDnX3ovg5Gry50KZsKYnr6iGf7aCLYXI3tgFyPP3/B5eHnv2tAVGho0cslLkFKvdIH8h37U99AXcZRNMNonUImAeaL3U6QWN7NktsfeG2hqN42TB943FYLZx0cLyJJvrhfv29jbiNzTg3qLnoIfdbHO46o/ukgeMi+Ei4GFPX1Cjo9jqOoWVaVnA== ;{id = 44346}
;rrset 76551 1 0 1 0
g-ns-1170.awsdns-18.com. 76551 IN A 205.251.196.146
;rrset 764 1 0 1 0
g-ns-743.awsdns-37.org. 764 IN AAAA 2600:9000:5302:e700::1
;rrset 83564 1 0 1 0
g-ns-492.awsdns-43.net. 83564 IN A 205.251.193.236
;rrset 75197 1 0 3 0
k.root-servers.net. 75197 IN A 193.0.14.129
;rrset 83452 1 0 1 0
g-ns-1935.awsdns-15.net. 83452 IN A 205.251.199.143
;rrset 76599 1 0 1 0
ns-tld1.charlestonroadregistry.com. 76599 IN AAAA 2001:4860:4802:32::69
;rrset 76081 1 0 1 0
a.nic.cl. 76081 IN A 190.124.27.10
;rrset 76523 1 0 1 0
g-ns-814.awsdns-44.net. 76523 IN A 205.251.195.46
;rrset 76668 3 0 2 0
equant.net. 76668 IN NS dns3.equant.net.
equant.net. 76668 IN NS dns1.equant.net.
equant.net. 76668 IN NS dns2.equant.net.
;rrset 764 1 1 2 0
d633uqftd8f6a8d2mf7ok3dpa7spvpt2.org. 764 IN NSEC3 1 1 0 332539EE7F95C32A d6352hdiek1hqejkr10e9ocnflcho8ps NS DS RRSIG ;{flags: optout}
d633uqftd8f6a8d2mf7ok3dpa7spvpt2.org. 764 IN RRSIG NSEC3 8 2 3600 20260215152414 20260125142414 37176 org. DboYMYID5x3pI6Beks8Pq47ylEFjC2hd5U866tn9Rt27fGJt70nOaQi5fUQgySajOT6a9Dzl92i1boEY2JwONSOQLvOhL3s7B8mGZEMmhfyAZqJAEUHFIvy1wt5D7wJUUVJ1nh/k4gAHtpvR3ZVd117eZI35NLuAhc7gUPMbsa4= ;{id = 37176}
;rrset 764 1 0 1 0
g-ns-1651.awsdns-51.org. 764 IN AAAA 2600:9000:5306:7300::1
;rrset 78526 1 0 8 0
ns-409.awsdns-51.com. 78526 IN A 205.251.193.153
;rrset 76521 1 0 1 0
g-ns-33.awsdns-32.com. 76521 IN A 205.251.192.33
;rrset 76596 1 0 1 0
g-ns-1815.awsdns-19.co.uk. 76596 IN AAAA 2600:9000:5307:1700::1
;rrset 76668 1 0 1 0
g-ns-60.awsdns-59.com. 76668 IN AAAA 2600:9000:5300:3c00::1
;rrset 78526 1 0 8 0
ns-609.awsdns-12.net. 78526 IN AAAA 2600:9000:5302:6100::1
;rrset 76597 1 0 1 0
g-ns-482.awsdns-33.net. 76597 IN A 205.251.193.226
;rrset 83388 1 0 8 0
ns-1131.awsdns-13.org. 83388 IN A 205.251.196.107
;rrset 76521 1 0 1 0
nsd.nic.uk. 76521 IN AAAA 2610:a1:1010::3
;rrset 76034 1 0 8 0
a3-66.akam.net. 76034 IN A 96.7.49.66
;rrset 83452 1 0 1 0
g-ns-1360.awsdns-16.net. 83452 IN AAAA 2600:9000:5305:5000::1
;rrset 76552 4 0 2 0
awsdns-19.net. 76552 IN NS g-ns-468.awsdns-19.net.
awsdns-19.net. 76552 IN NS g-ns-789.awsdns-19.net.
awsdns-19.net. 76552 IN NS g-ns-1363.awsdns-19.net.
awsdns-19.net. 76552 IN NS g-ns-1939.awsdns-19.net.
;rrset 76081 1 0 1 0
b.nic.cl. 76081 IN AAAA 2001:1398:274:0:200:7:4:7
;rrset 3620 1 0 8 0
hydrogen.ns.hetzner.com. 3620 IN AAAA 2a01:4f8:0:1::add:1098
;rrset 83382 1 0 8 0
anycast.regdns2.net. 83382 IN A 176.97.158.100
;rrset 78264 4 0 2 0
awsdns-01.net. 78264 IN NS g-ns-450.awsdns-01.net.
awsdns-01.net. 78264 IN NS g-ns-771.awsdns-01.net.
awsdns-01.net. 78264 IN NS g-ns-1345.awsdns-01.net.
awsdns-01.net. 78264 IN NS g-ns-1921.awsdns-01.net.
;rrset 764 4 0 2 0
awsdns-51.org. 764 IN NS g-ns-757.awsdns-51.org.
awsdns-51.org. 764 IN NS g-ns-179.awsdns-51.org.
awsdns-51.org. 764 IN NS g-ns-1651.awsdns-51.org.
awsdns-51.org. 764 IN NS g-ns-1078.awsdns-51.org.
;rrset 588 1 0 1 0
g-ns-1613.awsdns-13.org. 588 IN AAAA 2600:9000:5306:4d00::1
;rrset 78265 1 0 1 0
g-ns-924.awsdns-28.co.uk. 78265 IN A 205.251.195.156
;rrset 76040 1 0 8 0
a8-66.akam.net. 76040 IN A 2.16.40.66
;rrset 75197 1 0 1 0
c.gtld-servers.net. 75197 IN AAAA 2001:503:83eb::30
;rrset 76669 2 0 2 0
cscudns.com. 76669 IN NS udns1.cscudns.com.
cscudns.com. 76669 IN NS udns2.cscudns.org.
;rrset 77066 1 0 1 0
ns03.quack-dns.com. 77066 IN AAAA 2607:f740:e049:8::1
;rrset 76552 4 0 2 0
awsdns-50.net. 76552 IN NS g-ns-499.awsdns-50.net.
awsdns-50.net. 76552 IN NS g-ns-820.awsdns-50.net.
awsdns-50.net. 76552 IN NS g-ns-1394.awsdns-50.net.
awsdns-50.net. 76552 IN NS g-ns-1970.awsdns-50.net.
;rrset 76552 1 0 1 0
g-ns-789.awsdns-19.net. 76552 IN AAAA 2600:9000:5303:1500::1
;rrset 584 1 1 2 0
tgavefiapfec1jtu4go0ee5kpd1j4s5a.io. 584 IN NSEC3 1 1 0 73 tgc01p8mki8s733b2ju3q1tmb4od6oaf NS DS RRSIG ;{flags: optout}
tgavefiapfec1jtu4go0ee5kpd1j4s5a.io. 584 IN RRSIG NSEC3 8 2 3600 20260215154530 20260125144530 44475 io. P/62B0Ogdb1/TLnfso23tKgss399t58+k9Enwsw0EbbQ40Ryk1lkkD9HcYi3zepgrv3352OYxMj1vR/kflnS5dIp5+JjmbYXUO3QkfAY8szWpfDTo1lnDBkIMU5Afzf4J0ZyZ1CublS3BcXZ5xl09zw7Wpot8lCODHG2+dYw+QY= ;{id = 44475}
;rrset 76596 4 0 2 0
googlesyndication.com. 76596 IN NS ns2.google.com.
googlesyndication.com. 76596 IN NS ns1.google.com.
googlesyndication.com. 76596 IN NS ns3.google.com.
googlesyndication.com. 76596 IN NS ns4.google.com.
;rrset 76668 1 0 1 0
g-ns-1515.awsdns-40.co.uk. 76668 IN AAAA 2600:9000:5305:eb00::1
;rrset 76526 1 0 1 0
g-ns-1934.awsdns-14.net. 76526 IN A 205.251.199.142
;rrset 584 1 0 1 0
ns2.cdn77.org. 584 IN A 79.127.191.100
;rrset 76553 1 0 1 0
g-ns-494.awsdns-45.net. 76553 IN A 205.251.193.238
;rrset 76526 1 0 8 0
a12-64.akam.net. 76526 IN AAAA 2600:1480:f000::40
;rrset 76526 1 0 1 0
g-ns-610.awsdns-34.com. 76526 IN A 205.251.194.98
;rrset 76081 1 0 1 0
d.dns.br. 76081 IN A 200.219.154.10
;rrset 76658 1 0 8 0
ns-940.awsdns-53.net. 76658 IN A 205.251.195.172
;rrset 652 1 0 1 0
g-ns-178.awsdns-50.org. 652 IN A 205.251.192.178
;rrset 76523 1 0 1 0
g-ns-377.awsdns-57.co.uk. 76523 IN AAAA 2600:9000:5301:7900::1
;rrset 76658 1 0 1 0
g-ns-49.awsdns-48.com. 76658 IN AAAA 2600:9000:5300:3100::1
;rrset 76524 1 0 8 0
ns-1507.awsdns-60.org. 76524 IN AAAA 2600:9000:5305:e300::1
;rrset 75197 1 0 8 2
0.1.1.0.0.0.0.0.0.0.0.0.0.1.0.0.3.0.6.7.d.0.e.0.a.0.0.0.3.0.0.2.ip6.arpa. 75197 IN PTR vml000110.idmz.nausch.org.
;rrset 76523 1 0 1 0
g-ns-1199.awsdns-47.com. 76523 IN AAAA 2600:9000:5304:af00::1
;rrset 75197 1 0 3 0
c.root-servers.net. 75197 IN A 192.33.4.12
;rrset 76658 1 0 1 0
g-ns-948.awsdns-52.co.uk. 76658 IN AAAA 2600:9000:5303:b400::1
;rrset 76526 4 0 2 0
awsdns-25.co.uk. 76526 IN NS g-ns-921.awsdns-25.co.uk.
awsdns-25.co.uk. 76526 IN NS g-ns-1500.awsdns-25.co.uk.
awsdns-25.co.uk. 76526 IN NS g-ns-1821.awsdns-25.co.uk.
awsdns-25.co.uk. 76526 IN NS g-ns-345.awsdns-25.co.uk.
;rrset 76523 4 0 2 0
mozgcp.net. 76523 IN NS ns-cloud-c1.googledomains.com.
mozgcp.net. 76523 IN NS ns-cloud-c2.googledomains.com.
mozgcp.net. 76523 IN NS ns-cloud-c3.googledomains.com.
mozgcp.net. 76523 IN NS ns-cloud-c4.googledomains.com.
;rrset 76082 1 0 1 0
ns1.afrinic.net. 76082 IN AAAA 2001:42d0::200:2:1
;rrset 76081 1 1 2 0
lacnic.net. 76081 IN DS 65335 13 2 D8B5F19D75A1E6555A6BE798B427B377E119E6617BD0B38C05832A0D3A941D78
lacnic.net. 76081 IN RRSIG DS 13 2 86400 20260202033059 20260126022059 44109 net. H3nxk4AO1ss5upw1mQ6HZ5OmZqupaYv3XWi6OkW5iT1lILKZ5GvFZ/1RJI9kitSXULVZmhtziWd47+mH2jwhRw== ;{id = 44109}
;rrset 76523 1 0 1 0
ns7.googledomains.com. 76523 IN A 216.239.36.10
;rrset 76526 4 0 2 0
awsdns-49.net. 76526 IN NS g-ns-498.awsdns-49.net.
awsdns-49.net. 76526 IN NS g-ns-819.awsdns-49.net.
awsdns-49.net. 76526 IN NS g-ns-1393.awsdns-49.net.
awsdns-49.net. 76526 IN NS g-ns-1969.awsdns-49.net.
;rrset 76034 1 1 2 0
elster.de. 76034 IN DS 48361 8 2 46E47AC61D7A7CB64864B8308979B29F53F190D87DBAE8C55CBCD2E26904AC05
elster.de. 76034 IN RRSIG DS 8 2 86400 20260208072125 20260125055125 14058 de. zSIzx3tWbf0Ic5ww3w6gzVpA3n/SIzjMrYFIE6FnQnASz22hAVripxYKFt1nOSGqEtrcGLXqWcUkbBMEalSmq38Jjlk8LYcAyedxNnYGXdMHO9aVdU72CuqB8svc9+gs5sdI9i5SWiNKzYFtc7t+sXUiBnyw9Fvtf4wselXUjf0= ;{id = 14058}
;rrset 76295 1 1 8 0
ns0.leaseweb.com. 76295 IN AAAA 2607:f5b5::53
ns0.leaseweb.com. 76295 IN RRSIG AAAA 13 3 86400 20260212000000 20260122000000 34591 leaseweb.com. znIv0Q9G0OwnyHCaXvYfglgKqF3Y6OiCUTcQiwYvbSEWGV2V6y7Lp4VmKMFfSorT5DFu3ZpuZMJIRdf6aZXW1A== ;{id = 34591}
;rrset 78265 4 0 2 0
awsdns-41.co.uk. 78265 IN NS g-ns-1516.awsdns-41.co.uk.
awsdns-41.co.uk. 78265 IN NS g-ns-937.awsdns-41.co.uk.
awsdns-41.co.uk. 78265 IN NS g-ns-361.awsdns-41.co.uk.
awsdns-41.co.uk. 78265 IN NS g-ns-1837.awsdns-41.co.uk.
;rrset 76526 8 0 2 0
ultradns.co.uk. 76526 IN NS pdns196.ultradns.com.
ultradns.co.uk. 76526 IN NS pdns196.ultradns.co.uk.
ultradns.co.uk. 76526 IN NS ns61.ultradns2.org.
ultradns.co.uk. 76526 IN NS pdns196.ultradns.biz.
ultradns.co.uk. 76526 IN NS ns61.ultradns2.com.
ultradns.co.uk. 76526 IN NS pdns196.ultradns.net.
ultradns.co.uk. 76526 IN NS pdns196.ultradns.org.
ultradns.co.uk. 76526 IN NS pdns196.ultradns.info.
;rrset 78361 1 0 1 0
g-ns-1817.awsdns-21.co.uk. 78361 IN A 205.251.199.25
;rrset 76526 1 0 8 0
pdns196.ultradns.co.uk. 76526 IN AAAA 2610:a1:1017::e8
;rrset 76545 4 0 2 0
googleapis.com. 76545 IN NS ns2.google.com.
googleapis.com. 76545 IN NS ns1.google.com.
googleapis.com. 76545 IN NS ns3.google.com.
googleapis.com. 76545 IN NS ns4.google.com.
;rrset 83452 1 0 1 0
g-ns-786.awsdns-16.net. 83452 IN AAAA 2600:9000:5303:1200::1
;rrset 83383 1 1 8 0
ns4.infonline.de. 83383 IN A 136.243.155.221
ns4.infonline.de. 83383 IN RRSIG A 8 3 86400 20260212000000 20260122000000 12679 infonline.de. qZ3TvJ1FgGbw76TCTTjWUuqi6YAJAW33V+bQ44Gan1xgdh3KVA1OHa/8+vPZC5BtvirrWfgd3E4hwIDxDTgZ9Te+sIQhGKpOHp6BWRYJjYci4PEck6+y24Q/0goWmXc7DFdgD34fjCWeZCjGibfQeYrbLsFdO0fXQn3kjvm7rIU= ;{id = 12679}
;rrset 996 1 1 2 0
OJHQT0TKEP6HL4216FNV69EG150VTCQF.co.uk. 996 IN NSEC3 1 1 0 - ojigdeftdgtfvnomc2lsdv4evrlnlpi1 NS DS RRSIG ;{flags: optout}
OJHQT0TKEP6HL4216FNV69EG150VTCQF.co.uk. 996 IN RRSIG NSEC3 8 3 10800 20260301094631 20260125094619 44346 co.uk. uWr12vmE96CFg95wEYeIISYhKoyHRt3VupStx9nFKKMax7zFV6jZyAdVm8LBz8FhTy9Fw5UbdkgNoRZE46d+nsjVNcmh4Tl3FKEW8dS0QKxjWu0ifRFeBpN3pGOmSg6sg95Zu+bpBKynpGDSlKUSQwjLcOoDYrPsfROMEs15alzLXDlWwnFkE5lEbqTtY1RXIEcTylHIacLJSo0RKe5ynaRykIrEORE7f/RX8ox9nGDtWET472M7JBc/rvHpiQJ2kDblrH0pFpkG9HqEUFfz9rmJRZ4zf7sxCKMZ+JOTCCSp2hRrO0N5lxqpNczsVspKjYolqrueta+4kav4tUx1cQ== ;{id = 44346}
;rrset 75197 1 0 1 0
j.gtld-servers.net. 75197 IN A 192.48.79.30
;rrset 76523 1 0 1 0
g-ns-23.awsdns-22.com. 76523 IN A 205.251.192.23
;rrset 75197 1 0 3 0
e.root-servers.net. 75197 IN A 192.203.230.10
;rrset 76668 1 0 1 0
g-ns-639.awsdns-63.com. 76668 IN AAAA 2600:9000:5302:7f00::1
;rrset 76526 1 0 1 0
g-ns-35.awsdns-34.com. 76526 IN AAAA 2600:9000:5300:2300::1
;rrset 770 1 1 11 5
2.17.172.in-addr.arpa. 770 IN DNSKEY 257 3 13 ElQ2dYAXQkxAuf2ygAQ64NLZVIyOesngqiVd09jpjuBv8m2X+tjmfDTjm0T5u4cAfh4CWkIZCIxXAZnjCZfq6w== ;{id = 47194 (ksk), size = 256b}
2.17.172.in-addr.arpa. 770 IN RRSIG DNSKEY 13 5 3600 20260212075344 20260129065344 47194 2.17.172.in-addr.arpa. PUqDobW/h35LrP/1/rs0S/tj8Gu6AhLgdVJUwd2xEQCmsVzW14+EGpqYNjbcJGc0S65/F1+Dr8zfLiHAYQxVkA== ;{id = 47194}
;rrset 83564 1 0 1 0
g-ns-1505.awsdns-30.co.uk. 83564 IN AAAA 2600:9000:5305:e100::1
;rrset 83451 3 0 2 0
2cnt.net. 83451 IN NS ns1.inexio.net.
2cnt.net. 83451 IN NS ns2.inexio.net.
2cnt.net. 83451 IN NS ns3.inexio.net.
;rrset 76249 3 1 8 0
red.foundationdns.net. 76249 IN A 162.159.60.33
red.foundationdns.net. 76249 IN A 108.162.198.33
red.foundationdns.net. 76249 IN A 172.64.40.33
red.foundationdns.net. 76249 IN RRSIG A 13 3 86353 20260130102510 20260128082510 34505 foundationdns.net. CcjV15xNo7Tr4tKxYcAgw5PCdeY5I/vD65n9truB0FiwJP5zju5PG2H1nWWWsNK0cXqs3rKvvjq50JL50aEdbg== ;{id = 34505}
;rrset 83388 1 0 1 0
g-ns-1176.awsdns-24.com. 83388 IN AAAA 2600:9000:5304:9800::1
;rrset 78265 1 0 1 0
g-ns-780.awsdns-10.net. 78265 IN A 205.251.195.12
;rrset 76081 1 1 2 0
ripe.net. 76081 IN DS 38758 13 2 CA4A0DF4D38781D7B0F3574C6D39EF04A6B81FD44CFF223F9FD20974168CC3F0
ripe.net. 76081 IN RRSIG DS 13 2 86400 20260203032350 20260127021350 44109 net. 484HAzSBYInHlE73ccdR0b3WtpgcIjGH57sbXdxQwtQjDTjTucniqS0NV31kWW6F7DuseSykIgZyP+Djco7bmg== ;{id = 44109}
;rrset 83529 3 0 1 0
kristin.ns.cloudflare.com. 83529 IN A 108.162.192.181
kristin.ns.cloudflare.com. 83529 IN A 172.64.32.181
kristin.ns.cloudflare.com. 83529 IN A 173.245.58.181
;rrset 76526 1 0 1 0
g-ns2.amzndns.com. 76526 IN AAAA 2600:9000:5306:9900::1
;rrset 76658 1 0 1 0
g-ns-624.awsdns-48.com. 76658 IN A 205.251.194.112
;rrset 76522 1 0 8 0
ns-1627.awsdns-11.co.uk. 76522 IN A 205.251.198.91
;rrset 76526 4 0 2 0
youtube.com. 76526 IN NS ns2.google.com.
youtube.com. 76526 IN NS ns1.google.com.
youtube.com. 76526 IN NS ns3.google.com.
youtube.com. 76526 IN NS ns4.google.com.
;rrset 76524 1 1 2 0
cloudflare.com. 76524 IN DS 2371 13 2 32996839A6D808AFE3EB4A795A0E6A7A39A76FC52FF228B22B76F6D63826F2B9
cloudflare.com. 76524 IN RRSIG DS 13 2 86400 20260202010429 20260125235429 35511 com. 3QOJGsGJOZRDCstjDezwKMu03KzzphENKQ8QnaX1+DwQ1fzax42m0bNa8NXlMY1ZqzpbfYDPdpqwrzELq/sqYQ== ;{id = 35511}
;rrset 78526 1 0 1 0
g-ns-1526.awsdns-51.co.uk. 78526 IN AAAA 2600:9000:5305:f600::1
;rrset 83564 1 0 1 0
g-ns-1192.awsdns-40.com. 83564 IN AAAA 2600:9000:5304:a800::1
;rrset 76081 1 0 1 0
ns4.lacnic.net. 76081 IN A 190.112.52.35
;rrset 76523 1 0 1 0
ns1.fastly-edge.com. 76523 IN AAAA 2a04:4e47::32
;rrset 76552 1 0 1 0
g-ns-353.awsdns-33.co.uk. 76552 IN A 205.251.193.97
;rrset 83564 1 0 8 0
ns-1321.awsdns-37.org. 83564 IN AAAA 2600:9000:5305:2900::1
;rrset 83388 1 0 1 0
g-ns-504.awsdns-55.net. 83388 IN AAAA 2600:9000:5301:f800::1
;rrset 76523 1 0 1 0
ns6.googledomains.com. 76523 IN A 216.239.34.10
;rrset 76597 1 0 8 2
www.google.de. 76597 IN HTTPS 1 . alpn="h2,h3"
;rrset 76523 1 0 1 0
g-ns-1531.awsdns-56.co.uk. 76523 IN AAAA 2600:9000:5305:fb00::1
;rrset 76523 1 0 1 0
g-ns-1775.awsdns-47.com. 76523 IN AAAA 2600:9000:5306:ef00::1
;rrset 83383 4 0 2 0
idcdn.de. 83383 IN NS dns.dns1.de.
idcdn.de. 83383 IN NS dns.dns2.de.
idcdn.de. 83383 IN NS dns.dns3.de.
idcdn.de. 83383 IN NS dns.dns4.de.
;rrset 76521 1 0 1 0
g-ns-1489.awsdns-14.co.uk. 76521 IN A 205.251.197.209
;rrset 76526 1 0 1 0
ns3.google.com. 76526 IN AAAA 2001:4860:4802:36::a
;rrset 76521 1 0 1 0
dns3.nic.uk. 76521 IN AAAA 2a01:618:404::1
;rrset 76526 1 0 8 0
a22-66.akam.net. 76526 IN A 23.211.61.66
;rrset 76526 1 0 1 0
pdns196.ultradns.com. 76526 IN AAAA 2001:502:f3ff::e8
;rrset 11726 1 0 8 2
www.amazon.de.edgekey.net. 11726 IN CNAME e15317.dsca.akamaiedge.net.
;rrset 76553 1 0 8 0
ns-519.awsdns-00.net. 76553 IN A 205.251.194.7
;rrset 76526 1 0 8 0
ns1-174.akam.net. 76526 IN A 193.108.91.174
;rrset 76523 1 0 8 0
ns-cloud-e2.googledomains.com. 76523 IN A 216.239.34.110
;rrset 83388 1 0 1 0
g-ns-1975.awsdns-55.net. 83388 IN A 205.251.199.183
;rrset 75197 1 0 1 0
z.nic.de. 75197 IN A 194.246.96.1
;rrset 76523 1 0 1 0
ns2.fastly-edge.com. 76523 IN A 104.156.80.32
;rrset 83452 1 0 8 0
ns-1682.awsdns-18.co.uk. 83452 IN AAAA 2600:9000:5306:9200::1
;rrset 83383 1 0 8 0
dns.dns4.de. 83383 IN A 144.76.91.137
;rrset 11388 1 0 8 2
amplify.outbrain.com. 11388 IN CNAME wildcard.outbrain.com.edgekey.net.
;rrset 76526 1 0 8 0
ns1-174.akam.net. 76526 IN AAAA 2600:1401:2::ae
;rrset 76081 1 0 1 0
cl2-tld.d-zone.ca. 76081 IN AAAA 2620:10a:80ab::56
;rrset 78579 1 0 1 0
g-ns-379.awsdns-59.co.uk. 78579 IN A 205.251.193.123
;rrset 76523 1 0 8 0
ns-cloud-d2.googledomains.com. 76523 IN A 216.239.34.109
;rrset 76668 1 0 1 0
ns-ne.afrinic.net. 76668 IN AAAA 2001:43f8:120::45
;rrset 76526 1 0 1 0
b0.info.afilias-nst.org. 76526 IN A 199.254.48.1
;rrset 83564 1 0 1 0
g-ns-1768.awsdns-40.com. 83564 IN AAAA 2600:9000:5306:e800::1
;rrset 76523 1 0 1 0
ns1.fastly-edge.com. 76523 IN A 23.235.32.32
;rrset 77048 1 0 1 0
g-ns-328.awsdns-08.co.uk. 77048 IN AAAA 2600:9000:5301:4800::1
;rrset 76552 1 0 8 0
ns-1444.awsdns-52.org. 76552 IN A 205.251.197.164
;rrset 76523 1 0 1 0
g-ns-352.awsdns-32.co.uk. 76523 IN A 205.251.193.96
;rrset 76034 1 0 1 0
a6-67.akam.net. 76034 IN AAAA 2600:1401:1::43
;rrset 76523 1 0 8 0
ns-865.awsdns-44.net. 76523 IN AAAA 2600:9000:5303:6100::1
;rrset 75197 1 0 1 0
f.ip6-servers.arpa. 75197 IN AAAA 2a13:27c0:30::2
;rrset 764 1 0 1 0
g-ns-1032.awsdns-05.org. 764 IN A 205.251.196.8
;rrset 76526 1 0 1 0
g-ns4.amzndns.co.uk. 76526 IN A 205.251.198.44
;rrset 32881 1 1 8 0
ssdns-tld.nic.cl. 32881 IN A 200.7.5.14
ssdns-tld.nic.cl. 32881 IN RRSIG A 13 3 43200 20260211202157 20260129023048 10973 nic.cl. CBNgId1/gTxhz75xMP+hvTh6jiH49eqf2Or4J9aTuu9dBQghDcQxlGcntY0btXFIGov700IwS9bPvzlKDMRKNw== ;{id = 10973}
;rrset 75197 1 0 1 0
b.gtld-servers.net. 75197 IN AAAA 2001:503:231d::2:30
;rrset 77882 3 1 8 0
nick.ns.cloudflare.com. 77882 IN A 173.245.59.213
nick.ns.cloudflare.com. 77882 IN A 108.162.193.213
nick.ns.cloudflare.com. 77882 IN A 172.64.33.213
nick.ns.cloudflare.com. 77882 IN RRSIG A 13 4 86353 20260130105223 20260128085223 34505 cloudflare.com. PyU8cFcQpTWjRfHCnyMsjVjP45m+JPX3T4EDaSCCmA9vvmQx2sSuumGLwuiUn0Vf2nDyMiLi13EClG1TipgNyw== ;{id = 34505}
;rrset 76668 1 1 2 0
ch. 76668 IN DS 58745 13 2 083ED7735A6AAD21D51CB0AF5C485055602B392435E92B2C13614A6BC8D46B92
ch. 76668 IN RRSIG DS 8 1 86400 20260211050000 20260129040000 21831 . M/XN59u181ny7GtfY0r8w/yadckjmyf7u/VMYPd1kRV+55Q3+WYY1wQcLgMwe/CCtXghFgALB9thwLOrnkmPyACEuD8XoACp9yM6G/CGbQVzKfu0QAoNbOVeDIGCjdumxIPaby6Tj5R5f7WzJNPyYwzIAlP++/fJjz4Y05aGPGc4ssn5/whSSW9OTnRVsff2djqAAudiYoSiTHsVNt9zaMRpxb/7e/s2NUmAfJn6oT1mF+zPkG2dbFFmIqb175f+4yEkSzbYEGgl1m3Dpc3T50RA7fWqGoKmQcllASc0C4MMDy6s9E6LS7fQRPStxawJdxncNaS7S2dHS/0tDArq5Q== ;{id = 21831}
;rrset 764 1 0 1 0
g-ns-1637.awsdns-37.org. 764 IN A 205.251.198.101
;rrset 588 1 0 1 0
g-ns-1052.awsdns-25.org. 588 IN AAAA 2600:9000:5304:1c00::1
;rrset 78265 1 1 8 0
dns4.p02.nsone.net. 78265 IN AAAA 2a00:edc0:6259:7:2::4
dns4.p02.nsone.net. 78265 IN RRSIG AAAA 13 4 86400 20260130105759 20260129085759 12196 nsone.net. f1JrTJDhepdbKvZBOx9LygCgfNsENKSOTma2fI7izsYc3rEC7ySGjM4hGFXCDt9Rjv1Pfs50114XsoCOwO8EKg== ;{id = 12196}
;rrset 78526 1 0 1 0
g-ns-52.awsdns-51.com. 78526 IN AAAA 2600:9000:5300:3400::1
;rrset 76082 1 1 8 0
ns4.apnic.net. 76082 IN A 202.12.31.53
ns4.apnic.net. 76082 IN RRSIG A 13 3 604800 20260227020639 20260128003639 50917 apnic.net. KTYJV1YKgZCzNqx578C4Kwkj8vzqxHEqqFvmWIdIAK2WoZQUTcwXOapNZcF3LZUlqUMcaNLLWJ/iYcHXQecyPw== ;{id = 50917}
;rrset 76521 1 0 1 0
nsc.nic.uk. 76521 IN AAAA 2610:a1:1009::3
;rrset 83388 1 0 1 0
g-ns-1491.awsdns-16.co.uk. 83388 IN AAAA 2600:9000:5305:d300::1
;rrset 76524 1 0 1 0
g-ns-1376.awsdns-32.net. 76524 IN A 205.251.197.96
;rrset 76551 1 0 8 0
ns-1140.awsdns-14.org. 76551 IN AAAA 2600:9000:5304:7400::1
;rrset 75197 1 0 8 0
pns.dtag.de. 75197 IN AAAA 2003:40:8000::100
;rrset 77048 1 0 1 0
g-ns-619.awsdns-43.com. 77048 IN AAAA 2600:9000:5302:6b00::1
;rrset 76081 4 0 2 0
apnic.net. 76081 IN NS ns4.apnic.net.
apnic.net. 76081 IN NS apnic.authdns.ripe.net.
apnic.net. 76081 IN NS ns2.apnic.net.
apnic.net. 76081 IN NS ns1.apnic.net.
;rrset 20 1 0 8 2
ping.archlinux.org. 20 IN CNAME redirect.archlinux.org.
;rrset 75197 1 0 1 0
e.ip6-servers.arpa. 75197 IN AAAA 2001:dd8:6::101
;rrset 76524 4 0 2 0
icann-servers.net. 76524 IN NS ns.icann.org.
icann-servers.net. 76524 IN NS c.icann-servers.net.
icann-servers.net. 76524 IN NS a.icann-servers.net.
icann-servers.net. 76524 IN NS b.icann-servers.net.
;rrset 75197 2 0 2 0
dtag.net. 75197 IN NS pns.dtag.de.
dtag.net. 75197 IN NS ns1.telekom.net.
;rrset 83565 1 0 8 0
ns-1433.awsdns-51.org. 83565 IN AAAA 2600:9000:5305:9900::1
;rrset 76658 1 0 1 0
g-ns-1200.awsdns-48.com. 76658 IN A 205.251.196.176
;rrset 83564 1 0 8 0
ns-398.awsdns-49.com. 83564 IN AAAA 2600:9000:5301:8e00::1
;rrset 76523 1 0 1 0
g-ns-598.awsdns-22.com. 76523 IN AAAA 2600:9000:5302:5600::1
;rrset 78361 1 0 1 0
g-ns-917.awsdns-21.co.uk. 78361 IN A 205.251.195.149
;rrset 83564 1 0 1 0
g-ns-492.awsdns-43.net. 83564 IN AAAA 2600:9000:5301:ec00::1
;rrset 926 1 0 8 2
www.reddit.com. 926 IN CNAME reddit.map.fastly.net.
;rrset 764 1 0 1 0
g-ns-1064.awsdns-37.org. 764 IN A 205.251.196.40
;rrset 83388 4 0 2 0
awsdns-35.co.uk. 83388 IN NS g-ns-355.awsdns-35.co.uk.
awsdns-35.co.uk. 83388 IN NS g-ns-931.awsdns-35.co.uk.
awsdns-35.co.uk. 83388 IN NS g-ns-1510.awsdns-35.co.uk.
awsdns-35.co.uk. 83388 IN NS g-ns-1831.awsdns-35.co.uk.
;rrset 83564 1 0 1 0
g-ns-1387.awsdns-43.net. 83564 IN AAAA 2600:9000:5305:6b00::1
;rrset 76523 1 0 1 0
g-ns-376.awsdns-56.co.uk. 76523 IN A 205.251.193.120
;rrset 75574 1 0 1 0
a0.org.afilias-nst.info. 75574 IN AAAA 2001:500:e::1
;rrset 588 4 0 2 0
awsdns-13.org. 588 IN NS g-ns-1613.awsdns-13.org.
awsdns-13.org. 588 IN NS g-ns-141.awsdns-13.org.
awsdns-13.org. 588 IN NS g-ns-719.awsdns-13.org.
awsdns-13.org. 588 IN NS g-ns-1040.awsdns-13.org.
;rrset 78361 1 0 1 0
g-ns-341.awsdns-21.co.uk. 78361 IN AAAA 2600:9000:5301:5500::1
;rrset 76081 5 0 2 0
ripe.net. 76081 IN NS ns4.apnic.net.
ripe.net. 76081 IN NS ns3.afrinic.net.
ripe.net. 76081 IN NS manus.authdns.ripe.net.
ripe.net. 76081 IN NS ns3.lacnic.net.
ripe.net. 76081 IN NS rirns.arin.net.
;rrset 78579 1 0 1 0
g-ns-1534.awsdns-59.co.uk. 78579 IN A 205.251.197.254
;rrset 75197 1 0 1 0
dns00.dns.t-ipnet.de. 75197 IN AAAA 2003:180:4:a::53
;rrset 76552 1 0 1 0
g-ns-618.awsdns-42.com. 76552 IN AAAA 2600:9000:5302:6a00::1
;rrset 76526 1 0 1 0
g-ns-916.awsdns-20.co.uk. 76526 IN A 205.251.195.148
;rrset 78265 1 0 1 0
g-ns-924.awsdns-28.co.uk. 78265 IN AAAA 2600:9000:5303:9c00::1
;rrset 76524 1 0 8 0
ns-772.awsdns-32.net. 76524 IN A 205.251.195.4
;rrset 76553 1 0 1 0
g-ns-1743.awsdns-15.com. 76553 IN AAAA 2600:9000:5306:cf00::1
;rrset 11497 1 0 8 0
ns2bkr.name.com. 11497 IN AAAA 2402:cf80:107::1
;rrset 583 1 1 7 2
iocnt.net. 583 IN SOA ns.infonline.de. hostmaster.infonline.de. 2026012903 28800 7200 604800 86400
iocnt.net. 83383 IN RRSIG SOA 13 2 86400 20260212000000 20260122000000 49021 iocnt.net. 8RVBUikSwcrIgGwV2ahwIkjgEzXiDla1bzW0b7/NDDdvBsD4C/ZiLbq6i8GKozaSuX0tXxpUIp7fLxCxzg0GBg== ;{id = 49021}
;rrset 1522 4 0 2 0
services.mozilla.com. 1522 IN NS ns-1655.awsdns-14.co.uk.
services.mozilla.com. 1522 IN NS ns-1471.awsdns-55.org.
services.mozilla.com. 1522 IN NS ns-679.awsdns-20.net.
services.mozilla.com. 1522 IN NS ns-258.awsdns-32.com.
;rrset 12 1 1 7 0
JQTCQL1K0Q88EKDVK0UI2SUEOG86R9IE.10.0.10.in-addr.arpa. 12 IN NSEC3 1 0 0 - kkqfnos4p7j89dvgecrflrbtqneik4ra PTR RRSIG
JQTCQL1K0Q88EKDVK0UI2SUEOG86R9IE.10.0.10.in-addr.arpa. 12 IN RRSIG NSEC3 13 6 600 20260211151920 20260128191743 34902 10.0.10.in-addr.arpa. dHwsVVwYQSaRy9AanEALfru1+xXh0XgsBzozXxl7d6G0SVBBIrivHAQMI7E0xg4CmZF5WUkrYBx6qMl1qQyqTw== ;{id = 34902}
;rrset 83564 1 0 8 0
ns-321.awsdns-40.com. 83564 IN A 205.251.193.65
;rrset 76522 1 0 8 0
ns-166.awsdns-20.com. 76522 IN AAAA 2600:9000:5300:a600::1
;rrset 76553 1 0 1 0
g-ns-1965.awsdns-45.net. 76553 IN AAAA 2600:9000:5307:ad00::1
;rrset 76553 1 0 1 0
g-ns-28.awsdns-27.com. 76553 IN AAAA 2600:9000:5300:1c00::1
;rrset 83564 1 0 8 0
ns-2043.awsdns-63.co.uk. 83564 IN AAAA 2600:9000:5307:fb00::1
;rrset 77957 1 0 1 0
g-ns-514.awsdns-63.net. 77957 IN A 205.251.194.2
;rrset 76523 1 0 1 0
g-ns-4.awsdns-03.com. 76523 IN AAAA 2600:9000:5300:400::1
;rrset 76523 4 0 2 0
awsdns-32.co.uk. 76523 IN NS g-ns-352.awsdns-32.co.uk.
awsdns-32.co.uk. 76523 IN NS g-ns-1828.awsdns-32.co.uk.
awsdns-32.co.uk. 76523 IN NS g-ns-1507.awsdns-32.co.uk.
awsdns-32.co.uk. 76523 IN NS g-ns-928.awsdns-32.co.uk.
;rrset 76523 1 0 8 0
ns-cloud-a1.googledomains.com. 76523 IN A 216.239.32.106
;rrset 76522 1 0 8 0
ns-258.awsdns-32.com. 76522 IN AAAA 2600:9000:5301:200::1
;rrset 83564 1 0 1 0
g-ns-1380.awsdns-36.net. 83564 IN A 205.251.197.100
;rrset 83530 1 0 1 0
g-ns-1159.awsdns-07.com. 83530 IN A 205.251.196.135
;rrset 76552 1 0 8 0
ns-1918.awsdns-47.co.uk. 76552 IN AAAA 2600:9000:5307:7e00::1
;rrset 76523 1 0 1 0
g-ns-1155.awsdns-03.com. 76523 IN AAAA 2600:9000:5304:8300::1
;rrset 76551 1 0 1 0
g-ns-1181.awsdns-29.com. 76551 IN AAAA 2600:9000:5304:9d00::1
;rrset 76552 1 0 8 0
ns-336.awsdns-42.com. 76552 IN AAAA 2600:9000:5301:5000::1
;rrset 76655 3 0 1 0
walt.ns.cloudflare.com. 76655 IN AAAA 2606:4700:58::adf5:3b94
walt.ns.cloudflare.com. 76655 IN AAAA 2803:f800:50::6ca2:c194
walt.ns.cloudflare.com. 76655 IN AAAA 2a06:98c1:50::ac40:2194
;rrset 76553 1 0 8 0
ns-1295.awsdns-33.org. 76553 IN A 205.251.197.15
;rrset 764 1 0 1 0
g-ns-1605.awsdns-05.org. 764 IN A 205.251.198.69
;rrset 652 1 0 1 0
g-ns-1650.awsdns-50.org. 652 IN AAAA 2600:9000:5306:7200::1
;rrset 78477 3 1 8 0
mina.ns.cloudflare.com. 78477 IN A 162.159.38.251
mina.ns.cloudflare.com. 78477 IN A 108.162.194.251
mina.ns.cloudflare.com. 78477 IN A 172.64.34.251
mina.ns.cloudflare.com. 78477 IN RRSIG A 13 4 86353 20260130110218 20260128090218 34505 cloudflare.com. FvY7WkU01XxXv86AOY1DPFqTBrmHgCAxCqhmWGZPjG2ZL8oxR5YGHC0/uN/QRoUVvaoqugyCd4e0f40aD3zn9w== ;{id = 34505}
;rrset 724 1 1 7 0
PBAG776T3JQRD9PTUMUBB30T3HJFN3TK.ebersberger-liedersammlung.de. 724 IN NSEC3 1 0 0 - qkmun7mp3qdg47dlpheaie24pao2plo4 A NS SOA MX TXT AAAA RRSIG DNSKEY NSEC3PARAM TYPE65534
PBAG776T3JQRD9PTUMUBB30T3HJFN3TK.ebersberger-liedersammlung.de. 724 IN RRSIG NSEC3 13 3 3600 20260211183126 20260128191743 26039 ebersberger-liedersammlung.de. xTd2GFR7dtj/7u3lJSBETkd7e+FYlVULJj3GMBRciy99ta7ZREx76rcgG+VYaJ0tH4JPVh5CGF0rWxqv+vmxGA== ;{id = 26039}
;rrset 76524 1 0 1 0
ns1.cloudflare-dns.com. 76524 IN AAAA 2400:cb00:2049:1::a29f:21
;rrset 76526 1 0 1 0
y.gtld.biz. 76526 IN AAAA 2001:dcd:3::13
;rrset 75197 1 0 1 0
c.ip6-servers.arpa. 75197 IN AAAA 2001:43f8:110::11
;rrset 588 1 0 1 0
g-ns-1625.awsdns-25.org. 588 IN A 205.251.198.89
;rrset 83383 3 0 1 0
gwen.ns.cloudflare.com. 83383 IN AAAA 2606:4700:50::adf5:3aa0
gwen.ns.cloudflare.com. 83383 IN AAAA 2803:f800:50::6ca2:c0a0
gwen.ns.cloudflare.com. 83383 IN AAAA 2a06:98c1:50::ac40:20a0
;rrset 76526 4 0 2 0
awsdns-20.co.uk. 76526 IN NS g-ns-340.awsdns-20.co.uk.
awsdns-20.co.uk. 76526 IN NS g-ns-916.awsdns-20.co.uk.
awsdns-20.co.uk. 76526 IN NS g-ns-1495.awsdns-20.co.uk.
awsdns-20.co.uk. 76526 IN NS g-ns-1816.awsdns-20.co.uk.
;rrset 76526 1 0 1 0
g-ns1.amzndns.net. 76526 IN AAAA 2600:9000:5304:e500::1
;rrset 76526 1 0 8 0
pdns196.ultradns.biz. 76526 IN AAAA 2610:a1:1015::e8
;rrset 83452 1 0 1 0
g-ns-1936.awsdns-16.net. 83452 IN AAAA 2600:9000:5307:9000::1
;rrset 951 1 1 2 0
8DFCRBPO56JH9H6KH4JHLICMFNGT0333.co.uk. 951 IN NSEC3 1 1 0 - 8dfra78oi1ulquh5ikmupv1qi8he5dlj NS DS RRSIG ;{flags: optout}
8DFCRBPO56JH9H6KH4JHLICMFNGT0333.co.uk. 951 IN RRSIG NSEC3 8 3 10800 20260304140526 20260128132233 44346 co.uk. lIenuOVT6u3wTNDe1gbTJVtlqsO6nKaKojIy4d+4doZzbV+0CRs+ZudjgtorW/kpNAzdxE9P3aa71dwCVU1tpl9JmvN2f91qVT08J3fy7X7PhISypfem78l3dSehzBIlXZhdtcF/REYFOZq/A4MBWXKWGYkihkCQdes0UUgFCMm8YFWRUTtGgZr99VWWRXh8uJjx+C/+KF4nPw2a4SC2sJA++sKXL6hubAPohZCc/z32IJGgIsE8E+UCxfUfTMDypZMFpaYQmLiQbD0gZVuMoPZ44kmqnqkc5j+mdCi4u47DN0qSiU/9/ds08VZvE5rfr9COhJaXOMSQrW8TyEYNqw== ;{id = 44346}
;rrset 76524 2 0 1 0
ns4.cloudflare.com. 76524 IN AAAA 2400:cb00:2049:1::a29f:121
ns4.cloudflare.com. 76524 IN AAAA 2400:cb00:2049:1::a29f:837
;rrset 76526 4 0 2 0
awsdns-43.co.uk. 76526 IN NS g-ns-363.awsdns-43.co.uk.
awsdns-43.co.uk. 76526 IN NS g-ns-939.awsdns-43.co.uk.
awsdns-43.co.uk. 76526 IN NS g-ns-1518.awsdns-43.co.uk.
awsdns-43.co.uk. 76526 IN NS g-ns-1839.awsdns-43.co.uk.
;rrset 83564 1 0 1 0
g-ns-625.awsdns-49.com. 83564 IN AAAA 2600:9000:5302:7100::1
;rrset 78265 1 0 1 0
g-ns-361.awsdns-41.co.uk. 78265 IN A 205.251.193.105
;rrset 78526 4 0 2 0
awsdns-51.com. 78526 IN NS g-ns-52.awsdns-51.com.
awsdns-51.com. 78526 IN NS g-ns-627.awsdns-51.com.
awsdns-51.com. 78526 IN NS g-ns-1203.awsdns-51.com.
awsdns-51.com. 78526 IN NS g-ns-1779.awsdns-51.com.
;rrset 76034 1 0 1 0
a22-67.akam.net. 76034 IN A 23.211.61.67
;rrset 76523 1 0 1 0
g-ns-1731.awsdns-03.com. 76523 IN A 205.251.198.195
;rrset 76668 1 1 2 0
ne. 76668 IN NSEC nec. NS RRSIG NSEC
ne. 76668 IN RRSIG NSEC 8 1 86400 20260211050000 20260129040000 21831 . rBILxWB0Ezfh5uaLVGQYVRpVPr/JkYR48jgkCa31NNyD+oE24DkLxINrmzmVPcgA0mqk3Js9i/SWzXTV0AIpnZA4u0C2+erJNJQxrneDxDziNqHNm6VCAFOfriPPi+YzeGZ7w34jiZQsU3EH9a2HICXVeAP9ZOyXOXBGoOPJQPEnyrdCtw1uLiXq9VD074rhz8/v/3bE0yRgozS0MZO4b6pMnj7Nj0olbUImvUCr/bqH5TexI8S0NhTe9UNRBIrsKvCAzIByivQoFzBlfaTE0Lc8WKusgPu6gn14DEhgfX8JFPnpQxF1DutTNmIjShNJi6wyIETQ/KtgWHe2SBeWfQ== ;{id = 21831}
;rrset 76551 1 0 1 0
g-ns-1351.awsdns-07.net. 76551 IN AAAA 2600:9000:5305:4700::1
;rrset 76523 1 0 8 0
ns-377.awsdns-47.com. 76523 IN A 205.251.193.121
;rrset 76552 1 0 1 0
g-ns-53.awsdns-52.com. 76552 IN AAAA 2600:9000:5300:3500::1
;rrset 76551 1 0 1 0
g-ns-1181.awsdns-29.com. 76551 IN A 205.251.196.157
;rrset 77066 1 0 1 0
ns02.quack-dns.com. 77066 IN A 148.163.196.65
;rrset 583 1 1 7 0
h77oqqki49o85n481mvj0d0mbpksnho6.infonline.de. 83383 IN NSEC3 1 0 1 AB hddc5on6dpjk784jj3l84f2v6cusm9ef A RRSIG
h77oqqki49o85n481mvj0d0mbpksnho6.infonline.de. 83383 IN RRSIG NSEC3 8 3 86400 20260212000000 20260122000000 12679 infonline.de. EnuKjtF7wqPBnWG8o5/b4X4rQ0iMqm+7HcvcJ2/CHhPWyX1NGtEV6+FPwWxk8dp09qIXIpay+ewnuUeYBn+9UyxQOxbxDAKcDkALYrZ+cgfOQqWf/zYY5qDaDFz4SmSgb3z+HBxbMBWJq1pOhcP6IAoPGTEMDO7HcExKz+Y7pCI= ;{id = 12679}
;rrset 76524 1 0 1 0
g-ns-320.awsdns-00.co.uk. 76524 IN A 205.251.193.64
;rrset 78265 1 0 1 0
g-ns-1930.awsdns-10.net. 78265 IN AAAA 2600:9000:5307:8a00::1
;rrset 76523 1 0 8 0
ns-cloud-e3.googledomains.com. 76523 IN AAAA 2001:4860:4802:36::6e
;rrset 83452 4 0 2 0
awsdns-15.net. 83452 IN NS g-ns-464.awsdns-15.net.
awsdns-15.net. 83452 IN NS g-ns-785.awsdns-15.net.
awsdns-15.net. 83452 IN NS g-ns-1359.awsdns-15.net.
awsdns-15.net. 83452 IN NS g-ns-1935.awsdns-15.net.
;rrset 78526 4 0 2 0
awsglobalaccelerator.com. 78526 IN NS ns-609.awsdns-12.net.
awsglobalaccelerator.com. 78526 IN NS ns-409.awsdns-51.com.
awsglobalaccelerator.com. 78526 IN NS ns-1949.awsdns-51.co.uk.
awsglobalaccelerator.com. 78526 IN NS ns-1484.awsdns-57.org.
;rrset 76523 1 0 8 0
ns-cloud-c1.googledomains.com. 76523 IN A 216.239.32.108
;rrset 76596 4 0 2 0
facebook.com. 76596 IN NS a.ns.facebook.com.
facebook.com. 76596 IN NS b.ns.facebook.com.
facebook.com. 76596 IN NS c.ns.facebook.com.
facebook.com. 76596 IN NS d.ns.facebook.com.
;rrset 76521 1 0 1 0
g-ns-469.awsdns-20.net. 76521 IN AAAA 2600:9000:5301:d500::1
;rrset 76552 1 0 1 0
g-ns-1363.awsdns-19.net. 76552 IN A 205.251.197.83
;rrset 75197 1 0 1 0
c.gtld-servers.net. 75197 IN A 192.26.92.30
;rrset 577 1 0 8 0
ns2.fastly.net. 577 IN A 104.156.80.32
;rrset 76521 1 0 1 0
g-ns-910.awsdns-14.co.uk. 76521 IN AAAA 2600:9000:5303:8e00::1
;rrset 78265 1 0 8 0
ns-1766.awsdns-28.co.uk. 78265 IN A 205.251.198.230
;rrset 77957 1 0 8 0
ns-1016.awsdns-63.net. 77957 IN A 205.251.195.248
;rrset 76526 1 0 1 0
g-ns-1821.awsdns-25.co.uk. 76526 IN A 205.251.199.29
;rrset 724 1 1 7 0
ebersberger-liedersammlung.de. 724 IN SOA ns1.nausch.org. hostmaster.nausch.org. 2026011214 28800 7200 1209600 3600
ebersberger-liedersammlung.de. 724 IN RRSIG SOA 13 2 3600 20260212075344 20260129065344 26039 ebersberger-liedersammlung.de. tv/1ZDsY05Qb+BG94IFGlecMidSL2h0t+gmYaAiHma8jt0kFLw/L3yfyNR3YsaoEAoTaD+VH97cMZh0igVM1fg== ;{id = 26039}
;rrset 83529 2 0 2 0
meteoblue.com. 83529 IN NS scott.ns.cloudflare.com.
meteoblue.com. 83529 IN NS kristin.ns.cloudflare.com.
;rrset 76526 1 0 1 0
b0.info.afilias-nst.org. 76526 IN AAAA 2001:500:1a::1
;rrset 75197 1 0 3 0
a.root-servers.net. 75197 IN AAAA 2001:503:ba3e::2:30
;rrset 75197 1 0 3 0
h.root-servers.net. 75197 IN AAAA 2001:500:1::53
;rrset 83382 2 0 2 0
regdns2.net. 83382 IN NS anycast.regdns1.de.
regdns2.net. 83382 IN NS anycast.regdns2.net.
;rrset 77066 1 0 1 0
dns2.p01.nsone.net. 77066 IN AAAA 2a00:edc0:6259:7:1::2
;rrset 76553 1 0 1 0
g-ns-898.awsdns-02.co.uk. 76553 IN AAAA 2600:9000:5303:8200::1
;rrset 3411 1 1 11 5
nausch.org. 3411 IN DNSKEY 257 3 13 6zc/I6n9tjgSyvwhHJr/rbakRExh0AYpkDjFwr5leZ8uiDdk2cufiAPvmeSnHZOgPFIOfoTNdX3BjMq/zd0dfQ== ;{id = 8020 (ksk), size = 256b}
nausch.org. 3411 IN RRSIG DNSKEY 13 2 3600 20260212075344 20260129065344 8020 nausch.org. tluuzt2RZeFHXE0kro86skYXFuSg2943ilyG4QD31YCj2FgRfMFcNXkES26VvqLctzzmpsxEE4558zP2Sjs2gw== ;{id = 8020}
;rrset 78526 1 0 8 0
ns-1484.awsdns-57.org. 78526 IN AAAA 2600:9000:5305:cc00::1
;rrset 78579 4 0 2 0
awsdns-45.com. 78579 IN NS g-ns-46.awsdns-45.com.
awsdns-45.com. 78579 IN NS g-ns-621.awsdns-45.com.
awsdns-45.com. 78579 IN NS g-ns-1197.awsdns-45.com.
awsdns-45.com. 78579 IN NS g-ns-1773.awsdns-45.com.
;rrset 76523 4 0 2 0
awsdns-44.net. 76523 IN NS g-ns-493.awsdns-44.net.
awsdns-44.net. 76523 IN NS g-ns-814.awsdns-44.net.
awsdns-44.net. 76523 IN NS g-ns-1388.awsdns-44.net.
awsdns-44.net. 76523 IN NS g-ns-1964.awsdns-44.net.
;rrset 78265 1 0 1 0
g-ns-459.awsdns-10.net. 78265 IN A 205.251.193.203
;rrset 988 1 0 1 0
n0g.akamaiedge.net. 988 IN AAAA 2600:1480:e800::c0
;rrset 76523 1 0 8 0
ns-cloud-d1.googledomains.com. 76523 IN AAAA 2001:4860:4802:32::6d
;rrset 77284 3 0 1 0
karina.ns.cloudflare.com. 77284 IN AAAA 2606:4700:50::adf5:3ab2
karina.ns.cloudflare.com. 77284 IN AAAA 2803:f800:50::6ca2:c0b2
karina.ns.cloudflare.com. 77284 IN AAAA 2a06:98c1:50::ac40:20b2
;rrset 76523 1 0 8 0
ns-cloud-c4.googledomains.com. 76523 IN AAAA 2001:4860:4802:38::6c
;rrset 76523 1 0 1 0
ns4.fastly-edge.com. 76523 IN AAAA 2a04:4e47:3::32
;rrset 76655 3 0 1 0
walt.ns.cloudflare.com. 76655 IN A 108.162.193.148
walt.ns.cloudflare.com. 76655 IN A 172.64.33.148
walt.ns.cloudflare.com. 76655 IN A 173.245.59.148
;rrset 584 1 0 8 0
ns4.3qsdn.net. 584 IN AAAA 2a14:30c1:12::2
;rrset 76658 1 0 1 0
g-ns-823.awsdns-53.net. 76658 IN AAAA 2600:9000:5303:3700::1
;rrset 83564 1 0 1 0
g-ns-776.awsdns-06.net. 83564 IN A 205.251.195.8
;rrset 78265 1 0 8 0
ns-370.awsdns-46.com. 78265 IN A 205.251.193.114
;rrset 76668 4 0 2 0
awsdns-59.com. 76668 IN NS g-ns-60.awsdns-59.com.
awsdns-59.com. 76668 IN NS g-ns-635.awsdns-59.com.
awsdns-59.com. 76668 IN NS g-ns-1211.awsdns-59.com.
awsdns-59.com. 76668 IN NS g-ns-1787.awsdns-59.com.
;rrset 83564 1 0 8 0
ns-1229.awsdns-25.org. 83564 IN A 205.251.196.205
;rrset 76526 1 0 1 0
g-ns-1186.awsdns-34.com. 76526 IN AAAA 2600:9000:5304:a200::1
;rrset 76526 1 0 8 0
a20-65.akam.net. 76526 IN A 95.100.175.65
;rrset 76522 1 0 8 0
ns-679.awsdns-20.net. 76522 IN AAAA 2600:9000:5302:a700::1
;rrset 76553 1 0 1 0
g-ns-815.awsdns-45.net. 76553 IN A 205.251.195.47
;rrset 583 1 1 7 2
relay-client-c03.iocnt.net. 83383 IN NSEC relay-client-c04.iocnt.net. A RRSIG NSEC
relay-client-c03.iocnt.net. 83383 IN RRSIG NSEC 13 3 86400 20260212000000 20260122000000 49021 iocnt.net. fLF62bRvl1bfmBeVq2IyoDg3D/Usw/woImOlTzHQkEBoSzlPie+skd4zx82487/4imMSaxj4CVnLhvHdSm+tSQ== ;{id = 49021}
;rrset 76620 3 1 8 0
gabe.ns.cloudflare.com. 76620 IN AAAA 2a06:98c1:50::ac40:2172
gabe.ns.cloudflare.com. 76620 IN AAAA 2803:f800:50::6ca2:c172
gabe.ns.cloudflare.com. 76620 IN AAAA 2606:4700:58::adf5:3b72
gabe.ns.cloudflare.com. 76620 IN RRSIG AAAA 13 4 86353 20260130103121 20260128083121 34505 cloudflare.com. OhHzZAyPqTFFjiJ6mgC7VS62xia6ieKuavbpM407TyhJvWWRo+47op5BW2QDE9FpGWkIQl94ZHqxlf/cnUkFeQ== ;{id = 34505}
;rrset 83452 1 0 8 0
ns-1072.awsdns-06.org. 83452 IN AAAA 2600:9000:5304:3000::1
;rrset 75574 1 0 1 0
a0.org.afilias-nst.info. 75574 IN A 199.19.56.1
;rrset 764 1 0 1 0
g-ns-1637.awsdns-37.org. 764 IN AAAA 2600:9000:5306:6500::1
;rrset 75574 3 0 2 0
second-ns.com. 75574 IN NS ns1.your-server.de.
second-ns.com. 75574 IN NS ns.second-ns.com.
second-ns.com. 75574 IN NS ns3.second-ns.de.
;rrset 76658 1 0 1 0
g-ns-1397.awsdns-53.net. 76658 IN AAAA 2600:9000:5305:7500::1
;rrset 76521 1 0 1 0
g-ns-790.awsdns-20.net. 76521 IN A 205.251.195.22
;rrset 76553 1 0 1 0
g-ns-591.awsdns-15.com. 76553 IN AAAA 2600:9000:5302:4f00::1
;rrset 75998 4 0 2 0
23m.com. 75998 IN NS a.23m.com.
23m.com. 75998 IN NS b.23m.com.
23m.com. 75998 IN NS c.23m.com.
23m.com. 75998 IN NS d.23m.com.
;rrset 76597 4 0 2 0
google.de. 76597 IN NS ns1.google.com.
google.de. 76597 IN NS ns2.google.com.
google.de. 76597 IN NS ns3.google.com.
google.de. 76597 IN NS ns4.google.com.
;rrset 76526 1 0 1 0
g-ns-1816.awsdns-20.co.uk. 76526 IN AAAA 2600:9000:5307:1800::1
;rrset 77957 4 0 2 0
awsdns-63.net. 77957 IN NS g-ns-193.awsdns-63.net.
awsdns-63.net. 77957 IN NS g-ns-514.awsdns-63.net.
awsdns-63.net. 77957 IN NS g-ns-1407.awsdns-63.net.
awsdns-63.net. 77957 IN NS g-ns-1983.awsdns-63.net.
;rrset 78579 1 0 1 0
g-ns-1773.awsdns-45.com. 78579 IN AAAA 2600:9000:5306:ed00::1
;rrset 12 1 1 7 0
KVRPIN1BS6J8B01AJ3TKKS67DNT4S6DQ.10.0.10.in-addr.arpa. 12 IN NSEC3 1 0 0 - leaqsngd0bjv3eg0f497trp74qpt06bf NS SOA MX RRSIG DNSKEY NSEC3PARAM TYPE65534
KVRPIN1BS6J8B01AJ3TKKS67DNT4S6DQ.10.0.10.in-addr.arpa. 12 IN RRSIG NSEC3 13 6 600 20260211190454 20260128191743 34902 10.0.10.in-addr.arpa. yXb4eJ4ohIuuYr+QiKyj5vQYkKG4jZp+qAhB2ZfkRre3RDgj7g1NkjJTCdWsfgdzfUPTJSjCm0xlic5BmtSMTw== ;{id = 34902}
;rrset 583 1 1 7 0
ska8epadl6shk4d85btn80qtlkfu31f8.infonline.de. 83383 IN NSEC3 1 0 1 AB spj3m1utaghn2ci78j90annig5dvgre7 A RRSIG
ska8epadl6shk4d85btn80qtlkfu31f8.infonline.de. 83383 IN RRSIG NSEC3 8 3 86400 20260212000000 20260122000000 12679 infonline.de. qh2RXfILnk9pE7Byl1bT/23K2AaBIl0SuBG3viMr5BS9QrXzWo1NonmQwyojLOK5hO8WZ0lrPzOCKcyxmOwImRUaDvSFQrm5tkI9ewQxa8eFbEORs4/To8jGPNchYhA8knoyYNVTFHuivTcKn8zLgtiZYHGWCvqcheqhVPh1JvY= ;{id = 12679}
;rrset 77048 1 0 1 0
g-ns-619.awsdns-43.com. 77048 IN A 205.251.194.107
;rrset 78361 4 0 2 0
awsdns-21.co.uk. 78361 IN NS g-ns-341.awsdns-21.co.uk.
awsdns-21.co.uk. 78361 IN NS g-ns-917.awsdns-21.co.uk.
awsdns-21.co.uk. 78361 IN NS g-ns-1496.awsdns-21.co.uk.
awsdns-21.co.uk. 78361 IN NS g-ns-1817.awsdns-21.co.uk.
;rrset 76552 1 0 1 0
g-ns-628.awsdns-52.com. 76552 IN AAAA 2600:9000:5302:7400::1
;rrset 76596 1 0 1 0
g-ns-632.awsdns-56.com. 76596 IN A 205.251.194.120
;rrset 76552 1 0 1 0
g-ns-43.awsdns-42.com. 76552 IN AAAA 2600:9000:5300:2b00::1
;rrset 78579 1 0 1 0
g-ns-1197.awsdns-45.com. 78579 IN AAAA 2600:9000:5304:ad00::1
;rrset 76082 1 0 1 0
ns2.afrinic.net. 76082 IN A 196.216.168.10
;rrset 3012 1 1 11 5
10.0.10.in-addr.arpa. 3012 IN DNSKEY 257 3 13 5+59AdCYS/jkhrGkg8pjZYQd03L0o6tgyoX4llkSzU1zsluJjiOUP52AuWEmDMLfr+T0LqDpG+4w1URnTf9OxQ== ;{id = 34902 (ksk), size = 256b}
10.0.10.in-addr.arpa. 3012 IN RRSIG DNSKEY 13 5 3600 20260212075344 20260129065344 34902 10.0.10.in-addr.arpa. F8/dWXeoUNNv/1i8bLBpaUzFHQnPGTDus3/h6H8pSdXoFnZq4VotUvKPo2Pw/ynVIAaLlJQF4ZkXGFwDQLBrxw== ;{id = 34902}
;rrset 76523 1 0 1 0
g-ns-1199.awsdns-47.com. 76523 IN A 205.251.196.175
;rrset 78579 1 0 1 0
g-ns-1960.awsdns-40.net. 78579 IN AAAA 2600:9000:5307:a800::1
;rrset 76553 1 0 1 0
g-ns-815.awsdns-45.net. 76553 IN AAAA 2600:9000:5303:2f00::1
;rrset 76523 1 0 8 0
ns-cloud-d4.googledomains.com. 76523 IN A 216.239.38.109
;rrset 75197 1 0 1 0
a.nic.de. 75197 IN A 194.0.0.53
;rrset 76081 1 0 1 0
f.dns.br. 76081 IN AAAA 2001:12f8:c::10
;rrset 764 1 0 1 0
g-ns-133.awsdns-05.org. 764 IN AAAA 2600:9000:5300:8500::1
;rrset 77957 1 0 8 0
ns-132.awsdns-16.com. 77957 IN AAAA 2600:9000:5300:8400::1
;rrset 78477 3 1 8 0
zita.ns.cloudflare.com. 78477 IN AAAA 2606:4700:50::adf5:3af3
zita.ns.cloudflare.com. 78477 IN AAAA 2a06:98c1:50::ac40:20f3
zita.ns.cloudflare.com. 78477 IN AAAA 2803:f800:50::6ca2:c0f3
zita.ns.cloudflare.com. 78477 IN RRSIG AAAA 13 4 86353 20260130110218 20260128090218 34505 cloudflare.com. wVKiHzqJ0aZBwtDdNyEt9FrpCMHhChOUb7kbVsVQkePvwRIDYtLS1c7urzFLHGBRwN7lsKH+ukOpiCPGwHWFYA== ;{id = 34505}
;rrset 83564 1 0 1 0
g-ns-633.awsdns-57.com. 83564 IN AAAA 2600:9000:5302:7900::1
;rrset 76551 1 0 1 0
g-ns-777.awsdns-07.net. 76551 IN AAAA 2600:9000:5303:900::1
;rrset 75574 1 0 1 0
a2.org.afilias-nst.info. 75574 IN A 199.249.112.1
;rrset 75197 1 0 1 0
a.gtld-servers.net. 75197 IN A 192.5.6.30
;rrset 7852 1 1 2 0
2KIL1RNHIFSSF8R78L7NOBBI1SQNQ4RU.co.uk. 7852 IN NSEC3 1 1 0 - 2kisgl5t2f6pd329hp07dnd656q1ibup NS DS RRSIG ;{flags: optout}
2KIL1RNHIFSSF8R78L7NOBBI1SQNQ4RU.co.uk. 7852 IN RRSIG NSEC3 8 3 10800 20260305042131 20260129033342 44346 co.uk. ahPkpo9kA2LpduOL4SjIqQMs1brvnnhgUoR9gJTlDds+nw5wQHUBBUJ3Z6DIeNNdVx+JsACIJe9MI8jU4s34QwE/Gv9SfCAEtFii4LFxSk//o52ARGtaNo+PqST2HPahde/W2aUl2gKrI7TzF2cqlH6xePNGwTPa42GD3GXxUbp3HbSHkJpsGrbg0i9DqPmmCCHJ+RfPpyppNw+qaEw7mrLKZmQJKQgFZDO0nxodbEWQVzaWNzFP0fuKSzZn5jm31efi0AyjzEmsDLacF1QxrbNcT+TCKFrwn6PiTZMWArTYzvLKgXtkCoVdCvGnNKa/gdaLyD3zN5ooyBDM4FeDoA== ;{id = 44346}
;rrset 76526 1 0 1 0
m.gtld.biz. 76526 IN AAAA 2610:a1:3180::53
;rrset 76526 1 0 1 0
g-ns3.amzndns.co.uk. 76526 IN A 205.251.195.158
;rrset 76526 1 0 1 0
g-ns-1186.awsdns-34.com. 76526 IN A 205.251.196.162
;rrset 76526 1 0 8 0
ns-1701.awsdns-20.co.uk. 76526 IN A 205.251.198.165
;rrset 76521 1 0 1 0
g-ns-1810.awsdns-14.co.uk. 76521 IN A 205.251.199.18
;rrset 76526 1 0 8 0
a5-67.akam.net. 76526 IN AAAA 2600:1480:b000::43
;rrset 652 1 0 1 0
g-ns-756.awsdns-50.org. 652 IN A 205.251.194.244
;rrset 76668 1 0 1 0
d.nic.fr. 76668 IN A 194.0.9.1
;rrset 77957 4 0 2 0
awsdns-16.com. 77957 IN NS g-ns-17.awsdns-16.com.
awsdns-16.com. 77957 IN NS g-ns-592.awsdns-16.com.
awsdns-16.com. 77957 IN NS g-ns-1168.awsdns-16.com.
awsdns-16.com. 77957 IN NS g-ns-1744.awsdns-16.com.
;rrset 4669 1 0 8 0
udns2.cscudns.org. 4669 IN AAAA 2610:a1:3214::53
;rrset 83564 1 0 1 0
g-ns-633.awsdns-57.com. 83564 IN A 205.251.194.121
;rrset 76526 8 0 2 0
amazon.de. 76526 IN NS ns1.amzndns.co.uk.
amazon.de. 76526 IN NS ns1.amzndns.com.
amazon.de. 76526 IN NS ns1.amzndns.net.
amazon.de. 76526 IN NS ns1.amzndns.org.
amazon.de. 76526 IN NS ns2.amzndns.co.uk.
amazon.de. 76526 IN NS ns2.amzndns.com.
amazon.de. 76526 IN NS ns2.amzndns.net.
amazon.de. 76526 IN NS ns2.amzndns.org.
;rrset 76668 1 0 8 0
ns-627.awsdns-14.net. 76668 IN AAAA 2600:9000:5302:7300::1
;rrset 76523 1 0 1 0
g-ns-48.awsdns-47.com. 76523 IN AAAA 2600:9000:5300:3000::1
;rrset 83564 1 0 1 0
g-ns-1209.awsdns-57.com. 83564 IN AAAA 2600:9000:5304:b900::1
;rrset 76523 3 0 1 0
ingrid.ns.cloudflare.com. 76523 IN AAAA 2606:4700:50::adf5:3aa5
ingrid.ns.cloudflare.com. 76523 IN AAAA 2803:f800:50::6ca2:c0a5
ingrid.ns.cloudflare.com. 76523 IN AAAA 2a06:98c1:50::ac40:20a5
;rrset 76081 1 0 1 0
u.arin.net. 76081 IN A 204.61.216.50
;rrset 584 1 0 8 0
ns2.3qsdn.net. 584 IN A 91.242.173.33
;rrset 724 1 1 11 5
ebersberger-liedersammlung.de. 724 IN DNSKEY 257 3 13 udx661Pcmr9Cfjq8OPkCMthvWfy6sLlwP587cXjhiNWLy+R+sMAi27U0uF94sdVLePAo2fsIujNEaEushEP3sw== ;{id = 26039 (ksk), size = 256b}
ebersberger-liedersammlung.de. 724 IN RRSIG DNSKEY 13 2 3600 20260212075344 20260129065344 26039 ebersberger-liedersammlung.de. oY2SshqkSxif2WjvaqY9wBJDX4zKyrtPoIYI7uBS2hE+T+mCrbCFxKuZ33cF6ao2G+IL7gkUnFsV19A6r85mUw== ;{id = 26039}
;rrset 588 1 0 1 0
g-ns-153.awsdns-25.org. 588 IN AAAA 2600:9000:5300:9900::1
;rrset 76668 1 0 1 0
g-ns-257.awsdns-63.com. 76668 IN A 205.251.193.1
;rrset 76668 3 0 2 0
comlaude.co.uk. 76668 IN NS nsgbr.comlaude.co.uk.
comlaude.co.uk. 76668 IN NS nssui.comlaude.ch.
comlaude.co.uk. 76668 IN NS nsusa.comlaude.net.
;rrset 76081 1 0 1 0
cl2-tld.d-zone.ca. 76081 IN A 185.159.198.56
;rrset 77048 1 0 1 0
g-ns-44.awsdns-43.com. 77048 IN A 205.251.192.44
;rrset 78265 1 0 1 0
g-ns-1837.awsdns-41.co.uk. 78265 IN AAAA 2600:9000:5307:2d00::1
;rrset 77066 1 0 1 0
dns3.p01.nsone.net. 77066 IN A 198.51.44.65
;rrset 77066 1 0 1 0
ns04.quack-dns.com. 77066 IN AAAA 2607:f740:e049:c::1
;rrset 75574 1 1 2 0
org. 75574 IN DS 26974 8 2 4FEDE294C53F438A158C41D39489CD78A86BEB0D8A0AEAFF14745C0D16E1DE32
org. 75574 IN RRSIG DS 8 1 86400 20260211050000 20260129040000 21831 . ZR8mt7lHV36rR7MTDOAUd7/CKITtccXNdAkv+LZtWycw6lZaXLqHniHQ4iCby6j+hP07gtJjWPzDNLlNk9AEHg5r3DF0HF7dma1CUaBNzbSZ/1iF/Vj0CLQrY8V0LhTb20ihUXh8+QUOy1I6IRJpZAZRFxh0qCNSkrBU3GfVwFitAlVLUaKFTuyFSxEq/5I2RxyT5OQTAx90hXamKvIU2D9j20tSYkjxg8rqD8kg+N30JA0a7trSMAGRBAFKdtuqBKI82f5ndQHQoEG9D6IPWLdpoWA3mEKFVVokApa7kgqQDIcbBT8nfOoVke01Mh+v6S0MHE5u9IjgUtxBV1+c1g== ;{id = 21831}
;rrset 76526 1 0 1 0
g-ns-1495.awsdns-20.co.uk. 76526 IN AAAA 2600:9000:5305:d700::1
;rrset 76551 1 0 8 0
ns-1918.awsdns-47.co.uk. 76551 IN A 205.251.199.126
;rrset 76249 3 1 8 0
blue.foundationdns.org. 76249 IN A 172.64.40.61
blue.foundationdns.org. 76249 IN A 162.159.60.61
blue.foundationdns.org. 76249 IN A 108.162.198.61
blue.foundationdns.org. 76249 IN RRSIG A 13 3 86353 20260130102510 20260128082510 34505 foundationdns.org. bt6SX5zc1WIXabP2ze0lrYekFefIhWcuw43Fla4UJ55bZz11eA6PamiHBQ9XjmeZ8hoRxr1+Sl76eQhtvD5RFQ== ;{id = 34505}
;rrset 76668 1 1 8 0
nssui.comlaude.ch. 76668 IN AAAA 2a00:edc0:6259:7:11::2
nssui.comlaude.ch. 76668 IN RRSIG AAAA 13 3 86400 20260130103122 20260129083122 8875 comlaude.ch. g7GlBc/kCxRYXvnsD+EE6fxvfTahf8+EYm0CBdkjlCnfGWAArsIPu74Oxcqs/J1gOX4OPBziT3T+WHDb2PBTvA== ;{id = 8875}
;rrset 7788 1 1 2 0
9CPQO30K7GPDGDB90RJOECQA40PP9H5V.co.uk. 7788 IN NSEC3 1 1 0 - 9cq2rrg4bqd0s922m4qdffa0u84o2kct NS DS RRSIG ;{flags: optout}
9CPQO30K7GPDGDB90RJOECQA40PP9H5V.co.uk. 7788 IN RRSIG NSEC3 8 3 10800 20260305004138 20260129000024 44346 co.uk. q5/giWt1QKd1ncU48RXhr4IZ99UIWZuZAGUpTMEcbj01QQ3aloUyREzqxmrr7xFYBwpHcPYgOekD2Jo73W3YtYK4EsCekVYGQlZ1JgvTa3xaOO0zsnUbg/ZJF4GHR5KE6fsw3RE9xBjXLy/ba3WkD3i/JrO5emMeF3YvV37dkvkWDSsMBcWhLJjx4wxRw4wOxLg52lgXqaKy+vYwJAcj0sku4+mae1WgK228K26/7YbN7o7qrAwYz/5Gh5xbvy4gKgKFarzQHDUhHYOwbFBUr90VVsVGkYTyVFH10Dfg48OJsgquceqJUx0HgV9h3UD3+OhjwIypGXAMHXRHAcDbsQ== ;{id = 44346}
;rrset 1217 1 1 7 0
MIULOR7V6APH9D03FFVEL0JVQRLMRNQC.13.92.217.in-addr.arpa. 1217 IN NSEC3 1 0 0 - 1m60nd5i23ecr7rpkmac3kcsn0rk4s9p A AAAA RRSIG
MIULOR7V6APH9D03FFVEL0JVQRLMRNQC.13.92.217.in-addr.arpa. 1217 IN RRSIG NSEC3 13 6 3600 20260211092948 20260128191743 7117 13.92.217.in-addr.arpa. hPjFoDGICyt6Tte0XNdHUvfXdNbS74sUt6yTH8RC4I4U+Rv6TkPcg/sA+XTN7ofWE+O98keymfnjfOkDCZ1sVQ== ;{id = 7117}
;rrset 76551 1 0 1 0
g-ns-826.awsdns-56.net. 76551 IN AAAA 2600:9000:5303:3a00::1
;rrset 78264 1 0 1 0
g-ns-1921.awsdns-01.net. 78264 IN A 205.251.199.129
;rrset 76551 1 0 1 0
g-ns-505.awsdns-56.net. 76551 IN AAAA 2600:9000:5301:f900::1
;rrset 76526 1 0 1 0
g-ns4.amzndns.net. 76526 IN AAAA 2600:9000:5306:d300::1
;rrset 76523 1 0 8 0
ns-cloud-a2.googledomains.com. 76523 IN A 216.239.34.106
;rrset 78361 1 1 8 0
dns3.p08.nsone.net. 78361 IN A 198.51.44.72
dns3.p08.nsone.net. 78361 IN RRSIG A 13 4 86400 20260130105935 20260129085935 12196 nsone.net. DWXb5E5McMWpHmchdx2Rqdh4fiFMQv4OQbwYaME2JHcCuRTwIBaks398VvGiCDpgfY3+pfEEFLkQ1Q8AMbbHRg== ;{id = 12196}
;rrset 76551 1 0 8 0
ns-967.awsdns-56.net. 76551 IN AAAA 2600:9000:5303:c700::1
;rrset 76081 1 0 1 0
ns4.lacnic.net. 76081 IN AAAA 2001:13c7:7020:210::35
;rrset 76526 4 0 2 0
amzndns.co.uk. 76526 IN NS g-ns4.amzndns.co.uk.
amzndns.co.uk. 76526 IN NS g-ns3.amzndns.co.uk.
amzndns.co.uk. 76526 IN NS g-ns1.amzndns.co.uk.
amzndns.co.uk. 76526 IN NS g-ns2.amzndns.co.uk.
;rrset 76551 1 0 1 0
g-ns-1746.awsdns-18.com. 76551 IN AAAA 2600:9000:5306:d200::1
;rrset 76553 1 0 8 0
ns-879.awsdns-45.net. 76553 IN AAAA 2600:9000:5303:6f00::1
;rrset 76523 1 0 8 0
ns-1986.awsdns-56.co.uk. 76523 IN AAAA 2600:9000:5307:c200::1
;rrset 11852 4 0 2 0
ingest.de.sentry.io. 11852 IN NS ns-cloud-c2.googledomains.com.
ingest.de.sentry.io. 11852 IN NS ns-cloud-c1.googledomains.com.
ingest.de.sentry.io. 11852 IN NS ns-cloud-c3.googledomains.com.
ingest.de.sentry.io. 11852 IN NS ns-cloud-c4.googledomains.com.
;rrset 922 1 1 2 0
646s4plp8tpvb409ur0o28rjaippf3vb.co.uk. 922 IN NSEC3 1 1 0 - 647f1fbbrlmq9q2dsoln4knvae42ol36 NS DS RRSIG ;{flags: optout}
646s4plp8tpvb409ur0o28rjaippf3vb.co.uk. 922 IN RRSIG NSEC3 8 3 10800 20260305004846 20260129000431 44346 co.uk. VhU/2OKsBcYaD5wHeBtvAcFmKCPvgdImMNC9AS3HKprO2FTqWVM8rzgDzOPt4feo/ip+wYlAATOzECBd7pqUvOzA7qv6VG/KPAWxZGXsPjAEPnUrBNXKZdQDV0lG5JevbyXAH9pY13crEKM/WL18eUDq4hlVqb/nDvn0VukNj4NrX7Yv0PqXaaXcrG9+g+wgLlnW0/Prdvf6Wr+iqGN4UQQ3yEWPZmMbUh2qpwfOIh86AHV9R2fr013FEGgFSJEYmx21nnCViDOjjZrj39/ArCdEUj6m6lgYWFTSyw9lR1knvRLiHDflVyzEi7z7k5QX3fbQvnXxPVXL2YsKzwuwVA== ;{id = 44346}
;rrset 20 1 0 7 0
hetzner.com. 20 IN SOA ns1.your-server.de. postmaster.your-server.de. 2026011511 14400 10800 604800 7200
;rrset 76523 1 0 8 0
ns-cloud-b2.googledomains.com. 76523 IN AAAA 2001:4860:4802:34::6b
;rrset 83564 1 0 1 0
g-ns-1826.awsdns-30.co.uk. 83564 IN AAAA 2600:9000:5307:2200::1
;rrset 78526 1 0 1 0
g-ns-1779.awsdns-51.com. 78526 IN AAAA 2600:9000:5306:f300::1
;rrset 76552 1 0 1 0
g-ns-1394.awsdns-50.net. 76552 IN A 205.251.197.114
;rrset 77284 3 0 1 0
carmelo.ns.cloudflare.com. 77284 IN AAAA 2606:4700:58::a29f:2c81
carmelo.ns.cloudflare.com. 77284 IN AAAA 2803:f800:50::6ca2:c381
carmelo.ns.cloudflare.com. 77284 IN AAAA 2a06:98c1:50::ac40:2381
;rrset 76599 1 0 1 0
ns-tld5.charlestonroadregistry.com. 76599 IN AAAA 2001:4860:4805::69
;rrset 76522 1 0 1 0
g-ns-1401.awsdns-57.net. 76522 IN AAAA 2600:9000:5305:7900::1
;rrset 20 3 0 2 0
archlinux.org. 20 IN NS helium.ns.hetzner.de.
archlinux.org. 20 IN NS hydrogen.ns.hetzner.com.
archlinux.org. 20 IN NS oxygen.ns.hetzner.com.
;rrset 78264 1 0 1 0
g-ns-1345.awsdns-01.net. 78264 IN A 205.251.197.65
;rrset 77957 1 0 8 0
ns-1016.awsdns-63.net. 77957 IN AAAA 2600:9000:5303:f800::1
;rrset 76526 1 1 2 0
biz. 76526 IN DS 11044 8 2 E41AF415E6CD0727C2924D6E60B896FB9C6D81831AC90C9DCA4C22497701AB1A
biz. 76526 IN RRSIG DS 8 1 86400 20260211050000 20260129040000 21831 . Xn9VySrg3n81beFnEMWc88R/RGDxNPu/Jm2CdC7avnd1iohft3U7aLHqEv07SXHij+xzJ9J6oTLC2ybNOszfIGVsaMyzZxxsRnaDm2O2+DDi7xLeESQtFBxhzgrrV5EL7NElsGb0MlJo+xCJZNYZzqskv8XCvS/6qJdbGXqS5qtuBJreDUfVEWselhC9F70G70BEe9poxbLOomGCJU0ffFppk8XG3Y473hdRLv8ZTpvrShnj0esDRbldfjdC3+NYXwlEh+hGA95ooZ9akG2i7eg8RYBDkBTfAgUgwBOmgSOU1sBBtMPecyHd0j39dy16bzABQWlN+pYr6H9Q2mTGLQ== ;{id = 21831}
;rrset 75197 1 0 1 0
a.gtld-servers.net. 75197 IN AAAA 2001:503:a83e::2:30
;rrset 76526 1 0 1 0
a.gtld.biz. 76526 IN A 156.154.124.65
;rrset 76552 4 0 2 0
cloudfront.net. 76552 IN NS ns-666.awsdns-19.net.
cloudfront.net. 76552 IN NS ns-418.awsdns-52.com.
cloudfront.net. 76552 IN NS ns-1597.awsdns-07.co.uk.
cloudfront.net. 76552 IN NS ns-1306.awsdns-35.org.
;rrset 76081 1 0 1 0
c.dns.br. 76081 IN AAAA 2001:12f8:a::10
;rrset 76668 1 0 1 0
g-ns-936.awsdns-40.co.uk. 76668 IN AAAA 2600:9000:5303:a800::1
;rrset 76523 4 0 2 0
awsdns-22.com. 76523 IN NS g-ns-23.awsdns-22.com.
awsdns-22.com. 76523 IN NS g-ns-598.awsdns-22.com.
awsdns-22.com. 76523 IN NS g-ns-1174.awsdns-22.com.
awsdns-22.com. 76523 IN NS g-ns-1750.awsdns-22.com.
;rrset 75197 1 0 1 0
f.ip6-servers.arpa. 75197 IN A 193.0.9.2
;rrset 76526 1 1 2 0
io. 76526 IN DS 57355 8 2 95A57C3BAB7849DBCDDF7C72ADA71A88146B141110318CA5BE672057E865C3E2
io. 76526 IN RRSIG DS 8 1 86400 20260211050000 20260129040000 21831 . fAzJoLlga1zFhIG6dmIyXtQt/8cW2SON3gpfipB8VbNWxLfUHqB0bn1xI8yCX3DmwTCjbWPn1ay1chSE8rnoPqmHkDlfifSjZnEwifUMIgcLfpU9OPV5VRmtXjhilZsd/JC02b0ccF5YaWN9ycSPeWi+ytmGyxs4P/YzioxCF0os1Lkp0++lUh0w3l7pk83GyAJoDznL/sRnpeYlU/RhjQcbXT79Xr7GkgSwTGzMR6A0HNcf55w7nVYA3twrP206aeX8kxmUxc+I87YpuQYz9WKKPm7SY3jRdXxdYIgWsnX2BJOu840DnruaR/TKYGCsvGIzo+ZTVSfiaAAFY3xe1A== ;{id = 21831}
;rrset 18924 1 1 8 0
a.icann-servers.net. 18924 IN A 199.43.135.53
a.icann-servers.net. 18924 IN RRSIG A 13 3 28800 20260204173133 20260114162939 31352 icann-servers.net. bRqrKl97Qm30PDQJLbnwhwCxoV0LrTVuZ+fCh3sKZ+8RZTTwN92qyxhNCjAeIcV92AGWZpROx6xqMGUF08h5Jw== ;{id = 31352}
;rrset 76081 1 0 1 0
apnic.authdns.ripe.net. 76081 IN A 193.0.9.9
;rrset 76523 1 0 1 0
g-ns-461.awsdns-12.net. 76523 IN A 205.251.193.205
;rrset 76081 1 1 8 0
pri.authdns.ripe.net. 76081 IN AAAA 2a13:27c0:30::5
pri.authdns.ripe.net. 76081 IN RRSIG AAAA 13 4 86400 20260205133944 20260122120944 38758 ripe.net. Y3e/KFLW6k3saQ7vhg8FW23w04COQLN3JxswlP9DeE+dsbRIJ93AWa5ybnbguSPdjqv9IZcBgxsmZkVUeBboWg== ;{id = 38758}
;rrset 4183 1 1 2 0
tf1m6cdosu8lnmdc3b6cbous956itj7q.de. 4183 IN NSEC3 1 1 15 CA12B74ADB90591A tf1smokuasi07154j3gsk8ee1bgipl67 A RRSIG ;{flags: optout}
tf1m6cdosu8lnmdc3b6cbous956itj7q.de. 4183 IN RRSIG NSEC3 8 2 7200 20260208072125 20260125055125 14058 de. wv/GGUATYllSu7yD0irVSjv1lHyL2urLptWvWmjWiWPe7iQtrgcm9s18dVCmBK61Y2bvTswIgIiNvDTQSQmIDhj8DpxU280EAJNXUUrati9LPPAAzS1L3BkNUDpQFuX07cz+8XOFGhBRzWHl7Xi/V+lAlAuRfl5wU4/t6u0LWlk= ;{id = 14058}
;rrset 76553 4 0 2 0
awsdns-15.com. 76553 IN NS g-ns-16.awsdns-15.com.
awsdns-15.com. 76553 IN NS g-ns-591.awsdns-15.com.
awsdns-15.com. 76553 IN NS g-ns-1167.awsdns-15.com.
awsdns-15.com. 76553 IN NS g-ns-1743.awsdns-15.com.
;rrset 764 1 0 1 0
g-ns-1651.awsdns-51.org. 764 IN A 205.251.198.115
;rrset 83564 4 0 2 0
awsdns-40.com. 83564 IN NS g-ns-41.awsdns-40.com.
awsdns-40.com. 83564 IN NS g-ns-616.awsdns-40.com.
awsdns-40.com. 83564 IN NS g-ns-1192.awsdns-40.com.
awsdns-40.com. 83564 IN NS g-ns-1768.awsdns-40.com.
;rrset 77284 2 0 2 0
getwallpapers.com. 77284 IN NS karina.ns.cloudflare.com.
getwallpapers.com. 77284 IN NS carmelo.ns.cloudflare.com.
;rrset 75197 1 0 3 0
b.root-servers.net. 75197 IN A 170.247.170.2
;rrset 588 1 0 1 0
g-ns-1613.awsdns-13.org. 588 IN A 205.251.198.77
;rrset 76081 1 0 1 0
b.dns.br. 76081 IN AAAA 2001:12f8:8::10
;rrset 76668 4 0 2 0
awsdns-63.com. 76668 IN NS g-ns-257.awsdns-63.com.
awsdns-63.com. 76668 IN NS g-ns-639.awsdns-63.com.
awsdns-63.com. 76668 IN NS g-ns-1215.awsdns-63.com.
awsdns-63.com. 76668 IN NS g-ns-1984.awsdns-63.com.
;rrset 76668 1 0 1 0
f.nic.ch. 76668 IN AAAA 2001:67c:1010:2::53
;rrset 76551 1 0 1 0
g-ns-1522.awsdns-47.co.uk. 76551 IN AAAA 2600:9000:5305:f200::1
;rrset 926 1 1 2 0
44f4bdf40j2cufd70ak7sora9lj4uv7u.co.uk. 926 IN NSEC3 1 1 0 - 44fdk3kt6pj5rh02akp0njbupmi1rqqm NS DS RRSIG ;{flags: optout}
44f4bdf40j2cufd70ak7sora9lj4uv7u.co.uk. 926 IN RRSIG NSEC3 8 3 10800 20260305022857 20260129021422 44346 co.uk. qz5nknv6E6g5qd1cW1+U+gk6Hql5PnxK1sCbR3zEFcY738w7rRN/L1pYX1LS/3GCBq7jlCIZ+UuaLOqy7w+ZyXb64wkho55hvSdgo4jgHGis5CrM3Bb2TlCGBgkrnP4BlIwDoRJeoUfuNmJNHTvNAgSqsJrDWsEeDi9X8a3ji8FqpCgc8suo6wg5NLHVBtz56HJl06xusn8cLTOs0OCHm6Z06IXQ9PiqS7U10hufAdZzEPrN6nTjZ0C15QLHFhT9LtmqKzbm23M8Ar4jJKsi9zO38FekON3b1LEXSdfyYjxexmPr6IyiX0WygCauxayJKk0v/3EXsilHk1o+t9iOGw== ;{id = 44346}
;rrset 652 1 0 1 0
g-ns-1606.awsdns-06.org. 652 IN AAAA 2600:9000:5306:4600::1
;rrset 78265 1 0 1 0
g-ns-1774.awsdns-46.com. 78265 IN AAAA 2600:9000:5306:ee00::1
;rrset 76526 1 0 1 0
g-ns-1816.awsdns-20.co.uk. 76526 IN A 205.251.199.24
;rrset 76521 1 0 1 0
g-ns-469.awsdns-20.net. 76521 IN A 205.251.193.213
;rrset 76523 4 0 2 0
mozaws.net. 76523 IN NS ns-178.awsdns-22.com.
mozaws.net. 76523 IN NS ns-865.awsdns-44.net.
mozaws.net. 76523 IN NS ns-1084.awsdns-07.org.
mozaws.net. 76523 IN NS ns-1995.awsdns-57.co.uk.
;rrset 76668 1 0 1 0
g-ns-1836.awsdns-40.co.uk. 76668 IN A 205.251.199.44
;rrset 75197 1 0 1 0
e.gtld-servers.net. 75197 IN AAAA 2001:502:1ca1::30
;rrset 78579 1 0 1 0
g-ns-1773.awsdns-45.com. 78579 IN A 205.251.198.237
;rrset 77048 1 0 1 0
g-ns-1804.awsdns-08.co.uk. 77048 IN A 205.251.199.12
;rrset 76081 1 0 1 0
a.nic.cl. 76081 IN AAAA 2001:1398:121:0:190:124:27:10
;rrset 588 1 0 1 0
g-ns-1040.awsdns-13.org. 588 IN AAAA 2600:9000:5304:1000::1
;rrset 76526 1 0 8 0
pdns109.ultradns.org. 76526 IN AAAA 2001:502:4612::91
;rrset 76034 1 0 8 0
secondary004.dtag.net. 76034 IN A 195.244.245.27
;rrset 76552 1 0 8 0
ns-1805.awsdns-33.co.uk. 76552 IN AAAA 2600:9000:5307:d00::1
;rrset 76249 3 1 8 0
blue.foundationdns.net. 76249 IN AAAA 2803:f800:52::a29f:3c1f
blue.foundationdns.net. 76249 IN AAAA 2a06:98c1:56::ac40:281f
blue.foundationdns.net. 76249 IN AAAA 2606:4700:57::6ca2:c61f
blue.foundationdns.net. 76249 IN RRSIG AAAA 13 3 86353 20260130102510 20260128082510 34505 foundationdns.net. QGi94cXjbjqPOWJT6VYNHV03NdL4bvCYPNQztejFz7EAs6abxorNYuaEGXg2+9dK4qrJ6Ph/sWmBMpHEwrCDhQ== ;{id = 34505}
;rrset 75197 1 0 3 0
i.root-servers.net. 75197 IN A 192.36.148.17
;rrset 76551 1 0 1 0
g-ns-1400.awsdns-56.net. 76551 IN AAAA 2600:9000:5305:7800::1
;rrset 76296 1 0 1 0
ams.nether.net. 76296 IN AAAA 2001:728:1808::4
;rrset 76524 5 0 2 0
cloudflare.com. 76524 IN NS ns3.cloudflare.com.
cloudflare.com. 76524 IN NS ns5.cloudflare.com.
cloudflare.com. 76524 IN NS ns4.cloudflare.com.
cloudflare.com. 76524 IN NS ns6.cloudflare.com.
cloudflare.com. 76524 IN NS ns7.cloudflare.com.
;rrset 76295 1 1 8 0
ns0.leaseweb.com. 76295 IN A 23.19.196.53
ns0.leaseweb.com. 76295 IN RRSIG A 13 3 86400 20260212000000 20260122000000 34591 leaseweb.com. ziWgnpxwxUiM2gpANxHMrSS8wkQ1FEBEsrWgvkkcJ8sCrcTMQekIhns5a7Nl2a2GU8zwHckphaxDV1dt3Fbsig== ;{id = 34591}
;rrset 76526 1 0 8 0
ns-1887.awsdns-43.co.uk. 76526 IN AAAA 2600:9000:5307:5f00::1
;rrset 76526 1 0 1 0
g-ns-1495.awsdns-20.co.uk. 76526 IN A 205.251.197.215
;rrset 83564 1 0 1 0
g-ns-1350.awsdns-06.net. 83564 IN A 205.251.197.70
;rrset 78579 1 0 1 0
g-ns-621.awsdns-45.com. 78579 IN AAAA 2600:9000:5302:6d00::1
;rrset 76296 3 0 2 0
foundationdns.com. 76296 IN NS blue.foundationdns.com.
foundationdns.com. 76296 IN NS blue.foundationdns.net.
foundationdns.com. 76296 IN NS blue.foundationdns.org.
;rrset 3620 1 0 8 0
hydrogen.ns.hetzner.com. 3620 IN A 213.133.100.98
;rrset 20 1 0 8 2
redirect.archlinux.org. 20 IN AAAA 2a01:4f9:c010:2636::1
;rrset 76596 1 0 1 0
g-ns-339.awsdns-19.co.uk. 76596 IN A 205.251.193.83
;rrset 76034 1 0 1 0
a12-67.akam.net. 76034 IN A 184.26.160.67
;rrset 76295 2 0 2 0
leaseweb.com. 76295 IN NS ns0.leaseweb.com.
leaseweb.com. 76295 IN NS ns1.leaseweb.com.
;rrset 78265 1 0 1 0
g-ns-348.awsdns-28.co.uk. 78265 IN A 205.251.193.92
;rrset 76526 1 0 1 0
a6-65.akam.net. 76526 IN A 23.211.133.65
;rrset 83530 1 0 1 0
g-ns-1735.awsdns-07.com. 83530 IN A 205.251.198.199
;rrset 83452 4 0 2 0
awsdns-16.net. 83452 IN NS g-ns-465.awsdns-16.net.
awsdns-16.net. 83452 IN NS g-ns-786.awsdns-16.net.
awsdns-16.net. 83452 IN NS g-ns-1360.awsdns-16.net.
awsdns-16.net. 83452 IN NS g-ns-1936.awsdns-16.net.
;rrset 75197 1 0 1 0
g.gtld-servers.net. 75197 IN AAAA 2001:503:eea3::30
;rrset 588 4 0 2 0
ferretgo.org. 588 IN NS ns-193.awsdns-24.com.
ferretgo.org. 588 IN NS ns-1820.awsdns-35.co.uk.
ferretgo.org. 588 IN NS ns-1227.awsdns-25.org.
ferretgo.org. 588 IN NS ns-953.awsdns-55.net.
;rrset 76521 1 0 1 0
dns1.nic.uk. 76521 IN AAAA 2a01:618:400::1
;rrset 76523 1 0 8 0
ns-614.awsdns-12.net. 76523 IN A 205.251.194.102
;rrset 76296 1 0 1 0
b2.nic.me. 76296 IN A 199.249.127.1
;rrset 76668 1 1 2 0
fr. 76668 IN DS 65381 13 2 8163ABF45792942CF4EE38CCA31F6A6832FCDC6D402338FC687827690C4132F6
fr. 76668 IN RRSIG DS 8 1 86400 20260211050000 20260129040000 21831 . lGRrMZvQkbnLXGiZiqysbtnMfQjnL4dcUbIkiuAsRPAOrH7RU5HRitILoAFkgsWibJu3HeCJkUH6GlkqjkvZtHaIWM885fprXwhXcrpSe/KRaJq2jV7wFW0buOGQVn1g93sqz4bicL4UPbe0TyV/L9aoxomWqDzH7kUJtpV7xzo5C4Lh5WPpjFHA0O5QUY1i87l5yyyvR0Uw6LcAwOPNwBuh4Nweix0joI9TNlBOGeg5vubaw7ibdrOFgPdw+LmxS4ILeY2CfKxMXH9QtDL6p8zsfXvbbj4UI0GyW8DmZgwQfbfSp/yPprL3pmoZuFnCTv8U3WC3KvFXnCeh2SgcFw== ;{id = 21831}
;rrset 76658 1 0 1 0
g-ns-1848.awsdns-52.co.uk. 76658 IN A 205.251.199.56
;rrset 78265 1 0 8 0
ns-181.awsdns-22.com. 78265 IN AAAA 2600:9000:5300:b500::1
;rrset 76523 1 0 1 0
g-ns-953.awsdns-57.co.uk. 76523 IN A 205.251.195.185
;rrset 76081 1 0 1 0
c.dns.br. 76081 IN A 200.192.233.10
;rrset 78265 1 0 1 0
g-ns-1198.awsdns-46.com. 78265 IN A 205.251.196.174
;rrset 76526 1 0 8 0
a28-192.akamaiedge.net. 76526 IN A 95.100.173.192
;rrset 764 1 0 1 0
g-ns-1064.awsdns-37.org. 764 IN AAAA 2600:9000:5304:2800::1
;rrset 76552 1 0 1 0
g-ns-903.awsdns-07.co.uk. 76552 IN A 205.251.195.135
;rrset 83564 1 0 8 0
ns-1782.awsdns-30.co.uk. 83564 IN AAAA 2600:9000:5306:f600::1
;rrset 18924 1 1 8 0
a.icann-servers.net. 18924 IN AAAA 2001:500:8f::53
a.icann-servers.net. 18924 IN RRSIG AAAA 13 3 28800 20260205165255 20260115082939 31352 icann-servers.net. WAsymnrFOv/d8zlP401GHXB8Wxb81QNk8Zwv/05/PZl6cJ3nQ/yCPDyoVmXfyz3NaMeDr8L+86VvPWGjPmpLew== ;{id = 31352}
;rrset 76551 1 0 1 0
g-ns-826.awsdns-56.net. 76551 IN A 205.251.195.58
;rrset 76522 1 0 1 0
g-ns-1486.awsdns-11.co.uk. 76522 IN A 205.251.197.206
;rrset 76081 1 1 2 0
arin.net. 76081 IN DS 30271 8 2 D50EE75D6CD29C3625D98C976341EAEA0046814B4C60290F3B5A79529A778764
arin.net. 76081 IN RRSIG DS 13 2 86400 20260205033346 20260129022346 44109 net. Ebyl3qJSsEHXGCzbvtRvbVaucGckSjO9n9U9p3yPqz8uE312tdtnWf13XAsdAtm3//GZ1cQKDmbiL1r+4LLHcw== ;{id = 44109}
;rrset 78579 1 0 8 0
ns-363.awsdns-45.com. 78579 IN AAAA 2600:9000:5301:6b00::1
;rrset 588 4 0 2 0
awsdns-25.org. 588 IN NS g-ns-153.awsdns-25.org.
awsdns-25.org. 588 IN NS g-ns-731.awsdns-25.org.
awsdns-25.org. 588 IN NS g-ns-1052.awsdns-25.org.
awsdns-25.org. 588 IN NS g-ns-1625.awsdns-25.org.
;rrset 76524 1 0 1 0
g-ns-1475.awsdns-00.co.uk. 76524 IN A 205.251.197.195
;rrset 764 4 0 2 0
awsdns-37.org. 764 IN NS g-ns-743.awsdns-37.org.
awsdns-37.org. 764 IN NS g-ns-1064.awsdns-37.org.
awsdns-37.org. 764 IN NS g-ns-165.awsdns-37.org.
awsdns-37.org. 764 IN NS g-ns-1637.awsdns-37.org.
;rrset 76523 1 0 8 0
ns-26.awsdns-03.com. 76523 IN A 205.251.192.26
;rrset 76552 1 0 1 0
g-ns-499.awsdns-50.net. 76552 IN A 205.251.193.243
;rrset 76521 1 0 1 0
g-ns-1810.awsdns-14.co.uk. 76521 IN AAAA 2600:9000:5307:1200::1
;rrset 76526 1 0 8 2
tagesschau.de. 76526 IN AAAA 2600:1901:0:1b60::
;rrset 76597 1 0 8 0
ns-1521.awsdns-62.org. 76597 IN A 205.251.197.241
;rrset 76598 4 0 2 0
gstatic.com. 76598 IN NS ns2.google.com.
gstatic.com. 76598 IN NS ns1.google.com.
gstatic.com. 76598 IN NS ns3.google.com.
gstatic.com. 76598 IN NS ns4.google.com.
;rrset 76526 1 0 1 0
g-ns-345.awsdns-25.co.uk. 76526 IN A 205.251.193.89
;rrset 76526 1 0 1 0
b.gtld.biz. 76526 IN A 156.154.125.65
;rrset 77048 1 0 8 0
ns-1605.awsdns-08.co.uk. 77048 IN A 205.251.198.69
;rrset 76526 1 0 1 0
a2.info.afilias-nst.info. 76526 IN AAAA 2001:500:41::1
;rrset 76552 1 0 1 0
g-ns-1780.awsdns-52.com. 76552 IN A 205.251.198.244
;rrset 652 1 0 1 0
g-ns-134.awsdns-06.org. 652 IN A 205.251.192.134
;rrset 77957 1 0 1 0
g-ns-1983.awsdns-63.net. 77957 IN A 205.251.199.191
;rrset 76597 1 0 1 0
g-ns-1953.awsdns-33.net. 76597 IN A 205.251.199.161
;rrset 76524 2 0 1 0
ns4.cloudflare.com. 76524 IN A 162.159.1.33
ns4.cloudflare.com. 76524 IN A 162.159.8.55
;rrset 76658 1 0 1 0
g-ns-372.awsdns-52.co.uk. 76658 IN AAAA 2600:9000:5301:7400::1
;rrset 76668 1 0 1 0
b.nic.ch. 76668 IN A 130.59.31.43
;rrset 76553 1 0 1 0
g-ns-1755.awsdns-27.com. 76553 IN AAAA 2600:9000:5306:db00::1
;rrset 76524 1 0 1 0
g-ns-1753.awsdns-25.com. 76524 IN A 205.251.198.217
;rrset 76523 1 0 1 0
ns6.googledomains.com. 76523 IN AAAA 2001:4860:4802:34::a
;rrset 76523 1 0 8 0
ns-cloud-a3.googledomains.com. 76523 IN A 216.239.36.106
;rrset 76081 1 0 1 0
b.nic.cl. 76081 IN A 200.7.4.7
;rrset 4669 1 0 8 0
udns1.cscudns.com. 4669 IN AAAA 2001:502:4612::20e
;rrset 76526 4 0 2 0
awsdns-14.net. 76526 IN NS g-ns-463.awsdns-14.net.
awsdns-14.net. 76526 IN NS g-ns-784.awsdns-14.net.
awsdns-14.net. 76526 IN NS g-ns-1358.awsdns-14.net.
awsdns-14.net. 76526 IN NS g-ns-1934.awsdns-14.net.
;rrset 76081 1 0 1 0
c.nic.cl. 76081 IN AAAA 2001:1398:275:0:200:16:112:16
;rrset 83564 1 0 1 0
g-ns-1201.awsdns-49.com. 83564 IN A 205.251.196.177
;rrset 76553 1 0 1 0
g-ns-1344.awsdns-00.net. 76553 IN AAAA 2600:9000:5305:4000::1
;rrset 76658 1 0 8 0
ns-387.awsdns-48.com. 76658 IN AAAA 2600:9000:5301:8300::1
;rrset 76597 1 0 8 2
pagead2.googlesyndication.com. 76597 IN HTTPS 1 . alpn="h2,h3"
;rrset 76526 1 0 1 0
g-ns4.amzndns.com. 76526 IN AAAA 2600:9000:5301:e500::1
;rrset 83564 1 0 8 0
ns-562.awsdns-06.net. 83564 IN AAAA 2600:9000:5302:3200::1
;rrset 588 1 0 1 0
g-ns-141.awsdns-13.org. 588 IN A 205.251.192.141
;rrset 76526 1 0 1 0
g-ns-1969.awsdns-49.net. 76526 IN A 205.251.199.177
;rrset 76668 1 0 1 0
g-ns-1215.awsdns-63.com. 76668 IN AAAA 2600:9000:5304:bf00::1
;rrset 76668 1 0 1 0
g.ext.nic.fr. 76668 IN AAAA 2001:678:4c::1
;rrset 83564 1 0 8 0
ns-1670.awsdns-16.co.uk. 83564 IN AAAA 2600:9000:5306:8600::1
;rrset 83564 1 0 8 0
ns-862.awsdns-43.net. 83564 IN A 205.251.195.94
;rrset 83564 1 0 1 0
g-ns-1785.awsdns-57.com. 83564 IN A 205.251.198.249
;rrset 76523 1 0 1 0
g-ns-1174.awsdns-22.com. 76523 IN AAAA 2600:9000:5304:9600::1
;rrset 76523 1 0 8 0
ns-cloud-e1.googledomains.com. 76523 IN AAAA 2001:4860:4802:32::6e
;rrset 78265 1 0 8 0
ns-597.awsdns-10.net. 78265 IN A 205.251.194.85
;rrset 76597 1 0 8 0
a.ns.facebook.com. 76597 IN AAAA 2a03:2880:f0fc:c:face:b00c:0:35
;rrset 75197 1 0 1 0
b.ip6-servers.arpa. 75197 IN A 199.253.182.182
;rrset 76040 1 0 8 0
a1-214.akam.net. 76040 IN AAAA 2600:1401:2::d6
;rrset 76596 1 0 8 0
b.ns.facebook.com. 76596 IN AAAA 2a03:2880:f0fd:c:face:b00c:0:35
;rrset 83451 1 0 1 0
ns1.inexio.net. 83451 IN A 131.117.146.40
;rrset 83530 1 0 1 0
g-ns-8.awsdns-07.com. 83530 IN A 205.251.192.8
;rrset 76524 1 0 1 0
g-ns-1952.awsdns-32.net. 76524 IN AAAA 2600:9000:5307:a000::1
;rrset 76597 1 0 1 0
g-ns-1377.awsdns-33.net. 76597 IN AAAA 2600:9000:5305:6100::1
;rrset 76526 1 0 1 0
a2.nic.io. 76526 IN AAAA 2a01:8840:a1::17
;rrset 83564 4 0 2 0
awsdns-57.com. 83564 IN NS g-ns-58.awsdns-57.com.
awsdns-57.com. 83564 IN NS g-ns-633.awsdns-57.com.
awsdns-57.com. 83564 IN NS g-ns-1209.awsdns-57.com.
awsdns-57.com. 83564 IN NS g-ns-1785.awsdns-57.com.
;rrset 83388 1 0 1 0
g-ns-825.awsdns-55.net. 83388 IN AAAA 2600:9000:5303:3900::1
;rrset 77066 8 0 2 0
duckduckgo.com. 77066 IN NS dns1.p05.nsone.net.
duckduckgo.com. 77066 IN NS dns2.p05.nsone.net.
duckduckgo.com. 77066 IN NS dns3.p05.nsone.net.
duckduckgo.com. 77066 IN NS dns4.p05.nsone.net.
duckduckgo.com. 77066 IN NS ns04.quack-dns.com.
duckduckgo.com. 77066 IN NS ns03.quack-dns.com.
duckduckgo.com. 77066 IN NS ns02.quack-dns.com.
duckduckgo.com. 77066 IN NS ns01.quack-dns.com.
;rrset 76553 1 0 8 0
ns-1294.awsdns-33.org. 76553 IN A 205.251.197.14
;rrset 83564 4 0 2 0
awsdns-06.net. 83564 IN NS g-ns-455.awsdns-06.net.
awsdns-06.net. 83564 IN NS g-ns-776.awsdns-06.net.
awsdns-06.net. 83564 IN NS g-ns-1350.awsdns-06.net.
awsdns-06.net. 83564 IN NS g-ns-1926.awsdns-06.net.
;rrset 76553 1 0 1 0
g-ns-1389.awsdns-45.net. 76553 IN A 205.251.197.109
;rrset 76523 1 0 8 0
ns-cloud-e2.googledomains.com. 76523 IN AAAA 2001:4860:4802:34::6e
;rrset 76597 1 0 1 0
g-ns-1953.awsdns-33.net. 76597 IN AAAA 2600:9000:5307:a100::1
;rrset 76553 1 0 1 0
g-ns-1965.awsdns-45.net. 76553 IN A 205.251.199.173
;rrset 652 1 0 1 0
g-ns-1650.awsdns-50.org. 652 IN A 205.251.198.114
;rrset 569 1 1 2 0
gdtpongmpok61u9lvnipqor8lra9l4t0.org. 569 IN NSEC3 1 1 0 332539EE7F95C32A gdtrea8kmj2rneqen4m2ogj26kfsukj7 NS SOA RRSIG DNSKEY NSEC3PARAM ;{flags: optout}
gdtpongmpok61u9lvnipqor8lra9l4t0.org. 569 IN RRSIG NSEC3 8 2 3600 20260219112200 20260129102200 37176 org. RpIUtFn2Qhwa+BL456zDeB87nsQLT86ycK1AKLulsvYvlBBvP4YzVfBgCOa/Q9tp9WN1VqoZA6yK5wuShfKw7m6ez3E9KW1HuP+aHB7kp2DSdX6VeYwBgC/oNc99ea3XAq4+pjDXMhc6lgHTQfNJempnT6/rh+ENCrxTGvOX13Y= ;{id = 37176}
;rrset 76522 1 0 1 0
g-ns-21.awsdns-20.com. 76522 IN AAAA 2600:9000:5300:1500::1
;rrset 76524 2 0 1 0
ns6.cloudflare.com. 76524 IN A 162.159.3.11
ns6.cloudflare.com. 76524 IN A 162.159.5.6
;rrset 76524 1 1 2 0
cloudflare-dns.com. 76524 IN DS 2371 13 2 F52DBA4AAEA13A1F457C0FB4C1953F40E16AFC5C5E79EDF7CEED0FCF0CBD81F0
cloudflare-dns.com. 76524 IN RRSIG DS 13 2 86400 20260203022403 20260127011403 35511 com. 7/FU6lsCgR5PxFRn51hISlBYVUys9Aq2qOcw1dTdGW3x02k5E1hVkBQj/clgqh1mEf+W4F/WmN5z0S7Lo763kg== ;{id = 35511}
;rrset 76523 1 0 8 0
ns-cloud-e3.googledomains.com. 76523 IN A 216.239.36.110
;rrset 76081 1 1 2 0
apnic.net. 76081 IN DS 18078 13 2 1D50476FDE7E2578A3674EAFB15AE7D490D9DD9C6A1AF79C41107A093D224C34
apnic.net. 76081 IN RRSIG DS 13 2 86400 20260205032916 20260129021916 44109 net. K2ZUQ7FRb5lT/AurZdrl8BmoSrpO9PlXVpAKdMdWkykvUkJYafwZklMJ1gP1ax1zgk1zSNd6DDTazLn0lLN80A== ;{id = 44109}
;rrset 7964 1 1 2 0
JJ9JMSVG5RRKR0QS9IOP2ODHROM52QIR.co.uk. 7964 IN NSEC3 1 1 0 - jja4il6ah736rsbceiek93i53rm3cfo2 NS DS RRSIG ;{flags: optout}
JJ9JMSVG5RRKR0QS9IOP2ODHROM52QIR.co.uk. 7964 IN RRSIG NSEC3 8 3 10800 20260304201410 20260128195123 44346 co.uk. enLt94Oj3opkBg77hsYWl7Q9/TDiPFD1sYnkTV6ZXqStCGQRzRr2vruWV9PFZLZ6jctRMR9NNf41404nM2INU3AlVP+W11ss2+/Iov8cB12MEc86Hj9ordi+nnFalT8iOQcmH9rXY/vs7uDBNMTN3Br+t7MkjDTrlYj7ydxwvFE8VL/XdvK9qEk+607fB64BmR0FKTzLzkoUBXP1bTSGrzDlQDfyHaGtu2PEdpc8pCIzCFlSenTYCfin5tjc+h9pdwTXFv+spvecyYXnAjDQoLvaDhqxDMCD2kmebZgDokqQF4d8pYjh8QWqRo0p1sEtWJ5XuCwroE5sozdxZHS5gg== ;{id = 44346}
;rrset 76553 1 0 1 0
g-ns-603.awsdns-27.com. 76553 IN AAAA 2600:9000:5302:5b00::1
;rrset 76521 1 0 1 0
g-ns-1940.awsdns-20.net. 76521 IN AAAA 2600:9000:5307:9400::1
;rrset 119 1 0 8 2
self.adblockultimate.net. 119 IN A 52.35.150.14
;rrset 76524 1 0 1 0
g-ns-481.awsdns-32.net. 76524 IN AAAA 2600:9000:5301:e100::1
;rrset 83388 1 0 8 0
ns-1131.awsdns-13.org. 83388 IN AAAA 2600:9000:5304:6b00::1
;rrset 76522 1 0 8 0
ns-166.awsdns-20.com. 76522 IN A 205.251.192.166
;rrset 78361 1 1 8 0
dns3.p08.nsone.net. 78361 IN AAAA 2620:4d:4000:6259:7:8:0:3
dns3.p08.nsone.net. 78361 IN RRSIG AAAA 13 4 86400 20260130105935 20260129085935 12196 nsone.net. 3jsZeCIAY0wQlcYRxRFn6FDp9dUeeJ440tPF6EzmINqfJCK+pKhYFy9oKBWHMWJZDl5bL+rv0toXRqbe9Pw2VQ== ;{id = 12196}
;rrset 76524 2 0 1 0
ns5.cloudflare.com. 76524 IN AAAA 2400:cb00:2049:1::a29f:209
ns5.cloudflare.com. 76524 IN AAAA 2400:cb00:2049:1::a29f:937
;rrset 76523 1 0 8 0
ns-1986.awsdns-56.co.uk. 76523 IN A 205.251.199.194
;rrset 76526 1 0 1 0
g-ns-1925.awsdns-05.net. 76526 IN AAAA 2600:9000:5307:8500::1
;rrset 75197 1 0 1 0
m.gtld-servers.net. 75197 IN AAAA 2001:501:b1f9::30
;rrset 77048 1 0 8 0
ns-1518.awsdns-61.org. 77048 IN A 205.251.197.238
;rrset 76526 1 0 1 0
a1-66.akam.net. 76526 IN AAAA 2600:1401:2::42
;rrset 83564 1 0 1 0
g-ns-58.awsdns-57.com. 83564 IN A 205.251.192.58
;rrset 76524 1 0 1 0
g-ns-26.awsdns-25.com. 76524 IN AAAA 2600:9000:5300:1a00::1
;rrset 78579 1 0 1 0
g-ns-955.awsdns-59.co.uk. 78579 IN A 205.251.195.187
;rrset 76526 1 0 1 0
g-ns-1358.awsdns-14.net. 76526 IN AAAA 2600:9000:5305:4e00::1
;rrset 588 1 1 7 0
p07.nsone.net. 588 IN NSEC \000.p07.nsone.net. RRSIG NSEC
p07.nsone.net. 588 IN RRSIG NSEC 13 3 3600 20260130122322 20260129102322 12196 nsone.net. fyQ9gqYTcWjpLP8/AeqCyBDXdTY9r0eyfAYwvECkaxiyWTIUFi8EqHk6RHxzlq3suOOsws+/zHhm0lmfBSf1CQ== ;{id = 12196}
;rrset 76522 1 0 1 0
g-ns-331.awsdns-11.co.uk. 76522 IN A 205.251.193.75
;rrset 76551 4 0 2 0
awsdns-29.com. 76551 IN NS g-ns-30.awsdns-29.com.
awsdns-29.com. 76551 IN NS g-ns-605.awsdns-29.com.
awsdns-29.com. 76551 IN NS g-ns-1181.awsdns-29.com.
awsdns-29.com. 76551 IN NS g-ns-1757.awsdns-29.com.
;rrset 76526 1 0 1 0
ns.txx.plusline.de. 76526 IN A 85.115.8.162
;rrset 76526 1 0 8 0
ns-378.awsdns-47.com. 76526 IN AAAA 2600:9000:5301:7a00::1
;rrset 76523 1 0 1 0
g-ns-952.awsdns-56.co.uk. 76523 IN A 205.251.195.184
;rrset 76526 1 0 1 0
g-ns2.amzndns.net. 76526 IN A 205.251.193.135
;rrset 76081 1 0 1 0
ns3.arin.net. 76081 IN AAAA 2001:500:a9::108
;rrset 83564 1 0 8 0
ns-1630.awsdns-11.co.uk. 83564 IN AAAA 2600:9000:5306:5e00::1
;rrset 76081 1 0 1 0
f.dns.br. 76081 IN A 200.219.159.10
;rrset 76668 1 0 1 0
ne.cctld.authdns.ripe.net. 76668 IN A 193.0.9.101
;rrset 76034 1 0 1 0
a28-67.akam.net. 76034 IN A 95.100.173.67
;rrset 76658 4 0 2 0
awsdns-48.com. 76658 IN NS g-ns-49.awsdns-48.com.
awsdns-48.com. 76658 IN NS g-ns-624.awsdns-48.com.
awsdns-48.com. 76658 IN NS g-ns-1200.awsdns-48.com.
awsdns-48.com. 76658 IN NS g-ns-1776.awsdns-48.com.
;rrset 76526 1 0 1 0
g-ns-363.awsdns-43.co.uk. 76526 IN A 205.251.193.107
;rrset 76522 1 0 1 0
g-ns-506.awsdns-57.net. 76522 IN AAAA 2600:9000:5301:fa00::1
;rrset 78361 1 0 1 0
g-ns-917.awsdns-21.co.uk. 78361 IN AAAA 2600:9000:5303:9500::1
;rrset 76553 1 0 1 0
g-ns-1477.awsdns-02.co.uk. 76553 IN A 205.251.197.197
;rrset 75197 1 0 3 0
c.root-servers.net. 75197 IN AAAA 2001:500:2::c
;rrset 76667 2 0 2 0
adblockultimate.net. 76667 IN NS gabe.ns.cloudflare.com.
adblockultimate.net. 76667 IN NS elinore.ns.cloudflare.com.
;rrset 78579 1 0 1 0
g-ns-46.awsdns-45.com. 78579 IN AAAA 2600:9000:5300:2e00::1
;rrset 78265 1 0 8 0
ns-597.awsdns-10.net. 78265 IN AAAA 2600:9000:5302:5500::1
;rrset 83452 1 0 1 0
g-ns-383.awsdns-63.co.uk. 83452 IN AAAA 2600:9000:5301:7f00::1
;rrset 926 1 1 2 0
hqb7pa45ncmlfjoonm36br6k6bqvd9rq.co.uk. 926 IN NSEC3 1 1 0 - hqba4qvdbuvo3004avm3ip8h8edv156b NS DS RRSIG ;{flags: optout}
hqb7pa45ncmlfjoonm36br6k6bqvd9rq.co.uk. 926 IN RRSIG NSEC3 8 3 10800 20260305031025 20260129030124 44346 co.uk. ItEhUzsOLjLvzneJPWLI2R/VQTSeze6SEUpI+pGmG6pFxFuXeDMj4m3t9WjUOZt/RBZBpuwS7MRGrbNBw6jMzLcoKPrDzSU3UhKh6tT73kY5MBTjkzbb4BHVkQhxhDa4ap5bzkuix3vkNva48JleTXSEuBsLwr4btjzgyYlQKrQvtVNoGIe9ZQD4NV6+QoXGN7VpaWrpwRsl7S9Y4vc68pyWI/GINQGfvMjjLz7VQuSRmhracm765kg87015UO8ngVt86YEXDGD6OO7MaifJZtozA4GsZeIJfY/VCXRyxxk82xEeyngzfyHavh4ipLjjlqXX7yp3e3ZPMS4mirwsoQ== ;{id = 44346}
;rrset 75574 1 0 1 0
ns3.second-ns.de. 75574 IN A 193.47.99.4
;rrset 80172 1 0 1 0
b.iana-servers.net. 80172 IN A 199.43.133.53
;rrset 76522 1 0 1 0
g-ns-1401.awsdns-57.net. 76522 IN A 205.251.197.121
;rrset 76526 1 0 1 0
c0.nic.io. 76526 IN A 65.22.162.17
;rrset 76668 1 0 1 0
dns3.equant.net. 76668 IN AAAA 2a01:ce95:4000:1001:204:59:152:207
;rrset 76668 1 0 8 0
ns-479.awsdns-59.com. 76668 IN A 205.251.193.223
;rrset 76552 1 0 8 0
ns-666.awsdns-19.net. 76552 IN AAAA 2600:9000:5302:9a00::1
;rrset 76552 1 0 1 0
g-ns-1394.awsdns-50.net. 76552 IN AAAA 2600:9000:5305:7200::1
;rrset 76521 1 0 8 0
ns-679.awsdns-20.net. 76521 IN A 205.251.194.167
;rrset 76521 1 0 1 0
nsb.nic.uk. 76521 IN AAAA 2001:502:2eda::3
;rrset 76526 1 0 1 0
b2.info.afilias-nst.org. 76526 IN A 199.249.121.1
;rrset 83388 1 0 1 0
g-ns-1812.awsdns-16.co.uk. 83388 IN AAAA 2600:9000:5307:1400::1
;rrset 76526 1 0 1 0
g-ns2.amzndns.net. 76526 IN AAAA 2600:9000:5301:8700::1
;rrset 76034 6 0 2 0
elster.de. 76034 IN NS pns.dtag.de.
elster.de. 76034 IN NS a3-66.akam.net.
elster.de. 76034 IN NS a8-66.akam.net.
elster.de. 76034 IN NS a1-214.akam.net.
elster.de. 76034 IN NS a11-66.akam.net.
elster.de. 76034 IN NS secondary004.dtag.net.
;rrset 76296 1 0 1 0
a0.nic.me. 76296 IN AAAA 2001:500:53::1
;rrset 588 1 0 1 0
g-ns-141.awsdns-13.org. 588 IN AAAA 2600:9000:5300:8d00::1
;rrset 76526 1 0 1 0
g-ns-1393.awsdns-49.net. 76526 IN AAAA 2600:9000:5305:7100::1
;rrset 76526 8 0 2 0
tui.com. 76526 IN NS ns1-174.akam.net.
tui.com. 76526 IN NS a5-67.akam.net.
tui.com. 76526 IN NS a12-64.akam.net.
tui.com. 76526 IN NS a20-65.akam.net.
tui.com. 76526 IN NS a11-67.akam.net.
tui.com. 76526 IN NS a22-66.akam.net.
tui.com. 76526 IN NS ns01.brandshelter.com.
tui.com. 76526 IN NS ns02.brandshelter.net.
;rrset 76522 1 0 1 0
g-ns-506.awsdns-57.net. 76522 IN A 205.251.193.250
;rrset 78265 1 0 8 0
ns-596.awsdns-10.net. 78265 IN AAAA 2600:9000:5302:5400::1
;rrset 75197 1 0 1 0
d.ip6-servers.arpa. 75197 IN A 200.7.86.53
;rrset 76526 1 0 1 0
a12-65.akam.net. 76526 IN AAAA 2600:1480:f000::41
;rrset 76034 1 0 1 0
a11-67.akam.net. 76034 IN AAAA 2600:1480:1::43
;rrset 76522 1 0 8 0
ns-1627.awsdns-11.co.uk. 76522 IN AAAA 2600:9000:5306:5b00::1
;rrset 76523 3 0 1 0
julian.ns.cloudflare.com. 76523 IN A 108.162.195.94
julian.ns.cloudflare.com. 76523 IN A 162.159.44.94
julian.ns.cloudflare.com. 76523 IN A 172.64.35.94
;rrset 78579 1 0 1 0
g-ns-1534.awsdns-59.co.uk. 78579 IN AAAA 2600:9000:5305:fe00::1
;rrset 18926 1 0 8 0
ns02.brandshelter.net. 18926 IN AAAA 2a04:2b00:14dd::16
;rrset 76523 1 0 8 0
ns-26.awsdns-03.com. 76523 IN AAAA 2600:9000:5300:1a00::1
;rrset 76523 1 0 8 0
ns-865.awsdns-44.net. 76523 IN A 205.251.195.97
;rrset 76477 3 1 8 0
katelyn.ns.cloudflare.com. 76477 IN AAAA 2606:4700:50::a29f:26eb
katelyn.ns.cloudflare.com. 76477 IN AAAA 2a06:98c1:50::ac40:22eb
katelyn.ns.cloudflare.com. 76477 IN AAAA 2803:f800:50::6ca2:c2eb
katelyn.ns.cloudflare.com. 76477 IN RRSIG AAAA 13 4 86353 20260130102858 20260128082858 34505 cloudflare.com. +dmwaKNcGbLptOpkIFbIxf6jpNIlbUIt+KTIPYcwI77sl8tVyBWgRf0ZjOYQ6pWlQJbESR+02ovl1D61ZZf6/w== ;{id = 34505}
;rrset 20 1 0 8 0
helium.ns.hetzner.de. 20 IN A 193.47.99.5
;rrset 76081 1 0 1 0
ns.lacnic.net. 76081 IN A 200.3.13.10
;rrset 76668 1 0 1 0
g.ext.nic.fr. 76668 IN A 194.0.36.1
;rrset 76526 8 0 2 0
ultradns.net. 76526 IN NS pdns196.ultradns.com.
ultradns.net. 76526 IN NS pdns196.ultradns.net.
ultradns.net. 76526 IN NS pdns196.ultradns.org.
ultradns.net. 76526 IN NS pdns196.ultradns.info.
ultradns.net. 76526 IN NS pdns196.ultradns.biz.
ultradns.net. 76526 IN NS pdns196.ultradns.co.uk.
ultradns.net. 76526 IN NS ns61.ultradns2.com.
ultradns.net. 76526 IN NS ns61.ultradns2.org.
;rrset 76526 1 0 8 0
ns-1741.awsdns-25.co.uk. 76526 IN AAAA 2600:9000:5306:cd00::1
;rrset 76523 1 0 1 0
g-ns-352.awsdns-32.co.uk. 76523 IN AAAA 2600:9000:5301:6000::1
;rrset 76526 1 0 1 0
g-ns-819.awsdns-49.net. 76526 IN AAAA 2600:9000:5303:3300::1
;rrset 2724 1 1 11 5
wetterstation-pliening.info. 2724 IN DNSKEY 257 3 13 dR+pWsp3hymjNddsZlBQxjrY8njzgCaIBO7NeI5RmJXpEq7cy8XMTkrzVuN7cbvoXs84baBng5R6LxWEyiQJ3w== ;{id = 3760 (ksk), size = 256b}
wetterstation-pliening.info. 2724 IN RRSIG DNSKEY 13 2 3600 20260212075344 20260129065344 3760 wetterstation-pliening.info. osrptcagaGexGmIPdN0VO3tJqG4y+JpQPLrHKy7k4uwSYB5FK3JtVy1RMfsGm259Si3uEZrSS9nOZM2d4oBKjA== ;{id = 3760}
;rrset 588 1 1 2 0
ci2sc4md0l5mamnftlrlkdojcsa2603d.org. 588 IN NSEC3 1 1 0 332539EE7F95C32A ci2trs5gpeq9s463igvql13iovusj36b NS DS RRSIG ;{flags: optout}
ci2sc4md0l5mamnftlrlkdojcsa2603d.org. 588 IN RRSIG NSEC3 8 2 3600 20260215152414 20260125142414 37176 org. kD7mFUF7K8Xnsvet+hH8LHTKPWmJPmyAoFLlvb841opd+OeVr7CzfcL643bdJIwjI/3oqgjw7xfFAD95bBQTbsOFvm15Et64mxGOpkCnm1S7jhKLS1lCZG0I9v0FldgWVfuAB7aqg2igV8BrcMyUezaAfzAfNJQZNBm8jNePpFo= ;{id = 37176}
;rrset 140 1 1 7 0
L7OK83SUME9M4NOPAAU5226T0H7UBEAM.nausch.org. 140 IN NSEC3 1 0 0 - ls9pk0v2lqb12j8s351n2ussedd6qpef A NS SOA MX AAAA RRSIG DNSKEY NSEC3PARAM TYPE65534
L7OK83SUME9M4NOPAAU5226T0H7UBEAM.nausch.org. 140 IN RRSIG NSEC3 13 3 3600 20260211193828 20260128200125 8020 nausch.org. U+J2m8KGPKrIxzoxqXOCsx2GxVs2ttXe9+1awDBR787TgvzIqWsl9ZzFP3F7xr63+dM0NPJfZsTymiOQxCMiXA== ;{id = 8020}
;rrset 76523 1 0 1 0
g-ns-1828.awsdns-32.co.uk. 76523 IN A 205.251.199.36
;rrset 76669 6 0 2 0
incapdns.net. 76669 IN NS ns2.incapdns.net.
incapdns.net. 76669 IN NS ns1.incapdns.net.
incapdns.net. 76669 IN NS ns4.incapdns.net.
incapdns.net. 76669 IN NS ns3.incapdns.net.
incapdns.net. 76669 IN NS ns5.incapdns.net.
incapdns.net. 76669 IN NS ns6.incapdns.net.
;rrset 83383 1 1 8 0
ns3.infonline.de. 83383 IN A 213.133.103.102
ns3.infonline.de. 83383 IN RRSIG A 8 3 86400 20260212000000 20260122000000 12679 infonline.de. p62ILkjlEaMw5zIbaTq3QCUusHmJTnQDWP/RlewYrDa1Leayxr1ZSSntTuObcXr8Jy70JmIrZNShpalf62lUs+0NdkHXAqsN/ikQupaOVKRd/0eA8TTQ0tbYjbyJUuboHmMBYbYTiqmDEpitoDHdH5+yLGblUVlv/dMEDjzuOEI= ;{id = 12679}
;rrset 76655 3 0 1 0
michelle.ns.cloudflare.com. 76655 IN A 108.162.192.201
michelle.ns.cloudflare.com. 76655 IN A 172.64.32.201
michelle.ns.cloudflare.com. 76655 IN A 173.245.58.201
;rrset 83452 1 0 1 0
g-ns-959.awsdns-63.co.uk. 83452 IN AAAA 2600:9000:5303:bf00::1
;rrset 76596 1 0 1 0
g-ns-1208.awsdns-56.com. 76596 IN AAAA 2600:9000:5304:b800::1
;rrset 76523 1 0 8 0
ns-1799.awsdns-32.co.uk. 76523 IN AAAA 2600:9000:5307:700::1
;rrset 76553 1 0 8 0
ns-1502.awsdns-59.org. 76553 IN A 205.251.197.222
;rrset 83564 1 0 8 0
ns-458.awsdns-57.com. 83564 IN AAAA 2600:9000:5301:ca00::1
;rrset 76521 1 0 8 0
ns4-64.akam.net. 76521 IN A 84.53.139.64
;rrset 83388 1 0 1 0
g-ns-825.awsdns-55.net. 83388 IN A 205.251.195.57
;rrset 76523 4 0 2 0
awsdns-47.com. 76523 IN NS g-ns-48.awsdns-47.com.
awsdns-47.com. 76523 IN NS g-ns-623.awsdns-47.com.
awsdns-47.com. 76523 IN NS g-ns-1199.awsdns-47.com.
awsdns-47.com. 76523 IN NS g-ns-1775.awsdns-47.com.
;rrset 724 1 1 7 0
ILPKCL152JLT4U3OSIU51VI6CUB92LG7.ebersberger-liedersammlung.de. 724 IN NSEC3 1 0 0 - khfu7el92vs2o71ud3na35usir3k4ecg SRV RRSIG
ILPKCL152JLT4U3OSIU51VI6CUB92LG7.ebersberger-liedersammlung.de. 724 IN RRSIG NSEC3 13 3 3600 20260211095359 20260128191743 26039 ebersberger-liedersammlung.de. Dph/+YNAHa42h6cP4Mis6VHa2T7suvbZs/59oGZJ3j9PHP3pohh0VKxC3Pv1WJzWg84Cl4Ve0V4VFV0/rFYFiA== ;{id = 26039}
;rrset 76523 1 0 1 0
g-ns-1932.awsdns-12.net. 76523 IN A 205.251.199.140
;rrset 75197 1 0 3 0
g.root-servers.net. 75197 IN A 192.112.36.4
;rrset 588 1 0 8 0
ns03.oblookup.com. 588 IN A 104.225.40.129
;rrset 588 1 1 7 0
g9f1kiihm8m9vhjk7lrvetbqceogjiqp.co.uk. 7788 IN NSEC3 1 1 0 - g9f3nq74ntit1d6qsrkccs86r4t7h1md NS SOA RRSIG DNSKEY NSEC3PARAM CDS CDNSKEY TYPE65534 ;{flags: optout}
g9f1kiihm8m9vhjk7lrvetbqceogjiqp.co.uk. 7788 IN RRSIG NSEC3 8 3 10800 20260304224851 20260128221552 44346 co.uk. CP7eOwT+KGSCAvNysa0N4v8XnraLjFcxobVhJdHYrD/rD3eUL5uOvo63zAKMtUhrDAaBZjWKL4HemkZUIVjalxtAYbjDZmH7NNpK1yqQXsFjdrSeDAFwQrHVfAXSJ33Zu8wR+SMX9NdJHecAKxbPz5caoconfrnXVA4bsz3G4OS/BzPDmHEbz2aiVrshRxrtq9f2M6Z7OUcR8UvZwR2yS06qnY7tzxzDIoYCLpl/geDdox28UAtZFyCYfrqy7Pf9nL1IWfNGrdptz98jR1mDlRgDydwL3OvJEBkq4jvrd/T3N75cPgzihT4NpCbymvcYVAJbCu5IWCzAiefOHk6g7A== ;{id = 44346}
;rrset 76658 1 0 1 0
g-ns-624.awsdns-48.com. 76658 IN AAAA 2600:9000:5302:7000::1
;rrset 76296 1 0 1 0
anyns.pch.net. 76296 IN AAAA 2001:500:14:6004:ad::1
;rrset 78265 1 0 1 0
g-ns-1930.awsdns-10.net. 78265 IN A 205.251.199.138
;rrset 76668 1 0 1 0
g-ns-1787.awsdns-59.com. 76668 IN A 205.251.198.251
;rrset 76523 1 0 1 0
g-ns-1828.awsdns-32.co.uk. 76523 IN AAAA 2600:9000:5307:2400::1
;rrset 83388 1 0 8 0
ns-1227.awsdns-25.org. 83388 IN AAAA 2600:9000:5304:cb00::1
;rrset 76552 1 0 8 0
ns-1306.awsdns-35.org. 76552 IN AAAA 2600:9000:5305:1a00::1
;rrset 78361 1 1 8 0
dns1.p08.nsone.net. 78361 IN A 198.51.44.8
dns1.p08.nsone.net. 78361 IN RRSIG A 13 4 86400 20260130105935 20260129085935 12196 nsone.net. qd68ZrbqU2Brs4sbM3DpLN9yMI7hUp4Ct+xN5j0WWNUsFJS8AoTjCbWWzgNb4E3j4v+KltQwhUEY/L13F41EYg== ;{id = 12196}
;rrset 75197 1 0 8 0
dns50.dns.t-ipnet.de. 75197 IN AAAA 2003:180:4:10a::2:53
;rrset 76526 1 0 1 0
pdns109.ultradns.net. 76526 IN AAAA 2610:a1:1014::91
;rrset 83388 8 0 2 0
outbrain.com. 83388 IN NS dns1.p07.nsone.net.
outbrain.com. 83388 IN NS dns2.p07.nsone.net.
outbrain.com. 83388 IN NS dns3.p07.nsone.net.
outbrain.com. 83388 IN NS dns4.p07.nsone.net.
outbrain.com. 83388 IN NS ns04.oblookup.com.
outbrain.com. 83388 IN NS ns01.oblookup.com.
outbrain.com. 83388 IN NS ns03.oblookup.com.
outbrain.com. 83388 IN NS ns02.oblookup.com.
;rrset 764 1 1 2 0
lgjm67ng1e7i08cs2ava10dsqosbhe8e.org. 764 IN NSEC3 1 1 0 332539EE7F95C32A lgjn58lgvt1b8rpkaonesv6571eqonk9 NS DS RRSIG ;{flags: optout}
lgjm67ng1e7i08cs2ava10dsqosbhe8e.org. 764 IN RRSIG NSEC3 8 2 3600 20260215152414 20260125142414 37176 org. BtQzjy5lTwUt1tanTgXFxq+DmNVq10xHzN9nqjEekoieqUyS4ZR75d+d848JIGmT6N0N0oYeATTp1KE0D8FjRSplsXQKbpWQYtW4IG2LAsMhnWL1u8YkDwESON5ixgNvMpxN3LQrfVdgnSWY5IS/OkcSMvZFJajdJ7Ki5sc3yeA= ;{id = 37176}
;rrset 76668 1 0 1 0
g-ns-60.awsdns-59.com. 76668 IN A 205.251.192.60
;rrset 588 1 0 1 0
g-ns-719.awsdns-13.org. 588 IN AAAA 2600:9000:5302:cf00::1
;rrset 76523 1 0 8 0
ns-cloud-a2.googledomains.com. 76523 IN AAAA 2001:4860:4802:34::6a
;rrset 83383 2 0 2 0
revenuereel.com. 83383 IN NS frank.ns.cloudflare.com.
revenuereel.com. 83383 IN NS gwen.ns.cloudflare.com.
;rrset 76523 4 0 2 0
googledomains.com. 76523 IN NS ns5.googledomains.com.
googledomains.com. 76523 IN NS ns6.googledomains.com.
googledomains.com. 76523 IN NS ns7.googledomains.com.
googledomains.com. 76523 IN NS ns8.googledomains.com.
;rrset 76521 4 0 2 0
fastly.net. 76521 IN NS ns1.fastly.net.
fastly.net. 76521 IN NS ns2.fastly.net.
fastly.net. 76521 IN NS ns3.fastly.net.
fastly.net. 76521 IN NS ns4.fastly.net.
;rrset 76521 1 0 1 0
dns2.nic.uk. 76521 IN A 103.49.80.1
;rrset 78579 1 0 8 0
ns-2014.awsdns-59.co.uk. 78579 IN A 205.251.199.222
;rrset 76526 1 0 1 0
g-ns3.amzndns.com. 76526 IN AAAA 2600:9000:5304:a700::1
;rrset 76521 1 0 1 0
nsa.nic.uk. 76521 IN A 156.154.100.3
;rrset 83452 1 0 1 0
g-ns-1359.awsdns-15.net. 83452 IN A 205.251.197.79
;rrset 78265 8 0 2 0
githubassets.com. 78265 IN NS ns-597.awsdns-10.net.
githubassets.com. 78265 IN NS ns-370.awsdns-46.com.
githubassets.com. 78265 IN NS ns-1766.awsdns-28.co.uk.
githubassets.com. 78265 IN NS ns-1354.awsdns-41.org.
githubassets.com. 78265 IN NS dns1.p02.nsone.net.
githubassets.com. 78265 IN NS dns2.p02.nsone.net.
githubassets.com. 78265 IN NS dns3.p02.nsone.net.
githubassets.com. 78265 IN NS dns4.p02.nsone.net.
;rrset 76522 1 0 1 0
g-ns-331.awsdns-11.co.uk. 76522 IN AAAA 2600:9000:5301:4b00::1
;rrset 76521 1 0 1 0
g-ns-910.awsdns-14.co.uk. 76521 IN A 205.251.195.142
;rrset 76553 1 0 8 0
ns-519.awsdns-00.net. 76553 IN AAAA 2600:9000:5302:700::1
;rrset 76081 1 0 1 0
e.dns.br. 76081 IN A 200.229.248.10
;rrset 76523 1 0 8 0
ns-cloud-c3.googledomains.com. 76523 IN AAAA 2001:4860:4802:36::6c
;rrset 75197 6 0 2 0
de. 75197 IN NS a.nic.de.
de. 75197 IN NS f.nic.de.
de. 75197 IN NS l.de.net.
de. 75197 IN NS n.de.net.
de. 75197 IN NS s.de.net.
de. 75197 IN NS z.nic.de.
END_RRSET_CACHE
START_MSG_CACHE
msg ns-479.awsdns-59.com. IN A 32896 1 76668 0 1 0 0 -1
ns-479.awsdns-59.com. IN A 0
msg ns.cloudflare.com. IN A 32896 1 76477 0 1 0 0 -1
ns.cloudflare.com. IN A 0
msg ns-381.awsdns-47.com. IN A 32896 1 83452 0 1 0 0 -1
ns-381.awsdns-47.com. IN A 0
msg _ta-65b7.ebersberger-liedersammlung.de. IN NULL 33155 1 724 0 0 4 0 -1
ebersberger-liedersammlung.de. IN SOA 4
PBAG776T3JQRD9PTUMUBB30T3HJFN3TK.ebersberger-liedersammlung.de. IN NSEC3 0
3GADOCBDOOQKRHU3O4OT7DMT60TVP9BQ.ebersberger-liedersammlung.de. IN NSEC3 0
ILPKCL152JLT4U3OSIU51VI6CUB92LG7.ebersberger-liedersammlung.de. IN NSEC3 0
msg ns-1668.awsdns-16.co.uk. IN AAAA 32896 1 83388 0 1 0 0 -1
ns-1668.awsdns-16.co.uk. IN AAAA 0
msg redirect.archlinux.org. IN AAAA 32896 1 20 0 1 0 0 -1
redirect.archlinux.org. IN AAAA 0
msg rirns.arin.net. IN AAAA 32896 1 32881 0 1 0 0 -1
rirns.arin.net. IN AAAA 0
msg ns3.infonline.de. IN AAAA 32896 1 583 0 0 2 0 -1
infonline.de. IN SOA 4
h77oqqki49o85n481mvj0d0mbpksnho6.infonline.de. IN NSEC3 0
msg mitch.ns.cloudflare.com. IN A 32896 1 76477 0 1 0 0 -1
mitch.ns.cloudflare.com. IN A 0
msg ns-cloud-a3.googledomains.com. IN A 32896 1 76523 0 1 0 0 -1
ns-cloud-a3.googledomains.com. IN A 0
msg ns-1799.awsdns-32.co.uk. IN AAAA 32896 1 76523 0 1 0 0 -1
ns-1799.awsdns-32.co.uk. IN AAAA 0
msg omni128.de. IN DNSKEY 33152 1 939 5 1 0 0 -1
omni128.de. IN DNSKEY 0
msg ns-1696.awsdns-20.co.uk. IN A 32896 1 76551 0 1 0 0 -1
ns-1696.awsdns-20.co.uk. IN A 0
msg ns-1952.awsdns-52.co.uk. IN AAAA 32896 1 76658 0 1 0 0 -1
ns-1952.awsdns-52.co.uk. IN AAAA 0
msg ipv4only.arpa. IN A 32896 1 76524 2 1 0 0 5
ipv4only.arpa. IN A 0
msg ns-global.kjsl.com. IN AAAA 32896 1 76296 0 1 0 0 -1
ns-global.kjsl.com. IN AAAA 0
msg dayana.ns.cloudflare.com. IN A 32896 1 76608 0 1 0 0 -1
dayana.ns.cloudflare.com. IN A 0
msg ns-1537.awsdns-00.co.uk. IN AAAA 32896 1 76524 0 1 0 0 -1
ns-1537.awsdns-00.co.uk. IN AAAA 0
msg ns-1471.awsdns-55.org. IN AAAA 32896 1 76521 0 1 0 0 -1
ns-1471.awsdns-55.org. IN AAAA 0
msg ns-664.awsdns-19.net. IN A 32896 1 76553 0 1 0 0 -1
ns-664.awsdns-19.net. IN A 0
msg ns-cloud-e2.googledomains.com. IN AAAA 32896 1 76523 0 1 0 0 -1
ns-cloud-e2.googledomains.com. IN AAAA 0
msg ns.second-ns.com. IN A 32896 1 3620 0 1 0 0 -1
ns.second-ns.com. IN A 0
msg dns2.equant.net. IN A 32896 1 76668 0 1 0 0 -1
dns2.equant.net. IN A 0
msg ns-cloud-d2.googledomains.com. IN AAAA 32896 1 76523 0 1 0 0 -1
ns-cloud-d2.googledomains.com. IN AAAA 0
msg ns-1701.awsdns-20.co.uk. IN AAAA 32896 1 76526 0 1 0 0 -1
ns-1701.awsdns-20.co.uk. IN AAAA 0
msg ns-1229.awsdns-25.org. IN AAAA 32896 1 83564 0 1 0 0 -1
ns-1229.awsdns-25.org. IN AAAA 0
msg ns-597.awsdns-10.net. IN A 32896 1 78265 0 1 0 0 -1
ns-597.awsdns-10.net. IN A 0
msg ns-1799.awsdns-32.co.uk. IN A 32896 1 76523 0 1 0 0 -1
ns-1799.awsdns-32.co.uk. IN A 0
msg ns-377.awsdns-47.com. IN AAAA 32896 1 76523 0 1 0 0 -1
ns-377.awsdns-47.com. IN AAAA 0
msg ns-1859.awsdns-40.co.uk. IN AAAA 32896 1 76668 0 1 0 0 -1
ns-1859.awsdns-40.co.uk. IN AAAA 0
msg ns-643.awsdns-16.net. IN A 32896 1 83452 0 1 0 0 -1
ns-643.awsdns-16.net. IN A 0
msg ns-862.awsdns-43.net. IN AAAA 32896 1 83564 0 1 0 0 -1
ns-862.awsdns-43.net. IN AAAA 0
msg ns-193.awsdns-24.com. IN A 32896 1 83388 0 1 0 0 -1
ns-193.awsdns-24.com. IN A 0
msg ns-206.awsdns-25.com. IN A 32896 1 76524 0 1 0 0 -1
ns-206.awsdns-25.com. IN A 0
msg tagesschau.de. IN AAAA 32896 1 76526 2 1 0 0 5
tagesschau.de. IN AAAA 0
msg ns-1402.awsdns-47.org. IN A 32896 1 82207 0 1 0 0 -1
ns-1402.awsdns-47.org. IN A 0
msg ns-cloud-a1.googledomains.com. IN A 32896 1 76523 0 1 0 0 -1
ns-cloud-a1.googledomains.com. IN A 0
msg ns-1484.awsdns-57.org. IN AAAA 32896 1 78526 0 1 0 0 -1
ns-1484.awsdns-57.org. IN AAAA 0
msg dns3.p02.nsone.net. IN AAAA 32896 1 78265 0 1 0 0 -1
dns3.p02.nsone.net. IN AAAA 0
msg ns-1502.awsdns-59.org. IN AAAA 32896 1 76553 0 1 0 0 -1
ns-1502.awsdns-59.org. IN AAAA 0
msg ns-967.awsdns-56.net. IN A 32896 1 76551 0 1 0 0 -1
ns-967.awsdns-56.net. IN A 0
msg ns-398.awsdns-49.com. IN A 32896 1 83564 0 1 0 0 -1
ns-398.awsdns-49.com. IN A 0
msg ns.hetzner.com. IN A 32896 1 20 0 0 1 0 -1
hetzner.com. IN SOA 4
msg pdns196.ultradns.info. IN AAAA 32896 1 76526 0 1 0 0 -1
pdns196.ultradns.info. IN AAAA 0
msg ns-321.awsdns-40.com. IN A 32896 1 83564 0 1 0 0 -1
ns-321.awsdns-40.com. IN A 0
msg ns1-240.akam.net. IN AAAA 32896 1 76521 0 1 0 0 -1
ns1-240.akam.net. IN AAAA 0
msg dns1.p08.nsone.net. IN AAAA 32896 1 78361 0 1 0 0 -1
dns1.p08.nsone.net. IN AAAA 0
msg ns-363.awsdns-45.com. IN AAAA 32896 1 78579 0 1 0 0 -1
ns-363.awsdns-45.com. IN AAAA 0
msg c.ns.facebook.com. IN A 32896 1 76596 0 1 0 0 -1
c.ns.facebook.com. IN A 0
msg ns-387.awsdns-48.com. IN AAAA 32896 1 76658 0 1 0 0 -1
ns-387.awsdns-48.com. IN AAAA 0
msg ns-1305.awsdns-35.org. IN A 32896 1 76526 0 1 0 0 -1
ns-1305.awsdns-35.org. IN A 0
msg ns-cloud-e3.googledomains.com. IN A 32896 1 76523 0 1 0 0 -1
ns-cloud-e3.googledomains.com. IN A 0
msg ns-1655.awsdns-14.co.uk. IN AAAA 32896 1 76521 0 1 0 0 -1
ns-1655.awsdns-14.co.uk. IN AAAA 0
msg ns-780.awsdns-33.net. IN A 32896 1 76597 0 1 0 0 -1
ns-780.awsdns-33.net. IN A 0
msg dns.dns3.de. IN AAAA 32896 1 680 0 1 0 0 -1
dns.dns3.de. IN AAAA 0
msg ep1.adtrafficquality.google. IN HTTPS 32896 1 76599 2 1 0 0 5
ep1.adtrafficquality.google. IN HTTPS 0
msg ns2.3qsdn.net. IN AAAA 32896 1 584 0 1 0 0 -1
ns2.3qsdn.net. IN AAAA 0
msg ns-cloud-c2.googledomains.com. IN A 32896 1 76523 0 1 0 0 -1
ns-cloud-c2.googledomains.com. IN A 0
msg ns-1072.awsdns-06.org. IN A 32896 1 83452 0 1 0 0 -1
ns-1072.awsdns-06.org. IN A 0
msg nick.ns.cloudflare.com. IN A 32896 1 77882 0 1 0 0 -1
nick.ns.cloudflare.com. IN A 0
msg ns-1995.awsdns-57.co.uk. IN AAAA 32896 1 76523 0 1 0 0 -1
ns-1995.awsdns-57.co.uk. IN AAAA 0
msg ns-1859.awsdns-40.co.uk. IN A 32896 1 76668 0 1 0 0 -1
ns-1859.awsdns-40.co.uk. IN A 0
msg ns-664.awsdns-19.net. IN AAAA 32896 1 76553 0 1 0 0 -1
ns-664.awsdns-19.net. IN AAAA 0
msg pdns196.ultradns.co.uk. IN AAAA 32896 1 76526 0 1 0 0 -1
pdns196.ultradns.co.uk. IN AAAA 0
msg a8-66.akam.net. IN A 32896 1 76040 0 1 0 0 -1
a8-66.akam.net. IN A 0
msg co.uk. IN A 32896 1 588 0 0 2 0 -1
co.uk. IN SOA 4
g9f1kiihm8m9vhjk7lrvetbqceogjiqp.co.uk. IN NSEC3 0
msg quincy.ns.cloudflare.com. IN A 32896 1 76608 0 1 0 0 -1
quincy.ns.cloudflare.com. IN A 0
msg ns-1682.awsdns-18.co.uk. IN A 32896 1 83452 0 1 0 0 -1
ns-1682.awsdns-18.co.uk. IN A 0
msg a.ns.facebook.com. IN A 32896 1 76596 0 1 0 0 -1
a.ns.facebook.com. IN A 0
msg ns-1354.awsdns-41.org. IN A 32896 1 78265 0 1 0 0 -1
ns-1354.awsdns-41.org. IN A 0
msg dns1.cscdns.net. IN A 32896 1 19069 0 1 0 0 -1
dns1.cscdns.net. IN A 0
msg ns-1986.awsdns-56.co.uk. IN AAAA 32896 1 76523 0 1 0 0 -1
ns-1986.awsdns-56.co.uk. IN AAAA 0
msg ns-336.awsdns-42.com. IN A 32896 1 76552 0 1 0 0 -1
ns-336.awsdns-42.com. IN A 0
msg ns-1306.awsdns-35.org. IN AAAA 32896 1 76552 0 1 0 0 -1
ns-1306.awsdns-35.org. IN AAAA 0
msg ns-238.awsdns-29.com. IN A 32896 1 76551 0 1 0 0 -1
ns-238.awsdns-29.com. IN A 0
msg ns-cloud-e1.googledomains.com. IN AAAA 32896 1 76523 0 1 0 0 -1
ns-cloud-e1.googledomains.com. IN AAAA 0
msg ns4.apnic.net. IN A 32896 1 76082 0 1 0 0 -1
ns4.apnic.net. IN A 0
msg ns-597.awsdns-10.net. IN AAAA 32896 1 78265 0 1 0 0 -1
ns-597.awsdns-10.net. IN AAAA 0
msg quincy.ns.cloudflare.com. IN AAAA 32896 1 76608 0 1 0 0 -1
quincy.ns.cloudflare.com. IN AAAA 0
msg ns-cloud-d2.googledomains.com. IN A 32896 1 76523 0 1 0 0 -1
ns-cloud-d2.googledomains.com. IN A 0
msg b.ns.facebook.com. IN A 32896 1 76596 0 1 0 0 -1
b.ns.facebook.com. IN A 0
msg edmz.nausch.org. IN DNSKEY 33152 1 1760 5 1 0 0 -1
edmz.nausch.org. IN DNSKEY 0
msg udns1.cscudns.com. IN A 32896 1 4669 0 1 0 0 -1
udns1.cscudns.com. IN A 0
msg a.ns.facebook.com. IN AAAA 32896 1 76597 0 1 0 0 -1
a.ns.facebook.com. IN AAAA 0
msg ns-1140.awsdns-14.org. IN A 32896 1 76551 0 1 0 0 -1
ns-1140.awsdns-14.org. IN A 0
msg _ta-72bb.omni128.de. IN NULL 33155 1 939 0 0 4 0 -1
omni128.de. IN SOA 4
1E93L6R5OS67N6645CUIN8428HQK1B0O.omni128.de. IN NSEC3 0
FD42P7DSL2F5BOECQ23GPU0E7CM5ST45.omni128.de. IN NSEC3 0
1KIJKA46V3JHCQS25LTECC61LVBE80M5.omni128.de. IN NSEC3 0
msg ns-cloud-e4.googledomains.com. IN AAAA 32896 1 76523 0 1 0 0 -1
ns-cloud-e4.googledomains.com. IN AAAA 0
msg rirns.arin.net. IN A 32896 1 32881 0 1 0 0 -1
rirns.arin.net. IN A 0
msg ns-398.awsdns-49.com. IN AAAA 32896 1 83564 0 1 0 0 -1
ns-398.awsdns-49.com. IN AAAA 0
msg ns3.3qsdn.net. IN AAAA 32896 1 584 0 1 0 0 -1
ns3.3qsdn.net. IN AAAA 0
msg red.foundationdns.com. IN AAAA 32896 1 76249 0 1 0 0 -1
red.foundationdns.com. IN AAAA 0
msg push.services.mozilla.com. IN AAAA 32896 1 343 2 0 1 0 5
services.mozilla.com. IN SOA 4
msg 13.92.217.in-addr.arpa. IN DNSKEY 33152 1 1217 5 1 0 0 -1
13.92.217.in-addr.arpa. IN DNSKEY 0
msg ns-321.awsdns-40.com. IN AAAA 32896 1 83564 0 1 0 0 -1
ns-321.awsdns-40.com. IN AAAA 0
msg ns01.oblookup.com. IN AAAA 32896 1 588 0 0 1 0 -1
oblookup.com. IN SOA 4
msg ac.duckduckgo.com. IN HTTPS 32896 1 581 2 1 1 0 5
ac.duckduckgo.com. IN CNAME 0
duckduckgo.com. IN SOA 4
msg ns-1364.awsdns-42.org. IN A 32896 1 76522 0 1 0 0 -1
ns-1364.awsdns-42.org. IN A 0
msg a3-66.akam.net. IN A 32896 1 76034 0 1 0 0 -1
a3-66.akam.net. IN A 0
msg ns-409.awsdns-51.com. IN AAAA 32896 1 78526 0 1 0 0 -1
ns-409.awsdns-51.com. IN AAAA 0
msg dns3.p02.nsone.net. IN A 32896 1 78265 0 1 0 0 -1
dns3.p02.nsone.net. IN A 0
msg ns-1305.awsdns-35.org. IN AAAA 32896 1 76526 0 1 0 0 -1
ns-1305.awsdns-35.org. IN AAAA 0
msg dns3.p08.nsone.net. IN A 32896 1 78361 0 1 0 0 -1
dns3.p08.nsone.net. IN A 0
msg ns-596.awsdns-10.net. IN AAAA 32896 1 78265 0 1 0 0 -1
ns-596.awsdns-10.net. IN AAAA 0
msg cdn.3qsdn.com. IN A 32896 1 584 0 0 1 0 -1
3qsdn.com. IN SOA 4
msg ns-609.awsdns-12.net. IN A 32896 1 78526 0 1 0 0 -1
ns-609.awsdns-12.net. IN A 0
msg ns-cloud-d4.googledomains.com. IN A 32896 1 76523 0 1 0 0 -1
ns-cloud-d4.googledomains.com. IN A 0
msg ns-1707.awsdns-21.co.uk. IN AAAA 32896 1 78361 0 1 0 0 -1
ns-1707.awsdns-21.co.uk. IN AAAA 0
msg secondary004.dtag.net. IN A 32896 1 76034 0 1 0 0 -1
secondary004.dtag.net. IN A 0
msg c.ns.facebook.com. IN AAAA 32896 1 76597 0 1 0 0 -1
c.ns.facebook.com. IN AAAA 0
msg dns1.p05.nsone.net. IN AAAA 32896 1 77067 0 1 0 0 -1
dns1.p05.nsone.net. IN AAAA 0
msg casey.ns.cloudflare.com. IN AAAA 32896 1 78477 0 1 0 0 -1
casey.ns.cloudflare.com. IN AAAA 0
msg dns1.p05.nsone.net. IN A 32896 1 77067 0 1 0 0 -1
dns1.p05.nsone.net. IN A 0
msg dns4.p08.nsone.net. IN A 32896 1 78264 0 1 0 0 -1
dns4.p08.nsone.net. IN A 0
msg ns-914.awsdns-50.net. IN A 32896 1 76552 0 1 0 0 -1
ns-914.awsdns-50.net. IN A 0
msg ns-193.awsdns-24.com. IN AAAA 32896 1 83388 0 1 0 0 -1
ns-193.awsdns-24.com. IN AAAA 0
msg secondary007.dtag.net. IN A 32896 1 75197 0 1 0 0 -1
secondary007.dtag.net. IN A 0
msg ns-479.awsdns-59.com. IN AAAA 32896 1 76668 0 1 0 0 -1
ns-479.awsdns-59.com. IN AAAA 0
msg ns-cloud-b1.googledomains.com. IN AAAA 32896 1 76523 0 1 0 0 -1
ns-cloud-b1.googledomains.com. IN AAAA 0
msg red.foundationdns.net. IN AAAA 32896 1 76249 0 1 0 0 -1
red.foundationdns.net. IN AAAA 0
msg ns2.3qsdn.net. IN A 32896 1 584 0 1 0 0 -1
ns2.3qsdn.net. IN A 0
msg ns-1820.awsdns-35.co.uk. IN AAAA 32896 1 83388 0 1 0 0 -1
ns-1820.awsdns-35.co.uk. IN AAAA 0
msg www.merkur.de. IN HTTPS 32896 1 582 2 0 1 0 5
merkur.de. IN SOA 4
msg c.icann-servers.net. IN A 32896 1 18924 0 1 0 0 -1
c.icann-servers.net. IN A 0
msg ns-258.awsdns-32.com. IN A 32896 1 76522 0 1 0 0 -1
ns-258.awsdns-32.com. IN A 0
msg ns-1431.awsdns-50.org. IN A 32896 1 83452 0 1 0 0 -1
ns-1431.awsdns-50.org. IN A 0
msg ns4-64.akam.net. IN A 32896 1 76521 0 1 0 0 -1
ns4-64.akam.net. IN A 0
msg ns-1294.awsdns-33.org. IN A 32896 1 76553 0 1 0 0 -1
ns-1294.awsdns-33.org. IN A 0
msg ns-629.awsdns-14.net. IN AAAA 32896 1 76526 0 1 0 0 -1
ns-629.awsdns-14.net. IN AAAA 0
msg revenuereel.cdn.3qsdn.com. IN A 32896 1 584 0 0 1 0 -1
3qsdn.com. IN SOA 4
msg dns02.dns.t-ipnet.de. IN A 32896 1 75197 0 1 0 0 -1
dns02.dns.t-ipnet.de. IN A 0
msg ns-1140.awsdns-14.org. IN AAAA 32896 1 76551 0 1 0 0 -1
ns-1140.awsdns-14.org. IN AAAA 0
msg dns50.dns.t-ipnet.de. IN A 32896 1 75197 0 1 0 0 -1
dns50.dns.t-ipnet.de. IN A 0
msg pdns109.ultradns.biz. IN AAAA 32896 1 76526 0 1 0 0 -1
pdns109.ultradns.biz. IN AAAA 0
msg ns-178.awsdns-22.com. IN AAAA 32896 1 76523 0 1 0 0 -1
ns-178.awsdns-22.com. IN AAAA 0
msg ns-1431.awsdns-50.org. IN AAAA 32896 1 83452 0 1 0 0 -1
ns-1431.awsdns-50.org. IN AAAA 0
msg a11-66.akam.net. IN AAAA 32896 1 76034 0 1 0 0 -1
a11-66.akam.net. IN AAAA 0
msg ns-336.awsdns-42.com. IN AAAA 32896 1 76552 0 1 0 0 -1
ns-336.awsdns-42.com. IN AAAA 0
msg ns-967.awsdns-56.net. IN AAAA 32896 1 76551 0 1 0 0 -1
ns-967.awsdns-56.net. IN AAAA 0
msg red.foundationdns.org. IN A 32896 1 76249 0 1 0 0 -1
red.foundationdns.org. IN A 0
msg _ta-1f54.nausch.org. IN NULL 33155 1 140 0 0 4 0 -1
nausch.org. IN SOA 4
L7OK83SUME9M4NOPAAU5226T0H7UBEAM.nausch.org. IN NSEC3 0
BKAEUG26R59V4VAECPL32PJC7BK55ETC.nausch.org. IN NSEC3 0
DHR8NL5DOH6OB2SFO1BST9HKQ1FUG5HS.nausch.org. IN NSEC3 0
msg ns-global.kjsl.com. IN A 32896 1 76296 0 1 0 0 -1
ns-global.kjsl.com. IN A 0
msg ns-1411.awsdns-48.org. IN A 32896 1 78265 0 1 0 0 -1
ns-1411.awsdns-48.org. IN A 0
msg ns-144.awsdns-18.com. IN AAAA 32896 1 76551 0 1 0 0 -1
ns-144.awsdns-18.com. IN AAAA 0
msg ns-1016.awsdns-63.net. IN AAAA 32896 1 77957 0 1 0 0 -1
ns-1016.awsdns-63.net. IN AAAA 0
msg ns-1521.awsdns-62.org. IN A 32896 1 76597 0 1 0 0 -1
ns-1521.awsdns-62.org. IN A 0
msg ns-1306.awsdns-35.org. IN A 32896 1 76552 0 1 0 0 -1
ns-1306.awsdns-35.org. IN A 0
msg blue.foundationdns.org. IN AAAA 32896 1 76249 0 1 0 0 -1
blue.foundationdns.org. IN AAAA 0
msg ns-1597.awsdns-07.co.uk. IN AAAA 32896 1 76552 0 1 0 0 -1
ns-1597.awsdns-07.co.uk. IN AAAA 0
msg pri.authdns.ripe.net. IN AAAA 32896 1 76081 0 1 0 0 -1
pri.authdns.ripe.net. IN AAAA 0
msg dns4.p02.nsone.net. IN A 32896 1 78265 0 1 0 0 -1
dns4.p02.nsone.net. IN A 0
msg helium.ns.hetzner.de. IN AAAA 32896 1 20 0 1 0 0 -1
helium.ns.hetzner.de. IN AAAA 0
msg ns-879.awsdns-45.net. IN A 32896 1 76553 0 1 0 0 -1
ns-879.awsdns-45.net. IN A 0
msg ns0.leaseweb.com. IN A 32896 1 76295 0 1 0 0 -1
ns0.leaseweb.com. IN A 0
msg self.adblockultimate.net. IN AAAA 32896 1 150 2 0 1 0 5
adblockultimate.net. IN SOA 4
msg ns-cloud-e3.googledomains.com. IN AAAA 32896 1 76523 0 1 0 0 -1
ns-cloud-e3.googledomains.com. IN AAAA 0
msg ns-cloud-a4.googledomains.com. IN A 32896 1 76523 0 1 0 0 -1
ns-cloud-a4.googledomains.com. IN A 0
msg ns-144.awsdns-18.com. IN A 32896 1 76551 0 1 0 0 -1
ns-144.awsdns-18.com. IN A 0
msg blue.foundationdns.org. IN A 32896 1 76249 0 1 0 0 -1
blue.foundationdns.org. IN A 0
msg ns-596.awsdns-10.net. IN A 32896 1 78265 0 1 0 0 -1
ns-596.awsdns-10.net. IN A 0
msg ns-1918.awsdns-47.co.uk. IN A 32896 1 76551 0 1 0 0 -1
ns-1918.awsdns-47.co.uk. IN A 0
msg redirect.archlinux.org. IN A 32896 1 20 0 1 0 0 -1
redirect.archlinux.org. IN A 0
msg a8-66.akam.net. IN AAAA 32896 1 76040 0 1 0 0 -1
a8-66.akam.net. IN AAAA 0
msg ns-181.awsdns-22.com. IN AAAA 32896 1 78265 0 1 0 0 -1
ns-181.awsdns-22.com. IN AAAA 0
msg ns-1108.awsdns-10.org. IN A 32896 1 76552 0 1 0 0 -1
ns-1108.awsdns-10.org. IN A 0
msg ns-834.awsdns-40.net. IN AAAA 32896 1 78579 0 1 0 0 -1
ns-834.awsdns-40.net. IN AAAA 0
msg ns-562.awsdns-06.net. IN AAAA 32896 1 83564 0 1 0 0 -1
ns-562.awsdns-06.net. IN AAAA 0
msg hydrogen.ns.hetzner.com. IN A 32896 1 3620 0 1 0 0 -1
hydrogen.ns.hetzner.com. IN A 0
msg ns-879.awsdns-45.net. IN AAAA 32896 1 76553 0 1 0 0 -1
ns-879.awsdns-45.net. IN AAAA 0
msg ns-1691.awsdns-19.co.uk. IN AAAA 32896 1 76596 0 1 0 0 -1
ns-1691.awsdns-19.co.uk. IN AAAA 0
msg relay-client-c03.iocnt.net. IN AAAA 32896 1 583 2 0 2 0 5
iocnt.net. IN SOA 4
relay-client-c03.iocnt.net. IN NSEC 0
msg ns2bkr.name.com. IN A 32896 1 11497 0 1 0 0 -1
ns2bkr.name.com. IN A 0
msg ping.archlinux.org. IN AAAA 32896 1 20 2 2 0 0 5
ping.archlinux.org. IN CNAME 0
redirect.archlinux.org. IN AAAA 0
msg ns-377.awsdns-47.com. IN A 32896 1 76523 0 1 0 0 -1
ns-377.awsdns-47.com. IN A 0
msg ns-627.awsdns-14.net. IN AAAA 32896 1 76668 0 1 0 0 -1
ns-627.awsdns-14.net. IN AAAA 0
msg ns-1670.awsdns-16.co.uk. IN A 32896 1 83564 0 1 0 0 -1
ns-1670.awsdns-16.co.uk. IN A 0
msg ns-1949.awsdns-51.co.uk. IN A 32896 1 78526 0 1 0 0 -1
ns-1949.awsdns-51.co.uk. IN A 0
msg red.foundationdns.net. IN A 32896 1 76249 0 1 0 0 -1
red.foundationdns.net. IN A 0
msg ns-cloud-a1.googledomains.com. IN AAAA 32896 1 76523 0 1 0 0 -1
ns-cloud-a1.googledomains.com. IN AAAA 0
msg ns-cloud-e1.googledomains.com. IN A 32896 1 76523 0 1 0 0 -1
ns-cloud-e1.googledomains.com. IN A 0
msg katelyn.ns.cloudflare.com. IN A 32896 1 76477 0 1 0 0 -1
katelyn.ns.cloudflare.com. IN A 0
msg fonts.gstatic.com. IN HTTPS 32896 1 11798 2 1 0 0 5
fonts.gstatic.com. IN HTTPS 0
msg ns-206.awsdns-25.com. IN AAAA 32896 1 76524 0 1 0 0 -1
ns-206.awsdns-25.com. IN AAAA 0
msg ns-387.awsdns-48.com. IN A 32896 1 76658 0 1 0 0 -1
ns-387.awsdns-48.com. IN A 0
msg nausch.org. IN DNSKEY 33152 1 3411 5 1 0 0 -1
nausch.org. IN DNSKEY 0
msg ns-953.awsdns-55.net. IN AAAA 32896 1 83388 0 1 0 0 -1
ns-953.awsdns-55.net. IN AAAA 0
msg www.google.com. IN HTTPS 32896 1 11797 2 1 0 0 5
www.google.com. IN HTTPS 0
msg dns.dns4.de. IN A 32896 1 83383 0 1 0 0 -1
dns.dns4.de. IN A 0
msg ns-1354.awsdns-41.org. IN AAAA 32896 1 78265 0 1 0 0 -1
ns-1354.awsdns-41.org. IN AAAA 0
msg a.lactld.org. IN AAAA 32896 1 76082 0 1 0 0 -1
a.lactld.org. IN AAAA 0
msg dns2.p07.nsone.net. IN A 32896 1 83388 0 1 0 0 -1
dns2.p07.nsone.net. IN A 0
msg ns02.oblookup.com. IN AAAA 32896 1 588 0 0 1 0 -1
oblookup.com. IN SOA 4
msg a12-64.akam.net. IN AAAA 32896 1 76526 0 1 0 0 -1
a12-64.akam.net. IN AAAA 0
msg ns-1766.awsdns-28.co.uk. IN A 32896 1 78265 0 1 0 0 -1
ns-1766.awsdns-28.co.uk. IN A 0
msg ns-520.awsdns-01.net. IN A 32896 1 78264 0 1 0 0 -1
ns-520.awsdns-01.net. IN A 0
msg ns-772.awsdns-32.net. IN AAAA 32896 1 76524 0 1 0 0 -1
ns-772.awsdns-32.net. IN AAAA 0
msg ns-1820.awsdns-35.co.uk. IN A 32896 1 83388 0 1 0 0 -1
ns-1820.awsdns-35.co.uk. IN A 0
msg ns-1867.awsdns-41.co.uk. IN AAAA 32896 1 78265 0 1 0 0 -1
ns-1867.awsdns-41.co.uk. IN AAAA 0
msg ns5-65.akam.net. IN A 32896 1 76521 0 1 0 0 -1
ns5-65.akam.net. IN A 0
msg _ta-0eb0.wetterstation-pliening.info. IN NULL 33155 1 2724 0 0 3 0 -1
wetterstation-pliening.info. IN SOA 4
ENI8UO5JPFVDKD2S86NDHM73OIL7UQ0C.wetterstation-pliening.info. IN NSEC3 0
I4M5I8Q57K0R42VIGEU41AATCOIK29MV.wetterstation-pliening.info. IN NSEC3 0
msg ns-cloud-c2.googledomains.com. IN AAAA 32896 1 76523 0 1 0 0 -1
ns-cloud-c2.googledomains.com. IN AAAA 0
msg a20-65.akam.net. IN A 32896 1 76526 0 1 0 0 -1
a20-65.akam.net. IN A 0
msg dns1.p02.nsone.net. IN A 32896 1 78265 0 1 0 0 -1
dns1.p02.nsone.net. IN A 0
msg a1-214.akam.net. IN A 32896 1 76040 0 1 0 0 -1
a1-214.akam.net. IN A 0
msg ns1.leaseweb.com. IN AAAA 32896 1 76295 0 1 0 0 -1
ns1.leaseweb.com. IN AAAA 0
msg ns-163.awsdns-20.com. IN A 32896 1 83452 0 1 0 0 -1
ns-163.awsdns-20.com. IN A 0
msg ns-cloud-a4.googledomains.com. IN AAAA 32896 1 76523 0 1 0 0 -1
ns-cloud-a4.googledomains.com. IN AAAA 0
msg pdns196.ultradns.net. IN AAAA 32896 1 76526 0 1 0 0 -1
pdns196.ultradns.net. IN AAAA 0
msg ns-1471.awsdns-55.org. IN A 32896 1 76521 0 1 0 0 -1
ns-1471.awsdns-55.org. IN A 0
msg ns-1402.awsdns-47.org. IN AAAA 32896 1 82207 0 1 0 0 -1
ns-1402.awsdns-47.org. IN AAAA 0
msg kia.ns.cloudflare.com. IN AAAA 32896 1 77882 0 1 0 0 -1
kia.ns.cloudflare.com. IN AAAA 0
msg ns-780.awsdns-33.net. IN AAAA 32896 1 76597 0 1 0 0 -1
ns-780.awsdns-33.net. IN AAAA 0
msg ns-1995.awsdns-57.co.uk. IN A 32896 1 76523 0 1 0 0 -1
ns-1995.awsdns-57.co.uk. IN A 0
msg ns-cloud-e4.googledomains.com. IN A 32896 1 76523 0 1 0 0 -1
ns-cloud-e4.googledomains.com. IN A 0
msg dns1.p02.nsone.net. IN AAAA 32896 1 78265 0 1 0 0 -1
dns1.p02.nsone.net. IN AAAA 0
msg ns-571.awsdns-07.net. IN AAAA 32896 1 76552 0 1 0 0 -1
ns-571.awsdns-07.net. IN AAAA 0
msg 0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. IN DNSKEY 33152 1 1328 5 1 0 0 -1
0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. IN DNSKEY 0
msg ns-679.awsdns-20.net. IN A 32896 1 76521 0 1 0 0 -1
ns-679.awsdns-20.net. IN A 0
msg telemetry-incoming.r53-2.services.mozilla.com. IN A 32896 1 569 0 1 0 0 -1
telemetry-incoming.r53-2.services.mozilla.com. IN A 0
msg ns-1411.awsdns-48.org. IN AAAA 32896 1 78265 0 1 0 0 -1
ns-1411.awsdns-48.org. IN AAAA 0
msg ns-458.awsdns-57.com. IN AAAA 32896 1 83564 0 1 0 0 -1
ns-458.awsdns-57.com. IN AAAA 0
msg ns-1668.awsdns-16.co.uk. IN A 32896 1 83388 0 1 0 0 -1
ns-1668.awsdns-16.co.uk. IN A 0
msg ns-cloud-c4.googledomains.com. IN A 32896 1 76523 0 1 0 0 -1
ns-cloud-c4.googledomains.com. IN A 0
msg ns-1887.awsdns-43.co.uk. IN AAAA 32896 1 76526 0 1 0 0 -1
ns-1887.awsdns-43.co.uk. IN AAAA 0
msg ns-26.awsdns-03.com. IN A 32896 1 76523 0 1 0 0 -1
ns-26.awsdns-03.com. IN A 0
msg _ta-1bcd.13.92.217.in-addr.arpa. IN NULL 33155 1 1217 0 0 4 0 -1
13.92.217.in-addr.arpa. IN SOA 4
6URQR9IA73I7D6SAAHRPPVL2BOFGR8F7.13.92.217.in-addr.arpa. IN NSEC3 0
BAPVHM28EH7AU2O6TVUV10T1DI95G4M8.13.92.217.in-addr.arpa. IN NSEC3 0
MIULOR7V6APH9D03FFVEL0JVQRLMRNQC.13.92.217.in-addr.arpa. IN NSEC3 0
msg ns-1295.awsdns-33.org. IN A 32896 1 76553 0 1 0 0 -1
ns-1295.awsdns-33.org. IN A 0
msg dns.dns3.de. IN A 32896 1 83480 0 1 0 0 -1
dns.dns3.de. IN A 0
msg telemetry.mozilla.org. IN A 32896 1 569 0 1 0 0 -1
telemetry.mozilla.org. IN A 0
msg ns-258.awsdns-32.com. IN AAAA 32896 1 76522 0 1 0 0 -1
ns-258.awsdns-32.com. IN AAAA 0
msg ns-1016.awsdns-63.net. IN A 32896 1 77957 0 1 0 0 -1
ns-1016.awsdns-63.net. IN A 0
msg nsusa.comlaude.net. IN AAAA 32896 1 76668 0 1 0 0 -1
nsusa.comlaude.net. IN AAAA 0
msg ns-519.awsdns-00.net. IN AAAA 32896 1 76553 0 1 0 0 -1
ns-519.awsdns-00.net. IN AAAA 0
msg dns2.p02.nsone.net. IN A 32896 1 78265 0 1 0 0 -1
dns2.p02.nsone.net. IN A 0
msg ns-1526.awsdns-62.org. IN A 32896 1 76523 0 1 0 0 -1
ns-1526.awsdns-62.org. IN A 0
msg blue.foundationdns.com. IN AAAA 32896 1 76249 0 1 0 0 -1
blue.foundationdns.com. IN AAAA 0
msg ns-cloud-a2.googledomains.com. IN AAAA 32896 1 76523 0 1 0 0 -1
ns-cloud-a2.googledomains.com. IN AAAA 0
msg ns-1630.awsdns-11.co.uk. IN AAAA 32896 1 83564 0 1 0 0 -1
ns-1630.awsdns-11.co.uk. IN AAAA 0
msg ns-1805.awsdns-33.co.uk. IN AAAA 32896 1 76552 0 1 0 0 -1
ns-1805.awsdns-33.co.uk. IN AAAA 0
msg a11-66.akam.net. IN A 32896 1 76034 0 1 0 0 -1
a11-66.akam.net. IN A 0
msg nsgbr.comlaude.co.uk. IN AAAA 32896 1 76668 0 1 0 0 -1
nsgbr.comlaude.co.uk. IN AAAA 0
msg ns-cloud-c3.googledomains.com. IN AAAA 32896 1 76523 0 1 0 0 -1
ns-cloud-c3.googledomains.com. IN AAAA 0
msg ns-273.awsdns-34.com. IN AAAA 32896 1 76526 0 1 0 0 -1
ns-273.awsdns-34.com. IN AAAA 0
msg mitch.ns.cloudflare.com. IN AAAA 32896 1 76477 0 1 0 0 -1
mitch.ns.cloudflare.com. IN AAAA 0
msg ns.infonline.de. IN A 32896 1 83383 0 1 0 0 -1
ns.infonline.de. IN A 0
msg ns-1670.awsdns-16.co.uk. IN AAAA 32896 1 83564 0 1 0 0 -1
ns-1670.awsdns-16.co.uk. IN AAAA 0
msg ns-370.awsdns-46.com. IN AAAA 32896 1 78265 0 1 0 0 -1
ns-370.awsdns-46.com. IN AAAA 0
msg ns-1084.awsdns-07.org. IN A 32896 1 76523 0 1 0 0 -1
ns-1084.awsdns-07.org. IN A 0
msg b.icann-servers.net. IN A 32896 1 18924 0 1 0 0 -1
b.icann-servers.net. IN A 0
msg ns-507.awsdns-63.com. IN AAAA 32896 1 76668 0 1 0 0 -1
ns-507.awsdns-63.com. IN AAAA 0
msg ns-704.awsdns-24.net. IN A 32896 1 77048 0 1 0 0 -1
ns-704.awsdns-24.net. IN A 0
msg pri.authdns.ripe.net. IN A 32896 1 76081 0 1 0 0 -1
pri.authdns.ripe.net. IN A 0
msg ns-1433.awsdns-51.org. IN AAAA 32896 1 83565 0 1 0 0 -1
ns-1433.awsdns-51.org. IN AAAA 0
msg ns-1321.awsdns-37.org. IN A 32896 1 83564 0 1 0 0 -1
ns-1321.awsdns-37.org. IN A 0
msg ns-2014.awsdns-59.co.uk. IN A 32896 1 78579 0 1 0 0 -1
ns-2014.awsdns-59.co.uk. IN A 0
msg ns-1111.awsdns-10.org. IN AAAA 32896 1 76526 0 1 0 0 -1
ns-1111.awsdns-10.org. IN AAAA 0
msg ns-1741.awsdns-25.co.uk. IN A 32896 1 76526 0 1 0 0 -1
ns-1741.awsdns-25.co.uk. IN A 0
msg ns-1952.awsdns-52.co.uk. IN A 32896 1 76658 0 1 0 0 -1
ns-1952.awsdns-52.co.uk. IN A 0
msg 10.0.10.in-addr.arpa. IN DNSKEY 33152 1 3012 5 1 0 0 -1
10.0.10.in-addr.arpa. IN DNSKEY 0
msg udns2.cscudns.org. IN AAAA 32896 1 4669 0 1 0 0 -1
udns2.cscudns.org. IN AAAA 0
msg ns-1198.awsdns-21.org. IN A 32896 1 76668 0 1 0 0 -1
ns-1198.awsdns-21.org. IN A 0
msg secondary007.dtag.net. IN AAAA 32896 1 75197 0 1 0 0 -1
secondary007.dtag.net. IN AAAA 0
msg ns-1625.awsdns-11.co.uk. IN A 32896 1 76553 0 1 0 0 -1
ns-1625.awsdns-11.co.uk. IN A 0
msg ns-1696.awsdns-20.co.uk. IN AAAA 32896 1 76551 0 1 0 0 -1
ns-1696.awsdns-20.co.uk. IN AAAA 0
msg nsusa.comlaude.net. IN A 32896 1 76668 0 1 0 0 -1
nsusa.comlaude.net. IN A 0
msg 0.0.10.in-addr.arpa. IN DNSKEY 33152 1 1770 5 1 0 0 -1
0.0.10.in-addr.arpa. IN DNSKEY 0
msg ns-1507.awsdns-60.org. IN A 32896 1 76524 0 1 0 0 -1
ns-1507.awsdns-60.org. IN A 0
msg a20-65.akam.net. IN AAAA 32896 1 76526 0 1 0 0 -1
a20-65.akam.net. IN AAAA 0
msg ns-cloud-d1.googledomains.com. IN A 32896 1 76523 0 1 0 0 -1
ns-cloud-d1.googledomains.com. IN A 0
msg ns-378.awsdns-47.com. IN AAAA 32896 1 76526 0 1 0 0 -1
ns-378.awsdns-47.com. IN AAAA 0
msg ns4.3qsdn.net. IN AAAA 32896 1 584 0 1 0 0 -1
ns4.3qsdn.net. IN AAAA 0
msg ns-520.awsdns-01.net. IN AAAA 32896 1 78264 0 1 0 0 -1
ns-520.awsdns-01.net. IN AAAA 0
msg ns-1227.awsdns-25.org. IN AAAA 32896 1 83388 0 1 0 0 -1
ns-1227.awsdns-25.org. IN AAAA 0
msg dns3.p08.nsone.net. IN AAAA 32896 1 78361 0 1 0 0 -1
dns3.p08.nsone.net. IN AAAA 0
msg ns-26.awsdns-03.com. IN AAAA 32896 1 76523 0 1 0 0 -1
ns-26.awsdns-03.com. IN AAAA 0
msg a.icann-servers.net. IN AAAA 32896 1 18924 0 1 0 0 -1
a.icann-servers.net. IN AAAA 0
msg ns-1526.awsdns-62.org. IN AAAA 32896 1 76523 0 1 0 0 -1
ns-1526.awsdns-62.org. IN AAAA 0
msg a1-214.akam.net. IN AAAA 32896 1 76040 0 1 0 0 -1
a1-214.akam.net. IN AAAA 0
msg ns-1072.awsdns-06.org. IN AAAA 32896 1 83452 0 1 0 0 -1
ns-1072.awsdns-06.org. IN AAAA 0
msg dns1.p07.nsone.net. IN A 32896 1 83388 0 1 0 0 -1
dns1.p07.nsone.net. IN A 0
msg dns2.p05.nsone.net. IN A 32896 1 77067 0 1 0 0 -1
dns2.p05.nsone.net. IN A 0
msg ns-1701.awsdns-20.co.uk. IN A 32896 1 76526 0 1 0 0 -1
ns-1701.awsdns-20.co.uk. IN A 0
msg ns-cloud-b3.googledomains.com. IN A 32896 1 76523 0 1 0 0 -1
ns-cloud-b3.googledomains.com. IN A 0
msg ns-643.awsdns-16.net. IN AAAA 32896 1 83452 0 1 0 0 -1
ns-643.awsdns-16.net. IN AAAA 0
msg ns-614.awsdns-12.net. IN A 32896 1 76523 0 1 0 0 -1
ns-614.awsdns-12.net. IN A 0
msg ping.archlinux.org. IN A 32896 1 20 2 2 0 0 5
ping.archlinux.org. IN CNAME 0
redirect.archlinux.org. IN A 0
msg katelyn.ns.cloudflare.com. IN AAAA 32896 1 76477 0 1 0 0 -1
katelyn.ns.cloudflare.com. IN AAAA 0
msg ns-522.awsdns-01.net. IN A 32896 1 83388 0 1 0 0 -1
ns-522.awsdns-01.net. IN A 0
msg duckduckgo.com. IN HTTPS 32896 1 581 0 0 1 0 -1
duckduckgo.com. IN SOA 4
msg ns-522.awsdns-01.net. IN AAAA 32896 1 83388 0 1 0 0 -1
ns-522.awsdns-01.net. IN AAAA 0
msg ns-914.awsdns-50.net. IN AAAA 32896 1 76552 0 1 0 0 -1
ns-914.awsdns-50.net. IN AAAA 0
msg ns-2042.awsdns-63.co.uk. IN AAAA 32896 1 83452 0 1 0 0 -1
ns-2042.awsdns-63.co.uk. IN AAAA 0
msg ns-351.awsdns-43.com. IN AAAA 32896 1 77048 0 1 0 0 -1
ns-351.awsdns-43.com. IN AAAA 0
msg ns-1364.awsdns-42.org. IN AAAA 32896 1 76522 0 1 0 0 -1
ns-1364.awsdns-42.org. IN AAAA 0
msg ns2bkr.name.com. IN AAAA 32896 1 11497 0 1 0 0 -1
ns2bkr.name.com. IN AAAA 0
msg c.icann-servers.net. IN AAAA 32896 1 18924 0 1 0 0 -1
c.icann-servers.net. IN AAAA 0
msg ns-381.awsdns-47.com. IN AAAA 32896 1 83452 0 1 0 0 -1
ns-381.awsdns-47.com. IN AAAA 0
msg ns-772.awsdns-32.net. IN A 32896 1 76524 0 1 0 0 -1
ns-772.awsdns-32.net. IN A 0
msg ns-221.awsdns-27.com. IN A 32896 1 76553 0 1 0 0 -1
ns-221.awsdns-27.com. IN A 0
msg ns1-174.akam.net. IN A 32896 1 76526 0 1 0 0 -1
ns1-174.akam.net. IN A 0
msg ns-1502.awsdns-59.org. IN A 32896 1 76553 0 1 0 0 -1
ns-1502.awsdns-59.org. IN A 0
msg hydrogen.ns.hetzner.com. IN AAAA 32896 1 3620 0 1 0 0 -1
hydrogen.ns.hetzner.com. IN AAAA 0
msg dns3.p05.nsone.net. IN AAAA 32896 1 77067 0 1 0 0 -1
dns3.p05.nsone.net. IN AAAA 0
msg dns4.p05.nsone.net. IN A 32896 1 77067 0 1 0 0 -1
dns4.p05.nsone.net. IN A 0
msg idmz.nausch.org. IN DNSKEY 33152 1 1949 5 1 0 0 -1
idmz.nausch.org. IN DNSKEY 0
msg nssui.comlaude.ch. IN A 32896 1 76668 0 1 0 0 -1
nssui.comlaude.ch. IN A 0
msg ns-1800.awsdns-33.co.uk. IN AAAA 32896 1 76668 0 1 0 0 -1
ns-1800.awsdns-33.co.uk. IN AAAA 0
msg 3.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. IN DNSKEY 33152 1 224 5 1 0 0 -1
3.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. IN DNSKEY 0
msg ns3.3qsdn.net. IN A 32896 1 584 0 1 0 0 -1
ns3.3qsdn.net. IN A 0
msg ns.dns.br. IN A 32896 1 76082 0 1 0 0 -1
ns.dns.br. IN A 0
msg dns02.dns.t-ipnet.de. IN AAAA 32896 1 75197 0 1 0 0 -1
dns02.dns.t-ipnet.de. IN AAAA 0
msg ns-cloud-b2.googledomains.com. IN AAAA 32896 1 76523 0 1 0 0 -1
ns-cloud-b2.googledomains.com. IN AAAA 0
msg ns-1518.awsdns-61.org. IN AAAA 32896 1 77048 0 1 0 0 -1
ns-1518.awsdns-61.org. IN AAAA 0
msg ns-1691.awsdns-19.co.uk. IN A 32896 1 76596 0 1 0 0 -1
ns-1691.awsdns-19.co.uk. IN A 0
msg ns-238.awsdns-29.com. IN AAAA 32896 1 76552 0 1 0 0 -1
ns-238.awsdns-29.com. IN AAAA 0
msg ns-cloud-c3.googledomains.com. IN A 32896 1 76523 0 1 0 0 -1
ns-cloud-c3.googledomains.com. IN A 0
msg casey.ns.cloudflare.com. IN A 32896 1 78477 0 1 0 0 -1
casey.ns.cloudflare.com. IN A 0
msg ns-1805.awsdns-33.co.uk. IN A 32896 1 76552 0 1 0 0 -1
ns-1805.awsdns-33.co.uk. IN A 0
msg merkur.de. IN AAAA 32896 1 582 2 0 1 0 5
merkur.de. IN SOA 4
msg dns50.dns.t-ipnet.de. IN AAAA 32896 1 75197 0 1 0 0 -1
dns50.dns.t-ipnet.de. IN AAAA 0
msg pdns196.ultradns.biz. IN AAAA 32896 1 76526 0 1 0 0 -1
pdns196.ultradns.biz. IN AAAA 0
msg dns1.p08.nsone.net. IN A 32896 1 78361 0 1 0 0 -1
dns1.p08.nsone.net. IN A 0
msg ns-1766.awsdns-28.co.uk. IN AAAA 32896 1 78265 0 1 0 0 -1
ns-1766.awsdns-28.co.uk. IN AAAA 0
msg ns4.apnic.net. IN AAAA 32896 1 76082 0 1 0 0 -1
ns4.apnic.net. IN AAAA 0
msg ns-2042.awsdns-63.co.uk. IN A 32896 1 83452 0 1 0 0 -1
ns-2042.awsdns-63.co.uk. IN A 0
msg ns-1131.awsdns-13.org. IN AAAA 32896 1 83388 0 1 0 0 -1
ns-1131.awsdns-13.org. IN AAAA 0
msg ssdns-tld.nic.cl. IN AAAA 32896 1 32881 0 1 0 0 -1
ssdns-tld.nic.cl. IN AAAA 0
msg secondary004.dtag.net. IN AAAA 32896 1 76034 0 1 0 0 -1
secondary004.dtag.net. IN AAAA 0
msg pdns109.ultradns.com. IN AAAA 32896 1 76526 0 1 0 0 -1
pdns109.ultradns.com. IN AAAA 0
msg dns2.p08.nsone.net. IN AAAA 32896 1 78264 0 1 0 0 -1
dns2.p08.nsone.net. IN AAAA 0
msg ns02.brandshelter.net. IN A 32896 1 18926 0 1 0 0 -1
ns02.brandshelter.net. IN A 0
msg helium.ns.hetzner.de. IN A 32896 1 20 0 1 0 0 -1
helium.ns.hetzner.de. IN A 0
msg ns-1065.awsdns-05.org. IN AAAA 32896 1 83564 0 1 0 0 -1
ns-1065.awsdns-05.org. IN AAAA 0
msg terry.ns.cloudflare.com. IN AAAA 32896 1 78477 0 1 0 0 -1
terry.ns.cloudflare.com. IN AAAA 0
msg ns-1800.awsdns-33.co.uk. IN A 32896 1 76668 0 1 0 0 -1
ns-1800.awsdns-33.co.uk. IN A 0
msg dns4.p02.nsone.net. IN AAAA 32896 1 78265 0 1 0 0 -1
dns4.p02.nsone.net. IN AAAA 0
msg ns-609.awsdns-12.net. IN AAAA 32896 1 78526 0 1 0 0 -1
ns-609.awsdns-12.net. IN AAAA 0
msg 7.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. IN DNSKEY 33152 1 2837 5 1 0 0 -1
7.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. IN DNSKEY 0
msg ns-805.awsdns-36.net. IN AAAA 32896 1 83564 0 1 0 0 -1
ns-805.awsdns-36.net. IN AAAA 0
msg ns-1518.awsdns-61.org. IN A 32896 1 77048 0 1 0 0 -1
ns-1518.awsdns-61.org. IN A 0
msg ns-1887.awsdns-43.co.uk. IN A 32896 1 76526 0 1 0 0 -1
ns-1887.awsdns-43.co.uk. IN A 0
msg dns2.p07.nsone.net. IN AAAA 32896 1 83388 0 1 0 0 -1
dns2.p07.nsone.net. IN AAAA 0
msg ns-557.awsdns-05.net. IN A 32896 1 76526 0 1 0 0 -1
ns-557.awsdns-05.net. IN A 0
msg ns-1554.awsdns-02.co.uk. IN AAAA 32896 1 76553 0 1 0 0 -1
ns-1554.awsdns-02.co.uk. IN AAAA 0
msg ns-1084.awsdns-07.org. IN AAAA 32896 1 76523 0 1 0 0 -1
ns-1084.awsdns-07.org. IN AAAA 0
msg ns-cloud-a2.googledomains.com. IN A 32896 1 76523 0 1 0 0 -1
ns-cloud-a2.googledomains.com. IN A 0
msg ns-557.awsdns-05.net. IN AAAA 32896 1 76526 0 1 0 0 -1
ns-557.awsdns-05.net. IN AAAA 0
msg ns.hetzner.de. IN A 32896 1 20 0 0 1 0 -1
hetzner.de. IN SOA 4
msg ns-1484.awsdns-57.org. IN A 32896 1 78526 0 1 0 0 -1
ns-1484.awsdns-57.org. IN A 0
msg a22-66.akam.net. IN A 32896 1 76526 0 1 0 0 -1
a22-66.akam.net. IN A 0
msg ns03.oblookup.com. IN AAAA 32896 1 588 0 0 1 0 -1
oblookup.com. IN SOA 4
msg ns-1283.awsdns-32.org. IN AAAA 32896 1 78264 0 1 0 0 -1
ns-1283.awsdns-32.org. IN AAAA 0
msg ns-1986.awsdns-56.co.uk. IN A 32896 1 76523 0 1 0 0 -1
ns-1986.awsdns-56.co.uk. IN A 0
msg sdn-global-cdn.3qsdn.com. IN HTTPS 32896 1 584 0 0 1 0 -1
3qsdn.com. IN SOA 4
msg pns.dtag.de. IN A 32896 1 75197 0 1 0 0 -1
pns.dtag.de. IN A 0
msg ns-cloud-b4.googledomains.com. IN A 32896 1 76523 0 1 0 0 -1
ns-cloud-b4.googledomains.com. IN A 0
msg ns-1065.awsdns-05.org. IN A 32896 1 83564 0 1 0 0 -1
ns-1065.awsdns-05.org. IN A 0
msg ns-1782.awsdns-30.co.uk. IN A 32896 1 83564 0 1 0 0 -1
ns-1782.awsdns-30.co.uk. IN A 0
msg ac.duckduckgo.com. IN AAAA 32896 1 581 2 1 1 0 5
ac.duckduckgo.com. IN CNAME 0
duckduckgo.com. IN SOA 4
msg nssui.comlaude.ch. IN AAAA 32896 1 76668 0 1 0 0 -1
nssui.comlaude.ch. IN AAAA 0
msg ns-1507.awsdns-60.org. IN AAAA 32896 1 76524 0 1 0 0 -1
ns-1507.awsdns-60.org. IN AAAA 0
msg intra.nausch.org. IN DNSKEY 33152 1 2600 5 1 0 0 -1
intra.nausch.org. IN DNSKEY 0
msg terry.ns.cloudflare.com. IN A 32896 1 78477 0 1 0 0 -1
terry.ns.cloudflare.com. IN A 0
msg ns-666.awsdns-19.net. IN AAAA 32896 1 76552 0 1 0 0 -1
ns-666.awsdns-19.net. IN AAAA 0
msg pdns109.ultradns.org. IN AAAA 32896 1 76526 0 1 0 0 -1
pdns109.ultradns.org. IN AAAA 0
msg ns-cloud-c4.googledomains.com. IN AAAA 32896 1 76523 0 1 0 0 -1
ns-cloud-c4.googledomains.com. IN AAAA 0
msg ns-1554.awsdns-02.co.uk. IN A 32896 1 76553 0 1 0 0 -1
ns-1554.awsdns-02.co.uk. IN A 0
msg ns-163.awsdns-20.com. IN AAAA 32896 1 83452 0 1 0 0 -1
ns-163.awsdns-20.com. IN AAAA 0
msg ns-cloud-c1.googledomains.com. IN AAAA 32896 1 76523 0 1 0 0 -1
ns-cloud-c1.googledomains.com. IN AAAA 0
msg ns-940.awsdns-53.net. IN A 32896 1 76658 0 1 0 0 -1
ns-940.awsdns-53.net. IN A 0
msg 0.1.1.0.0.0.0.0.0.0.0.0.0.1.0.0.3.0.6.7.d.0.e.0.a.0.0.0.3.0.0.2.ip6.arpa. IN PTR 32896 1 75197 2 1 0 0 5
0.1.1.0.0.0.0.0.0.0.0.0.0.1.0.0.3.0.6.7.d.0.e.0.a.0.0.0.3.0.0.2.ip6.arpa. IN PTR 0
msg a.icann-servers.net. IN A 32896 1 18924 0 1 0 0 -1
a.icann-servers.net. IN A 0
msg ns-cloud-d3.googledomains.com. IN AAAA 32896 1 76523 0 1 0 0 -1
ns-cloud-d3.googledomains.com. IN AAAA 0
msg ns-2043.awsdns-63.co.uk. IN AAAA 32896 1 83564 0 1 0 0 -1
ns-2043.awsdns-63.co.uk. IN AAAA 0
msg self.adblockultimate.net. IN HTTPS 32896 1 150 2 0 1 0 5
adblockultimate.net. IN SOA 4
msg pns.dtag.de. IN AAAA 32896 1 75197 0 1 0 0 -1
pns.dtag.de. IN AAAA 0
msg dns1.cscdns.net. IN AAAA 32896 1 4669 0 1 0 0 -1
dns1.cscdns.net. IN AAAA 0
msg dns2.p08.nsone.net. IN A 32896 1 78264 0 1 0 0 -1
dns2.p08.nsone.net. IN A 0
msg ns-1108.awsdns-10.org. IN AAAA 32896 1 76552 0 1 0 0 -1
ns-1108.awsdns-10.org. IN AAAA 0
msg ns-1605.awsdns-08.co.uk. IN AAAA 32896 1 77048 0 1 0 0 -1
ns-1605.awsdns-08.co.uk. IN AAAA 0
msg ns-1537.awsdns-00.co.uk. IN A 32896 1 76524 0 1 0 0 -1
ns-1537.awsdns-00.co.uk. IN A 0
msg duckduckgo.com. IN AAAA 32896 1 581 0 0 1 0 -1
duckduckgo.com. IN SOA 4
msg ns-1441.awsdns-52.org. IN AAAA 32896 1 77957 0 1 0 0 -1
ns-1441.awsdns-52.org. IN AAAA 0
msg dualstack.awsglobalaccelerator.com. IN A 32899 1 306 2 0 1 0 5
awsglobalaccelerator.com. IN SOA 4
msg ns.dns.br. IN AAAA 32896 1 76082 0 1 0 0 -1
ns.dns.br. IN AAAA 0
msg ns-cloud-a3.googledomains.com. IN AAAA 32896 1 76523 0 1 0 0 -1
ns-cloud-a3.googledomains.com. IN AAAA 0
msg ns-1627.awsdns-11.co.uk. IN AAAA 32896 1 76522 0 1 0 0 -1
ns-1627.awsdns-11.co.uk. IN AAAA 0
msg mina.ns.cloudflare.com. IN A 32896 1 78477 0 1 0 0 -1
mina.ns.cloudflare.com. IN A 0
msg ns-1131.awsdns-13.org. IN A 32896 1 83388 0 1 0 0 -1
ns-1131.awsdns-13.org. IN A 0
msg ns-972.awsdns-57.net. IN AAAA 32896 1 76522 0 1 0 0 -1
ns-972.awsdns-57.net. IN AAAA 0
msg ns-1682.awsdns-18.co.uk. IN AAAA 32896 1 83452 0 1 0 0 -1
ns-1682.awsdns-18.co.uk. IN AAAA 0
msg ns-562.awsdns-06.net. IN A 32896 1 83564 0 1 0 0 -1
ns-562.awsdns-06.net. IN A 0
msg ns-120.awsdns-15.com. IN AAAA 32896 1 76553 0 1 0 0 -1
ns-120.awsdns-15.com. IN AAAA 0
msg ns4.3qsdn.net. IN A 32896 1 584 0 1 0 0 -1
ns4.3qsdn.net. IN A 0
msg anycast.regdns2.net. IN A 32896 1 83382 0 1 0 0 -1
anycast.regdns2.net. IN A 0
msg dayana.ns.cloudflare.com. IN AAAA 32896 1 76608 0 1 0 0 -1
dayana.ns.cloudflare.com. IN AAAA 0
msg www.google.de. IN HTTPS 32896 1 76597 2 1 0 0 5
www.google.de. IN HTTPS 0
msg ns-1260.awsdns-29.org. IN A 32896 1 76523 0 1 0 0 -1
ns-1260.awsdns-29.org. IN A 0
msg b.ns.facebook.com. IN AAAA 32896 1 76596 0 1 0 0 -1
b.ns.facebook.com. IN AAAA 0
msg zita.ns.cloudflare.com. IN AAAA 32896 1 78477 0 1 0 0 -1
zita.ns.cloudflare.com. IN AAAA 0
msg ns-132.awsdns-16.com. IN A 32896 1 77957 0 1 0 0 -1
ns-132.awsdns-16.com. IN A 0
msg a12-64.akam.net. IN A 32896 1 76526 0 1 0 0 -1
a12-64.akam.net. IN A 0
msg ns-1625.awsdns-11.co.uk. IN AAAA 32896 1 76553 0 1 0 0 -1
ns-1625.awsdns-11.co.uk. IN AAAA 0
msg ns-1782.awsdns-30.co.uk. IN AAAA 32896 1 83564 0 1 0 0 -1
ns-1782.awsdns-30.co.uk. IN AAAA 0
msg ns-cloud-e2.googledomains.com. IN A 32896 1 76523 0 1 0 0 -1
ns-cloud-e2.googledomains.com. IN A 0
msg ns-519.awsdns-00.net. IN A 32896 1 76553 0 1 0 0 -1
ns-519.awsdns-00.net. IN A 0
msg ns-1528.awsdns-63.org. IN AAAA 32896 1 76668 0 1 0 0 -1
ns-1528.awsdns-63.org. IN AAAA 0
msg dns4.p08.nsone.net. IN AAAA 32896 1 78264 0 1 0 0 -1
dns4.p08.nsone.net. IN AAAA 0
msg zita.ns.cloudflare.com. IN A 32896 1 78477 0 1 0 0 -1
zita.ns.cloudflare.com. IN A 0
msg ns0.leaseweb.com. IN AAAA 32896 1 76295 0 1 0 0 -1
ns0.leaseweb.com. IN AAAA 0
msg wetterstation-pliening.info. IN DNSKEY 33152 1 2724 5 1 0 0 -1
wetterstation-pliening.info. IN DNSKEY 0
msg ns-1260.awsdns-29.org. IN AAAA 32896 1 76523 0 1 0 0 -1
ns-1260.awsdns-29.org. IN AAAA 0
msg ns-166.awsdns-20.com. IN AAAA 32896 1 76522 0 1 0 0 -1
ns-166.awsdns-20.com. IN AAAA 0
msg ns-cloud-d3.googledomains.com. IN A 32896 1 76523 0 1 0 0 -1
ns-cloud-d3.googledomains.com. IN A 0
msg ns-2014.awsdns-59.co.uk. IN AAAA 32896 1 78579 0 1 0 0 -1
ns-2014.awsdns-59.co.uk. IN AAAA 0
msg gabe.ns.cloudflare.com. IN A 32896 1 76620 0 1 0 0 -1
gabe.ns.cloudflare.com. IN A 0
msg ns1.3qsdn.net. IN AAAA 32896 1 584 0 1 0 0 -1
ns1.3qsdn.net. IN AAAA 0
msg udns1.cscudns.com. IN AAAA 32896 1 4669 0 1 0 0 -1
udns1.cscudns.com. IN AAAA 0
msg ns-679.awsdns-20.net. IN AAAA 32896 1 76522 0 1 0 0 -1
ns-679.awsdns-20.net. IN AAAA 0
msg ns4.infonline.de. IN AAAA 32896 1 583 0 0 2 0 -1
infonline.de. IN SOA 4
19a9at3jdr75makmf56tif1rsomh7938.infonline.de. IN NSEC3 0
msg ns7-66.akam.net. IN A 32896 1 76521 0 1 0 0 -1
ns7-66.akam.net. IN A 0
msg ns-571.awsdns-07.net. IN A 32896 1 76551 0 1 0 0 -1
ns-571.awsdns-07.net. IN A 0
msg ns-418.awsdns-52.com. IN A 32896 1 76552 0 1 0 0 -1
ns-418.awsdns-52.com. IN A 0
msg a5-67.akam.net. IN A 32896 1 76526 0 1 0 0 -1
a5-67.akam.net. IN A 0
msg ns-704.awsdns-24.net. IN AAAA 32896 1 77048 0 1 0 0 -1
ns-704.awsdns-24.net. IN AAAA 0
msg ns1.3qsdn.net. IN A 32896 1 584 0 1 0 0 -1
ns1.3qsdn.net. IN A 0
msg a22-66.akam.net. IN AAAA 32896 1 76526 0 1 0 0 -1
a22-66.akam.net. IN AAAA 0
msg ns02.brandshelter.net. IN AAAA 32896 1 18926 0 1 0 0 -1
ns02.brandshelter.net. IN AAAA 0
msg ns-cloud-c1.googledomains.com. IN A 32896 1 76523 0 1 0 0 -1
ns-cloud-c1.googledomains.com. IN A 0
msg elinore.ns.cloudflare.com. IN AAAA 32896 1 76620 0 1 0 0 -1
elinore.ns.cloudflare.com. IN AAAA 0
msg d.ns.facebook.com. IN A 32896 1 76596 0 1 0 0 -1
d.ns.facebook.com. IN A 0
msg dns2.p05.nsone.net. IN AAAA 32896 1 77066 0 1 0 0 -1
dns2.p05.nsone.net. IN AAAA 0
msg ns-862.awsdns-43.net. IN A 32896 1 83564 0 1 0 0 -1
ns-862.awsdns-43.net. IN A 0
msg a.lactld.org. IN A 32896 1 76081 0 1 0 0 -1
a.lactld.org. IN A 0
msg ns-1295.awsdns-33.org. IN AAAA 32896 1 76553 0 1 0 0 -1
ns-1295.awsdns-33.org. IN AAAA 0
msg ns-1605.awsdns-08.co.uk. IN A 32896 1 77048 0 1 0 0 -1
ns-1605.awsdns-08.co.uk. IN A 0
msg dns1.equant.net. IN A 32896 1 76668 0 1 0 0 -1
dns1.equant.net. IN A 0
msg ns-614.awsdns-12.net. IN AAAA 32896 1 76523 0 1 0 0 -1
ns-614.awsdns-12.net. IN AAAA 0
msg ns-1283.awsdns-32.org. IN A 32896 1 78264 0 1 0 0 -1
ns-1283.awsdns-32.org. IN A 0
msg 2.17.172.in-addr.arpa. IN DNSKEY 33152 1 770 5 1 0 0 -1
2.17.172.in-addr.arpa. IN DNSKEY 0
msg blue.foundationdns.net. IN A 32896 1 76249 0 1 0 0 -1
blue.foundationdns.net. IN A 0
msg elinore.ns.cloudflare.com. IN A 32896 1 76620 0 1 0 0 -1
elinore.ns.cloudflare.com. IN A 0
msg b.icann-servers.net. IN AAAA 32896 1 18924 0 1 0 0 -1
b.icann-servers.net. IN AAAA 0
msg www.merkur.de. IN AAAA 32896 1 582 2 0 1 0 5
merkur.de. IN SOA 4
msg ns-458.awsdns-57.com. IN A 32896 1 83564 0 1 0 0 -1
ns-458.awsdns-57.com. IN A 0
msg blue.foundationdns.net. IN AAAA 32896 1 76249 0 1 0 0 -1
blue.foundationdns.net. IN AAAA 0
msg ns-834.awsdns-40.net. IN A 32896 1 78579 0 1 0 0 -1
ns-834.awsdns-40.net. IN A 0
msg ns-1597.awsdns-07.co.uk. IN A 32896 1 76552 0 1 0 0 -1
ns-1597.awsdns-07.co.uk. IN A 0
msg d.ns.facebook.com. IN AAAA 32896 1 76597 0 1 0 0 -1
d.ns.facebook.com. IN AAAA 0
msg ns-1229.awsdns-25.org. IN A 32896 1 83564 0 1 0 0 -1
ns-1229.awsdns-25.org. IN A 0
msg ns-1918.awsdns-47.co.uk. IN AAAA 32896 1 76552 0 1 0 0 -1
ns-1918.awsdns-47.co.uk. IN AAAA 0
msg ns-120.awsdns-15.com. IN A 32896 1 76553 0 1 0 0 -1
ns-120.awsdns-15.com. IN A 0
msg ns-1655.awsdns-14.co.uk. IN A 32896 1 76521 0 1 0 0 -1
ns-1655.awsdns-14.co.uk. IN A 0
msg gabe.ns.cloudflare.com. IN AAAA 32896 1 76620 0 1 0 0 -1
gabe.ns.cloudflare.com. IN AAAA 0
msg oxygen.ns.hetzner.com. IN AAAA 32896 1 3620 0 1 0 0 -1
oxygen.ns.hetzner.com. IN AAAA 0
msg . IN NS 32896 1 75197 0 1 0 26 -1
. IN NS 0
l.root-servers.net. IN A 0
l.root-servers.net. IN AAAA 0
j.root-servers.net. IN A 0
j.root-servers.net. IN AAAA 0
f.root-servers.net. IN A 0
f.root-servers.net. IN AAAA 0
h.root-servers.net. IN A 0
h.root-servers.net. IN AAAA 0
d.root-servers.net. IN A 0
d.root-servers.net. IN AAAA 0
b.root-servers.net. IN A 0
b.root-servers.net. IN AAAA 0
k.root-servers.net. IN A 0
k.root-servers.net. IN AAAA 0
i.root-servers.net. IN A 0
i.root-servers.net. IN AAAA 0
m.root-servers.net. IN A 0
m.root-servers.net. IN AAAA 0
e.root-servers.net. IN A 0
e.root-servers.net. IN AAAA 0
g.root-servers.net. IN A 0
g.root-servers.net. IN AAAA 0
c.root-servers.net. IN A 0
c.root-servers.net. IN AAAA 0
a.root-servers.net. IN A 0
a.root-servers.net. IN AAAA 0
msg ns-cloud-b3.googledomains.com. IN AAAA 32896 1 76523 0 1 0 0 -1
ns-cloud-b3.googledomains.com. IN AAAA 0
msg ns-cloud-d4.googledomains.com. IN AAAA 32896 1 76523 0 1 0 0 -1
ns-cloud-d4.googledomains.com. IN AAAA 0
msg a5-67.akam.net. IN AAAA 32896 1 76526 0 1 0 0 -1
a5-67.akam.net. IN AAAA 0
msg ns-132.awsdns-16.com. IN AAAA 32896 1 77957 0 1 0 0 -1
ns-132.awsdns-16.com. IN AAAA 0
msg ns-805.awsdns-36.net. IN A 32896 1 83564 0 1 0 0 -1
ns-805.awsdns-36.net. IN A 0
msg ns-421.awsdns-52.com. IN AAAA 32896 1 78264 0 1 0 0 -1
ns-421.awsdns-52.com. IN AAAA 0
msg ns-1627.awsdns-11.co.uk. IN A 32896 1 76522 0 1 0 0 -1
ns-1627.awsdns-11.co.uk. IN A 0
msg a3-66.akam.net. IN AAAA 32896 1 76034 0 1 0 0 -1
a3-66.akam.net. IN AAAA 0
msg ns-27.awsdns-03.com. IN AAAA 32896 1 83564 0 1 0 0 -1
ns-27.awsdns-03.com. IN AAAA 0
msg ns-cloud-b1.googledomains.com. IN A 32896 1 76523 0 1 0 0 -1
ns-cloud-b1.googledomains.com. IN A 0
msg ns-1543.awsdns-00.co.uk. IN A 32896 1 76553 0 1 0 0 -1
ns-1543.awsdns-00.co.uk. IN A 0
msg ns-453.awsdns-56.com. IN AAAA 32896 1 76597 0 1 0 0 -1
ns-453.awsdns-56.com. IN AAAA 0
msg ns3.infonline.de. IN A 32896 1 83383 0 1 0 0 -1
ns3.infonline.de. IN A 0
msg ns-1198.awsdns-21.org. IN AAAA 32896 1 76668 0 1 0 0 -1
ns-1198.awsdns-21.org. IN AAAA 0
msg ns-629.awsdns-14.net. IN A 32896 1 76526 0 1 0 0 -1
ns-629.awsdns-14.net. IN A 0
msg nick.ns.cloudflare.com. IN AAAA 32896 1 77882 0 1 0 0 -1
nick.ns.cloudflare.com. IN AAAA 0
msg ns-904.awsdns-49.net. IN A 32896 1 76526 0 1 0 0 -1
ns-904.awsdns-49.net. IN A 0
msg ns-1321.awsdns-37.org. IN AAAA 32896 1 83564 0 1 0 0 -1
ns-1321.awsdns-37.org. IN AAAA 0
msg ns-273.awsdns-34.com. IN A 32896 1 76526 0 1 0 0 -1
ns-273.awsdns-34.com. IN A 0
msg red.foundationdns.com. IN A 32896 1 76249 0 1 0 0 -1
red.foundationdns.com. IN A 0
msg ns-221.awsdns-27.com. IN AAAA 32896 1 76553 0 1 0 0 -1
ns-221.awsdns-27.com. IN AAAA 0
msg ns-1441.awsdns-52.org. IN A 32896 1 77957 0 1 0 0 -1
ns-1441.awsdns-52.org. IN A 0
msg ns-178.awsdns-22.com. IN A 32896 1 76523 0 1 0 0 -1
ns-178.awsdns-22.com. IN A 0
msg ns-1029.awsdns-00.org. IN A 32896 1 76526 0 1 0 0 -1
ns-1029.awsdns-00.org. IN A 0
msg dns3.p05.nsone.net. IN A 32896 1 77067 0 1 0 0 -1
dns3.p05.nsone.net. IN A 0
msg ns-1707.awsdns-21.co.uk. IN A 32896 1 78361 0 1 0 0 -1
ns-1707.awsdns-21.co.uk. IN A 0
msg ns-627.awsdns-14.net. IN A 32896 1 76668 0 1 0 0 -1
ns-627.awsdns-14.net. IN A 0
msg oxygen.ns.hetzner.com. IN A 32896 1 3620 0 1 0 0 -1
oxygen.ns.hetzner.com. IN A 0
msg ns-363.awsdns-45.com. IN A 32896 1 78579 0 1 0 0 -1
ns-363.awsdns-45.com. IN A 0
msg ns-953.awsdns-55.net. IN A 32896 1 83388 0 1 0 0 -1
ns-953.awsdns-55.net. IN A 0
msg ns-453.awsdns-56.com. IN A 32896 1 76596 0 1 0 0 -1
ns-453.awsdns-56.com. IN A 0
msg ns1-174.akam.net. IN AAAA 32896 1 76526 0 1 0 0 -1
ns1-174.akam.net. IN AAAA 0
msg ns-cloud-d1.googledomains.com. IN AAAA 32896 1 76523 0 1 0 0 -1
ns-cloud-d1.googledomains.com. IN AAAA 0
msg dns.dns4.de. IN AAAA 32896 1 83383 0 1 0 0 -1
dns.dns4.de. IN AAAA 0
msg ns-940.awsdns-53.net. IN AAAA 32896 1 76658 0 1 0 0 -1
ns-940.awsdns-53.net. IN AAAA 0
msg nic.cl. IN A 32896 1 32881 0 1 0 0 -1
nic.cl. IN A 0
msg dns2.cscdns.net. IN A 32896 1 19069 0 1 0 0 -1
dns2.cscdns.net. IN A 0
msg ns-cloud-b4.googledomains.com. IN AAAA 32896 1 76523 0 1 0 0 -1
ns-cloud-b4.googledomains.com. IN AAAA 0
msg ns-1444.awsdns-52.org. IN AAAA 32896 1 76552 0 1 0 0 -1
ns-1444.awsdns-52.org. IN AAAA 0
msg ns-634.awsdns-15.net. IN AAAA 32896 1 83452 0 1 0 0 -1
ns-634.awsdns-15.net. IN AAAA 0
msg ebersberger-liedersammlung.de. IN DNSKEY 33152 1 724 5 1 0 0 -1
ebersberger-liedersammlung.de. IN DNSKEY 0
msg udns2.cscudns.org. IN A 32896 1 4669 0 1 0 0 -1
udns2.cscudns.org. IN A 0
msg ns-1867.awsdns-41.co.uk. IN A 32896 1 78265 0 1 0 0 -1
ns-1867.awsdns-41.co.uk. IN A 0
msg dns2.cscdns.net. IN AAAA 32896 1 4669 0 1 0 0 -1
dns2.cscdns.net. IN AAAA 0
msg tagesschau.de. IN A 32896 1 76526 2 1 0 0 5
tagesschau.de. IN A 0
msg ns-62.awsdns-07.com. IN AAAA 32896 1 83530 0 1 0 0 -1
ns-62.awsdns-07.com. IN AAAA 0
msg blue.foundationdns.com. IN A 32896 1 76249 0 1 0 0 -1
blue.foundationdns.com. IN A 0
msg dns4.p05.nsone.net. IN AAAA 32896 1 77067 0 1 0 0 -1
dns4.p05.nsone.net. IN AAAA 0
msg ns-1949.awsdns-51.co.uk. IN AAAA 32896 1 78526 0 1 0 0 -1
ns-1949.awsdns-51.co.uk. IN AAAA 0
msg ns-1178.awsdns-19.org. IN AAAA 32896 1 76658 0 1 0 0 -1
ns-1178.awsdns-19.org. IN AAAA 0
msg ns-634.awsdns-15.net. IN A 32896 1 83452 0 1 0 0 -1
ns-634.awsdns-15.net. IN A 0
msg ssdns-tld.nic.cl. IN A 32896 1 32881 0 1 0 0 -1
ssdns-tld.nic.cl. IN A 0
msg ns-1111.awsdns-10.org. IN A 32896 1 76526 0 1 0 0 -1
ns-1111.awsdns-10.org. IN A 0
msg ns-972.awsdns-57.net. IN A 32896 1 76522 0 1 0 0 -1
ns-972.awsdns-57.net. IN A 0
msg ns-904.awsdns-49.net. IN AAAA 32896 1 76526 0 1 0 0 -1
ns-904.awsdns-49.net. IN AAAA 0
msg ns-166.awsdns-20.com. IN A 32896 1 76522 0 1 0 0 -1
ns-166.awsdns-20.com. IN A 0
msg ns4.infonline.de. IN A 32896 1 83383 0 1 0 0 -1
ns4.infonline.de. IN A 0
msg ns-1543.awsdns-00.co.uk. IN AAAA 32896 1 76553 0 1 0 0 -1
ns-1543.awsdns-00.co.uk. IN AAAA 0
msg dns2.p02.nsone.net. IN AAAA 32896 1 78265 0 1 0 0 -1
dns2.p02.nsone.net. IN AAAA 0
msg mina.ns.cloudflare.com. IN AAAA 32896 1 78477 0 1 0 0 -1
mina.ns.cloudflare.com. IN AAAA 0
msg ns-1029.awsdns-00.org. IN AAAA 32896 1 76526 0 1 0 0 -1
ns-1029.awsdns-00.org. IN AAAA 0
msg self.adblockultimate.net. IN A 32896 1 119 2 1 0 0 5
self.adblockultimate.net. IN A 0
msg dns1.p07.nsone.net. IN AAAA 32896 1 83389 0 1 0 0 -1
dns1.p07.nsone.net. IN AAAA 0
msg nsgbr.comlaude.co.uk. IN A 32896 1 76668 0 1 0 0 -1
nsgbr.comlaude.co.uk. IN A 0
msg anycast.regdns2.net. IN AAAA 32896 1 83382 0 1 0 0 -1
anycast.regdns2.net. IN AAAA 0
msg ns1.leaseweb.com. IN A 32896 1 76295 0 1 0 0 -1
ns1.leaseweb.com. IN A 0
msg ns-cloud-b2.googledomains.com. IN A 32896 1 76523 0 1 0 0 -1
ns-cloud-b2.googledomains.com. IN A 0
msg ns.infonline.de. IN AAAA 32896 1 583 0 0 2 0 -1
infonline.de. IN SOA 4
ska8epadl6shk4d85btn80qtlkfu31f8.infonline.de. IN NSEC3 0
msg _ta-8856.10.0.10.in-addr.arpa. IN NULL 33155 1 12 0 0 4 0 -1
10.0.10.in-addr.arpa. IN SOA 4
KVRPIN1BS6J8B01AJ3TKKS67DNT4S6DQ.10.0.10.in-addr.arpa. IN NSEC3 0
JQTCQL1K0Q88EKDVK0UI2SUEOG86R9IE.10.0.10.in-addr.arpa. IN NSEC3 0
7I7SDV2KE4UI8UIOF7UMV2NQ9ORQ82MH.10.0.10.in-addr.arpa. IN NSEC3 0
msg ns-418.awsdns-52.com. IN AAAA 32896 1 76552 0 1 0 0 -1
ns-418.awsdns-52.com. IN AAAA 0
msg merkur.de. IN HTTPS 32896 1 582 2 0 1 0 5
merkur.de. IN SOA 4
msg ns-1630.awsdns-11.co.uk. IN A 32896 1 83564 0 1 0 0 -1
ns-1630.awsdns-11.co.uk. IN A 0
msg ns-1741.awsdns-25.co.uk. IN AAAA 32896 1 76526 0 1 0 0 -1
ns-1741.awsdns-25.co.uk. IN AAAA 0
msg kia.ns.cloudflare.com. IN A 32896 1 77882 0 1 0 0 -1
kia.ns.cloudflare.com. IN A 0
msg ns-2043.awsdns-63.co.uk. IN A 32896 1 83564 0 1 0 0 -1
ns-2043.awsdns-63.co.uk. IN A 0
msg ns1-240.akam.net. IN A 32896 1 76521 0 1 0 0 -1
ns1-240.akam.net. IN A 0
msg ns-865.awsdns-44.net. IN AAAA 32896 1 76523 0 1 0 0 -1
ns-865.awsdns-44.net. IN AAAA 0
msg ns-1521.awsdns-62.org. IN AAAA 32896 1 76597 0 1 0 0 -1
ns-1521.awsdns-62.org. IN AAAA 0
msg red.foundationdns.org. IN AAAA 32896 1 76249 0 1 0 0 -1
red.foundationdns.org. IN AAAA 0
msg ns-1433.awsdns-51.org. IN A 32896 1 83564 0 1 0 0 -1
ns-1433.awsdns-51.org. IN A 0
msg pagead2.googlesyndication.com. IN HTTPS 32896 1 76597 2 1 0 0 5
pagead2.googlesyndication.com. IN HTTPS 0
msg ns-1294.awsdns-33.org. IN AAAA 32896 1 76553 0 1 0 0 -1
ns-1294.awsdns-33.org. IN AAAA 0
END_MSG_CACHE
EOF
Eine aktuelle Statistik des Resolvers erhalten wir beim Aufruf mit der Option stats_noreset.
# unbound-control stats_noreset
Mögliche Ausgabe des Befehlsaufrufes unbound-control stats_noreset
thread0.num.queries=1342 thread0.num.queries_ip_ratelimited=0 thread0.num.queries_cookie_valid=0 thread0.num.queries_cookie_client=0 thread0.num.queries_cookie_invalid=0 thread0.num.queries_discard_timeout=0 thread0.num.queries_wait_limit=0 thread0.num.cachehits=773 thread0.num.cachemiss=569 thread0.num.prefetch=0 thread0.num.queries_timed_out=0 thread0.query.queue_time_us.max=0 thread0.num.expired=0 thread0.num.recursivereplies=569 thread0.num.dnscrypt.crypted=0 thread0.num.dnscrypt.cert=0 thread0.num.dnscrypt.cleartext=0 thread0.num.dnscrypt.malformed=0 thread0.num.dns_error_reports=0 thread0.requestlist.avg=2.58172 thread0.requestlist.max=31 thread0.requestlist.overwritten=0 thread0.requestlist.exceeded=0 thread0.requestlist.current.all=0 thread0.requestlist.current.user=0 thread0.recursion.time.avg=0.080876 thread0.recursion.time.median=0.0448779 thread0.tcpusage=0 total.num.queries=1342 total.num.queries_ip_ratelimited=0 total.num.queries_cookie_valid=0 total.num.queries_cookie_client=0 total.num.queries_cookie_invalid=0 total.num.queries_discard_timeout=0 total.num.queries_wait_limit=0 total.num.cachehits=773 total.num.cachemiss=569 total.num.prefetch=0 total.num.queries_timed_out=0 total.query.queue_time_us.max=0 total.num.expired=0 total.num.recursivereplies=569 total.num.dnscrypt.crypted=0 total.num.dnscrypt.cert=0 total.num.dnscrypt.cleartext=0 total.num.dnscrypt.malformed=0 total.num.dns_error_reports=0 total.requestlist.avg=2.58172 total.requestlist.max=31 total.requestlist.overwritten=0 total.requestlist.exceeded=0 total.requestlist.current.all=0 total.requestlist.current.user=0 total.recursion.time.avg=0.080876 total.recursion.time.median=0.0448779 total.tcpusage=0 time.now=1769689128.489804 time.up=11521.946234 time.elapsed=11521.946234
Möchte man den Cache leeren und die Konfiguration neu laden so benutzt man die Option reload.
# unbound-control reload
ok
DNSSEC-Abfragen
Nun können wir auch die ersten DNS-Abfragen an unseren Resolver richten und prüfen ob wir eine signierte Antwort erhalten. Im Eingangs gezeigtem Beispiel hatten wir gesehen, daß bei einer Anfrage direkt an unseren hidden master ISC Bind zwar das aa Flag richtiger Weise gesetzt war, da dieser die Anfrage aus einer lokalen Zonendatei autoritativ beantwortet hat. Eine Überprüfung der eignen Antwort des autoritativer DNS-Server ist somit aber nicht möglich, da der Server sich selbst das nötige Vertrauen schenkt und dementsprechend das ad-Flag nicht gesetzt hat.
Wir fragen also nun unseren Resolver wer den nun der MX, also der Mailserver der Zone nausch.org ist. Dabei soll in der Antwort ersichtlich sein, daß die Antwort mit Hilfe vpn DNSSec abgesichert wurde und bei der die DNS-Vertrauenskette (Chain-of-Trust) im lokalen Netzwerk überprüfbar ist, was durch das ad-Flag in der Antwort entsprechend bestätigt wird.
# dig MX nausch.org +dnssec +multi
# dig MX nausch.org +dnssec +multi ; <<>> DiG 9.20.18 <<>> MX nausch.org +dnssec +multi ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8998 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 1232 ;; QUESTION SECTION: ;nausch.org. IN MX ;; ANSWER SECTION: nausch.org. 3445 IN MX 10 mx1.nausch.org. nausch.org. 3445 IN RRSIG MX 13 2 3600 ( 20260211124901 20260128191743 8020 nausch.org. nlh4YOYjjep8e7d+dY1AmZSFq5UzMIIYp2S1G1Ae+qcd Mxm/xVQzBWHM3BrEurQAZOmRYaPQAYwNrWrx4sxTpw== ) ;; Query time: 3 msec ;; SERVER: fd00::3:10:0:0:110#53(fd00::3:10:0:0:110) (UDP) ;; WHEN: Thu Jan 29 15:03:38 CET 2026 ;; MSG SIZE rcvd: 165
Wollen wir den zugehörigen DNSKEY des Combined Signing Key CSK einer DNS ZONE (Sub-)Domain abfragen, verwenden wir folgende Abfrage:
# dig intra.nausch.org dnskey +dnssec +multi +cd
; <<>> DiG 9.20.18 <<>> intra.nausch.org dnskey +dnssec +multi +cd ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30911 ;; flags: qr rd ra ad cd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 1232 ;; QUESTION SECTION: ;intra.nausch.org. IN DNSKEY ;; ANSWER SECTION: intra.nausch.org. 2658 IN DNSKEY 257 3 13 ( y9mFr6fcHVSxcbY58bCmUHc0X51eY4qhxyagcyMtsQtV RGUQr7xIQJ9aLYLbmstDl7yqDcIYLybd6B+9P19AzQ== ) ; KSK; alg = ECDSAP256SHA256 ; key id = 60679 intra.nausch.org. 2658 IN RRSIG DNSKEY 13 3 3600 ( 20260212075344 20260129065344 60679 intra.nausch.org. rYggAc4HUnqX+OxFUFtXy8aAZ1o+lsomAkHAYH5Svftn 4TjmqVKhe+v7FikoTICtKGAitHlmfZaFfIX/9edbMg== ) ;; Query time: 0 msec ;; SERVER: fd00::3:10:0:0:110#53(fd00::3:10:0:0:110) (UDP) ;; WHEN: Thu Jan 29 15:10:37 CET 2026 ;; MSG SIZE rcvd: 237
Auch hier wird mit dem gesetzten ad-Flag angezeigt, daß die Daten authentifiziert wurden, also DNSsec gesichert übermittelt und geprüft wurden.
Orchestrierung - Installation und Konfiguration des Unbound-Resolvers mit Hilfe von Ansible
Aufgabenstellung
Wie auch schon bei der Einrichtung unseres "Hidden Master" wollen wir auch hier weder eine manuelle Installation und Konfiguration unseres Unbound-Resolver sehen noch betreiben. Setzen wir einen neue virtuellen Server unter Arch Linux neu auf, oder wollen wir bei einem bestehenden Host die Konfiguration aktualisieren, verwenden wir wie zuvor schon angeschnitten Ansible als Orchestrierungswerkzeug. So ist sichergestellt, daß all unsere Hosts entsprechend gleich aufgebaut, konfiguriert und betrieben werden, es also keine Bastel-/Frickellösung geben wird!
Lösung
Der ungeduldigen Leser kann auch direkt zur Tat schreiten und das manuelle Anlegen der Inventory-Hülle, des Playbooks und der zugehörigen Rolle überspringen und diese Aufgaben mit folgendem Befehl sozusagen auf einem Rutsch erledigen:
$ mkdir -p ~/devel/ansible ; wget https://gitlab.nausch.org/django/example_unbound/-/archive/main/example_unbound-main.tar.gz \
-O - | tar -xz --strip-components=1 -C ~/devel/ansible
Nach Anpassung der Daten im Inventory kann man anschließend direkt zur Ausführung schreiten.
Vorbereitung - (Server-)Daten im Inventory
Bei unserem Konfigurationsbeispiel hier gehen wir von folgenden Host-Parametern aus:
zone: intrahostname: vml010110
Die Konfigurationsdatei unseres inventory in unsere, Ansible-Verzeichnis beinhaltet demnach unter anderem:
$ vim inventories/production/hosts
- inventories/production/hosts
# Inventory Datei für die System-Umgebung im SOHO # # Hinweise: # - Kommentare beginnen mit einem '#'-Zeichen # - leere Zeilen werden ignoriert # - Host- und Gruppendefinitionen werden mit [] abgegrenzt # - Hosts können über ihren Hostnamen, FQN oder ihrer IP-Adresse definiert # - übergeordnete Gruppen werden durch [:children] abgegrenzt # # Host-Definitionen # Hosts ohne Gruppenzuordnung localhost [edmz] vml000210 [idmz] vml000110 [intra] pml010068 vml010110 # Host-Gruppen-Definitionen # (zu welcher Gruppe gehören Untergruppen bzw. Hosts) [linux:children] intra edmz idmz
Die beiden Beispiel-Hosts aus der Gruppe|Zone intra in diesem Inventory symbolisieren folgende unterschiedlichen Knoten.
- Der Host
pml010007steht exemplarisch für einen Client im Intranet. In dessen Inventory-Fileinventories/production/host_vars/pnc010007sind die ihn beschreibenden Dateien enthalten. - Der Host
vml010110ist in diesem Beispiel unser Server auf dem unser ISC Bind als hidden master läuft und auch unseren unbound-Resolver beheimaten soll. Außerdem stellt dieser Host die Verbindung zwischen der Zoneintraund der Zoneidmzherstellt. Auf diesem Konten läuft bereits ein Chrony Timeserver| wie auch eine Firewall auf Basis von firewalld der eine Zonendefinitionintrabesitzt, die die Regeln für diese Zone beinhalten. Sowohl Timeserver wie auch Firewall werden in diesem Beispiel hier nur erwähnt, da in dem Playbook bzw.genauer gesagt im Inventory darauf referenziert wird.
Wir legen uns also nun die Hostdefinitionsdatei für unsere Adminworkstation an.
$ vim inventories/production/host_vars/pml010068
inventories/production/host_vars/pnc010068
- inventories/production/host_vars/pml010068
host_beschreibung: "Admin Arbeitsplatz" host_alias: "nitro-pc" host_mac: "50:c0:8c:ba:ad:10" host_ipv4: "10.0.10.68" host_duid: "00:03:00:01:50:c0:8c:ba:ad:10:6c:cd:d6:b8:52:be" host_ipv6: "fd00:dead:b33f:0:10:0:10:68"
Als nächstes legen wir die Datei für den KVM-Host, auf dem unser Kea-Daemon laufen soll an und definieren darin die zugehörigen Eigenschaften.
$ vim inventories/production/host_vars/vml010110/kvm_vhost
inventories/production/host_vars/vml010110/kvm_vhost
- inventories/production/host_vars/vml010110/kvm_vhost
guest_nic_2: "eth1" guest_mask6_2: "/64" guest_ip6_ula_pfx_2: "fd00:dead:b33f:0::" guest_ip6_ula_2: "fd00:dead:b33f:0:10:0:10:110" guest_domain: "example.com" guest_zone_2: "intra" guest_ip4_net_2: "10.0.10.0" guest_mask4_2: "/24" guest_ip4_2: "10.0.10.110" guest_fw_services: - name: "dhcp aus intra" zone: '{{ guest_zone_2 }}' service: 'dhcp' - name: "dhcpv6 aus intra" zone: '{{ guest_zone_2 }}' service: 'dhcpv6'
Die für den Unbound-Resolver relevanten Konfigurationsparameter legen wir in der Inventory-Datei inventories/production/host_vars/vml010110/unbound ab, bzw. ergänzen diese um weitere Domains odser Netzsegmente/Zonen.
$ vim inventories/production/host_vars/vml010110/unbound
inventories/production/host_vars/vml010110/unbound
- inventories/production/host_vars/vml010110/unbound
unbound_zones: - beschreibung: 'Hauptdomain' key_name: 'example.com' unbound_interface_intra_ipv6: '' unbound_interface_intra_ipv4: '' unbound_interface_idmz_ipv6: '' unbound_interface_idmz_ipv4: '' unbound_prefer_ipv6: 'yes' unbound_interface_action_intra_ipv6: 'allow' unbound_interface_action_intra_ipv4: '{{ unbound_interface_action_intra_ipv6 }}' unbound_interface_action_idmz_ipv6: '{{ unbound_interface_action_intra_ipv6 }}' unbound_interface_action_idmz_ipv4: '{{ unbound_interface_action_intra_ipv6 }}' unbound_root_hints: '/etc/unbound/root.hints' unbound_hide_identity: 'yes' unbound_hide_version: 'yes' unbound_do_not_query_localhost: 'no' unbound_trusted_keys_file: '/etc/unbound/keys/*.key' unbound_domain_insecure_1: 'localhost.' unbound_domain_insecure_2: '1.0.0.127.in-addr.arpa.' unbound_domain_insecure_3: '1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.' unbound_local_zones: - beschreibung: 'localhost' netz: 'localhost.' aktion: 'nodefault' - beschreibung: 'localhost (IPv4)' netz: '127.in-addr.arpa.' aktion: 'nodefault' - beschreibung: 'localhost (IPv6)' netz: '{{ unbound_domain_insecure_3 }}' aktion: 'nodefault' unbound_control_enable: 'yes' unbound_control_interface_ipv6: '::1' unbound_control_interface_ipv4: '127.0.0.1' unbound_control_port: '8953' unbound_control_use_cert: 'yes' unbound_server_key_file: '/etc/unbound/unbound_server.key' unbound_server_cert_file: '/etc/unbound/unbound_server.pem' unbound_control_key_file: '/etc/unbound/unbound_control.key' unbound_control_cert_file: '/etc/unbound/unbound_control.pem'
Unser Beispiels-Inventory hat also nunmehr folgenden Aufbau:
inventories/production/
├── hosts
└── host_vars
├── pml010068
└── vml010110
├── kvm_vhost
└── unbound
3 directories, 4 files
Playbook
Unser Playbook zum Installieren und Konfigurieren des ISC Bind-Daemon ist wie immer schlank, unscheinbar und unspektakulär, beinhaltet aber Hinweise zur Aufgabe und wie es aufzurufen ist.
$ vim playbooks/bind.yml
- playbooks/unbound.yml
--- # Ansible Playbook zum Installieren und Konfigiurieren eines Unbound-Resolvers. # # Aufruf via: # $ ansible-playbook playbooks/arch_unbound.yml - name: "Playbookname: unbound.yml" # Name des Playbooks hosts: vml010110 # Host bzw. Hostgruppen für die das Playbook gelten soll roles: - role: unbound # Unbound Resolver einrichten ...
Rolle
Für die Konfiguration des Unbound-Daemon verwenden wir eine eigene Rolle unbound, die wir bei unserem zuvor angelegten Playbooks später einfach mit aufrufen werden. Hierzu kopieren wir uns zunächst die Mustervorlage common, welche wir bei der initialen Ansible-Einrichtung angelegt hatten.
$ cp -avr roles/common/ roles/unbound
Ausgabe von cp -avr roles/common/ roles/unbound
'roles/common/' -> 'roles/unbound' 'roles/common/defaults' -> 'roles/unbound/defaults' 'roles/common/defaults/.gitkeep' -> 'roles/unbound/defaults/.gitkeep' 'roles/common/files' -> 'roles/unbound/files' 'roles/common/files/.gitkeep' -> 'roles/unbound/files/.gitkeep' 'roles/common/handlers' -> 'roles/unbound/handlers' 'roles/common/handlers/.gitkeep' -> 'roles/unbound/handlers/.gitkeep' 'roles/common/library' -> 'roles/unbound/library' 'roles/common/library/.gitkeep' -> 'roles/unbound/library/.gitkeep' 'roles/common/lookup_plugins' -> 'roles/unbound/lookup_plugins' 'roles/common/lookup_plugins/.gitkeep' -> 'roles/unbound/lookup_plugins/.gitkeep' 'roles/common/meta' -> 'roles/unbound/meta' 'roles/common/meta/.gitkeep' -> 'roles/unbound/meta/.gitkeep' 'roles/common/module_utils' -> 'roles/unbound/module_utils' 'roles/common/module_utils/.gitkeep' -> 'roles/unbound/module_utils/.gitkeep' 'roles/common/tasks' -> 'roles/unbound/tasks' 'roles/common/tasks/main.yml' -> 'roles/unbound/tasks/main.yml' 'roles/common/templates' -> 'roles/unbound/templates' 'roles/common/templates/.gitkeep' -> 'roles/unbound/templates/.gitkeep' 'roles/common/vars' -> 'roles/unbound/vars' 'roles/common/vars/.gitkeep' -> 'roles/unbound/vars/.gitkeep'
Bei Bedarf können wir uns die Struktur die somit angelegt wurde mit nachfolgendem Befehl anzeigen lassen.
$ tree roles/unbound/
Ausgabe von tree roles/unbound/
roles/unbound/ ├── defaults ├── files ├── handlers ├── library ├── lookup_plugins ├── meta ├── module_utils ├── tasks ├── templates └── vars 10 directories, 0 files
Wie wir sehen ist die Rolle durchaus überschaubar, im Task main.yaml verweisen wir lediglich auf die folgenden Tasks:
install, in die die Installation des Paketes erfolgt,grundkonfig, in die die vorbereitende Installation erfolgt,keyfilename, in der wir pro definierter Zone im Inventory entsprechend die Key-Datei des ISC Bind ermiteln und in das Konfigurationsverzeichnis/etc/unbound/keyskopieren,konfig, mit deren Hilfe wir mit den Daten aus denm Inventory unseren Resolver konfgurieren werden sowiefirewalldwo wir abschließend die Konfiguration unseres nftables-basierten Paketfilters definieren.
$ vim roles/unbound/tasks/main.yml
- roles/unbound/tasks/main.yml
--- - name: "Installation des Unbound-Daemon." ansible.builtin.include_tasks: file: install.yml apply: tags: install - name: "Vorbereitende Konfiguration des Unbound-Resolvers." ansible.builtin.include_tasks: file: grundkonfig.yml apply: tags: grundkonfig - name: "Keyfilename ermitteln." ansible.builtin.include_tasks: file: keyfilename.yml apply: tags: keyfilename with_items: '{{ unbound_zones }}' - name: "Konfiguration des Unbound-Resolvers." ansible.builtin.include_tasks: file: konfig.yml apply: tags: konfig - name: "Konfiguration der firewalld-Regeln für den DNS-Resolver." ansible.builtin.include_tasks: file: firewalld.yml apply: tags: firewalld ...
Die Installation des Unbound-Resolvers-Servers wird in der ersten Task-Gruppe mit dem tag install vorgenommen.
$ vim roles/unbound/tasks/install.yml
roles/unbound/tasks/install.yml
- roles/unbound/tasks/install.yml
--- - name: "Installation der benötigten unbound Paketes." community.general.pacman: name: - unbound state: present ...
Für die vorbereitende Grundkonfiguration des Resolvers, wie im Abschnitt vorbereitende Installation erklärt, werden die nötigen Schritte in der Task-Gruppe mit dem tag grundkonfig definiert.
$ vim roles/unbound/tasks/grundkonfig.yml
roles/unbound/tasks/grundkonfig.yml
- roles/unbound/tasks/grundkonfig.yml
--- - name: "Checken ob es bereits eine Backupdatei von unbound.conf gibt." ansible.builtin.stat: path: /etc/unbound/unbound.conf.orig register: unbound_check_config - name: "Backupdatei der Konfigurationsdatei unbound.conf erstellen." ansible.builtin.copy: remote_src: true src: /etc/unbound/unbound.conf dest: /etc/unbound/unbound.conf.orig owner: root group: root mode: '0644' when: not unbound_check_config.stat.exists - name: "Checken ob unbound_control bereits initialisiert worden ist." ansible.builtin.stat: path: /etc/unbound/unbound_control.key register: unbound_check_control - name: "Zertifikate und Schlüssel für unbound_control erzeugen." ansible.builtin.command: cmd: unbound-control-setup register: unbound_control changed_when: unbound_control.rc != 0 when: not unbound_check_control.stat.exists - name: "Checken ob es bereits eine Datei /etc/unbound/root.hints." ansible.builtin.stat: path: /etc/unbound/root.hints register: unbound_check_root_hints - name: "Liste der 13 Root-Nameserver holen und ablegen." ansible.builtin.get_url: url: https://www.internic.net/domain/named.cache dest: /etc/unbound/root.hints owner: root group: root mode: '0644' when: not unbound_check_root_hints.stat.exists - name: "Systemd Unit File für Update der root.hints erzeugen." ansible.builtin.template: src: templates/root-hints.j2 dest: /etc/systemd/system/root-hints.service owner: root group: root mode: '0644' - name: "Systemd Timer für Update der root.hints erzeugen." ansible.builtin.template: src: templates/root-hints-timer.j2 dest: /etc/systemd/system/root-hints.timer owner: root group: root mode: '0644' - name: "Systemd Service root-hints.timer aktivieren." ansible.builtin.systemd_service: name: root-hints.timer enabled: true - name: "Sicherstellen dass das Verzeichnis für die Schlüssel des hidden-master existiert." ansible.builtin.file: path: /etc/unbound/keys state: directory owner: unbound group: root mode: '0770' - name: "Optimierung Netzwerk-Stack." ansible.builtin.template: src: templates/net-memory.j2 dest: /etc/sysctl.d/60-net-memory.conf owner: root group: root mode: '0640' ...
Das ermitteln der Keydateien je Zone und anschließende Kopieren aus dem Verzeichnis /var/named/keys in das Konfigurationsverzeichnis von unbound erfolgt in der Task-Gruppe mit dem tag keyfilename.
$ vim roles/unbound/tasks/keyfilename.yml
roles/unbound/tasks/keyfilename.yml
- roles/unbound/tasks/keyfilename.yml
--- - name: "Vollständigen Bind-Pfad des Schlüssels ermitteln: {{ item.key_name }}" ansible.builtin.command: cmd: find /var/named/keys/ -name K'{{ item.key_name }}'.*.key register: unbound_keypath changed_when: unbound_keypath.rc != 0 - name: "Dateiname und Pfad des Schlüssels merken: {{ item.key_name }}" ansible.builtin.set_fact: unbound_key_path: "{{ unbound_keypath.stdout }}" cacheable: true - name: "Schlüsseldatei vom ISC BIND zum Unbound kopieren: {{ item.key_name }}" ansible.builtin.copy: src: "{{ unbound_keypath.stdout }}" dest: /etc/unbound/keys/K{{ item.key_name }}.bind_key remote_src: true owner: unbound group: root mode: '0640' notify: Restart unbound ...
Anschließen muß noch der Unbound-Resolver konfiguriert werden; dies wird in der Task-Gruppe konfig erledigt.
$ vim roles/unbound/tasks/konfig.yml
roles/unbound/tasks/konfig.yml
- roles/unbound/tasks/konfig.yml
--- - name: "Individuelle Konfigurationsdatei unbound.conf erzeugen und kopieren." ansible.builtin.template: src: templates/unbound.j2 dest: /etc/unbound/unbound.conf owner: root group: root mode: '0640' notify: Restart unbound ...
Zum Schluß konfigurieren wir abschließend noch die Paketfilter-Regeln für unseren Firewall-Daemon firewalld.
$ vim roles/unbound/tasks/firewalld.yml
roles/unbound/tasks/firewalld.yml
- roles/unbound/tasks/firewalld.yml
--- - name: "Konfiguration der firewalld Regeln in Zone_1 für den Unbound-Resolver." ansible.posix.firewalld: zone: '{{ guest_zone_1 }}' service: '{{ item.service }}' immediate: true permanent: true state: enabled with_items: '{{ guest_fw_services }}' - name: "Konfiguration der firewalld Regeln in Zone_2 für den Unbound-Resolver." ansible.posix.firewalld: zone: '{{ guest_zone_2 }}' service: '{{ item.service }}' immediate: true permanent: true state: enabled with_items: '{{ guest_fw_services }}' - name: "Zum Schluss den aktuellen permanenten Regelsatz final neu laden." ansible.builtin.service: name: firewalld state: reloaded ...
Sollte bei der Abarbeitung des Playbook die Konfigurationsdatei unbound.conf bzw. bei den Key-Dateien des ISC BInd unter /var/named/keys in das entsprechende Verzeichnis des Unbound-Resolvers kopiert werden, ist natürlich hierbei ein Restart der betreffenden Unbound-Daemon notwendig. Hierzu verwenden wir die Ansible Playbook Handlers. Dieser Handler wird bei den betreffenden Tasks zur Erstellung der Unbound-Konfigurationsdatei bzw. der Keyfiles mit Hilfe eines handler-Calls aufgerufen, sofern sich die Dateien verändert hat.
Wir brauchen wir noch eine Konfiguration der Aufgaben die bei einem notify abgearbeitet werden sollen.
$ vim roles/unbound/handlers/main.yml
roles/unbound/handlers/main.yml
- roles/unbound/handlers/main.yml
--- - name: Restart unbound ansible.builtin.service: name: unbound state: restarted ...
Für die Erstellung der Konfigurationsdatei /etc/unbound.conf brauchen wir nun noch ein Jinja2 Templates.
$ vim roles/unbound/templates/unbound.j2
roles/unbound/templates/unbound.j2
- roles/unbound/templates/unbound.j2
# Ansible managed configuration file, do not modify manually! # # See unbound.conf(5) man page, version 1.24.2. # # this is a comment. # Use this anywhere in the file to include other text into this file. #include: "otherfile.conf" # Use this anywhere in the file to include other text, that explicitly starts a # clause, into this file. Text after this directive needs to start a clause. #include-toplevel: "otherfile.conf" # The server clause sets the main parameters. server: # whitespace is not necessary, but looks cleaner. # verbosity number, 0 is least verbose. 1 is default. # verbosity: 1 # print statistics to the log (for every thread) every N seconds. # Set to "" or 0 to disable. Default is disabled. # statistics-interval: 0 # enable shm for stats, default no. if you enable also enable # statistics-interval, every time it also writes stats to the # shared memory segment keyed with shm-key. # shm-enable: no # shm for stats uses this key, and key+1 for the shared mem segment. # shm-key: 11777 # enable cumulative statistics, without clearing them after printing. # statistics-cumulative: no # enable extended statistics (query types, answer codes, status) # printed from unbound-control. Default off, because of speed. # extended-statistics: no # Inhibits selected extended statistics (qtype, qclass, qopcode, rcode, # rpz-actions) from printing if their value is 0. # Default on. # statistics-inhibit-zero: yes # number of threads to create. 1 disables threading. # num-threads: 1 # specify the interfaces to answer queries from by ip-address. # The default is to listen to localhost (127.0.0.1 and ::1). # specify 0.0.0.0 and ::0 to bind to all available interfaces. # specify every interface[@port] on a new 'interface:' labelled line. # The listen interfaces are not changed on reload, only on restart. # interface: 192.0.2.153 # interface: 192.0.2.154 # interface: 192.0.2.154@5003 # interface: 2001:DB8::5 # interface: eth0@5003 interface: {{ unbound_interface_intra_ipv6 }} interface: {{ unbound_interface_intra_ipv4 }} interface: {{ unbound_interface_idmz_ipv6 }} interface: {{ unbound_interface_idmz_ipv4 }} # enable this feature to copy the source address of queries to reply. # Socket options are not supported on all platforms. experimental. # interface-automatic: no # instead of the default port, open additional ports separated by # spaces when interface-automatic is enabled, by listing them here. # interface-automatic-ports: "" # port to answer queries from # port: 53 # specify the interfaces to send outgoing queries to authoritative # server from by ip-address. If none, the default (all) interface # is used. Specify every interface on a 'outgoing-interface:' line. # outgoing-interface: 192.0.2.153 # outgoing-interface: 2001:DB8::5 # outgoing-interface: 2001:DB8::6 # Specify a netblock to use remainder 64 bits as random bits for # upstream queries. Uses freebind option (Linux). # outgoing-interface: 2001:DB8::/64 # Also (Linux:) ip -6 addr add 2001:db8::/64 dev lo # And: ip -6 route add local 2001:db8::/64 dev lo # And set prefer-ip6: yes to use the ip6 randomness from a netblock. # Set this to yes to prefer ipv6 upstream servers over ipv4. # prefer-ip6: no prefer-ip6: {{ unbound_prefer_ipv6 }} # Prefer ipv4 upstream servers, even if ipv6 is available. # prefer-ip4: no # number of ports to allocate per thread, determines the size of the # port range that can be open simultaneously. About double the # num-queries-per-thread, or, use as many as the OS will allow you. # outgoing-range: 4096 # permit Unbound to use this port number or port range for # making outgoing queries, using an outgoing interface. # outgoing-port-permit: 32768 # deny Unbound the use this of port number or port range for # making outgoing queries, using an outgoing interface. # Use this to make sure Unbound does not grab a UDP port that some # other server on this computer needs. The default is to avoid # IANA-assigned port numbers. # If multiple outgoing-port-permit and outgoing-port-avoid options # are present, they are processed in order. # outgoing-port-avoid: "3200-3208" # number of outgoing simultaneous tcp buffers to hold per thread. # outgoing-num-tcp: 10 # number of incoming simultaneous tcp buffers to hold per thread. # incoming-num-tcp: 10 # buffer size for UDP port 53 incoming (SO_RCVBUF socket option). # 0 is system default. Use 4m to catch query spikes for busy servers. # so-rcvbuf: 0 # buffer size for UDP port 53 outgoing (SO_SNDBUF socket option). # 0 is system default. Set larger to handle spikes on very busy servers. # so-sndbuf: 4m # use SO_REUSEPORT to distribute queries over threads. # at extreme load it could be better to turn it off to distribute even. # so-reuseport: yes # use IP_TRANSPARENT so the interface: addresses can be non-local # and you can config non-existing IPs that are going to work later on # (uses IP_BINDANY on FreeBSD). # ip-transparent: no # use IP_FREEBIND so the interface: addresses can be non-local # and you can bind to nonexisting IPs and interfaces that are down. # Linux only. On Linux you also have ip-transparent that is similar. # ip-freebind: no # the value of the Differentiated Services Codepoint (DSCP) # in the differentiated services field (DS) of the outgoing # IP packets # ip-dscp: 0 # EDNS reassembly buffer to advertise to UDP peers (the actual buffer # is set with msg-buffer-size). # edns-buffer-size: 1232 # Maximum UDP response size (not applied to TCP response). # Suggested values are 512 to 4096. Default is 1232. 65536 disables it. # max-udp-size: 1232 # max memory to use for stream(tcp and tls) waiting result buffers. # stream-wait-size: 4m # buffer size for handling DNS data. No messages larger than this # size can be sent or received, by UDP or TCP. In bytes. # msg-buffer-size: 65552 # the amount of memory to use for the message cache. # plain value in bytes or you can append k, m or G. default is "4Mb". # msg-cache-size: 4m # the number of slabs to use for the message cache. # the number of slabs must be a power of 2. # more slabs reduce lock contention, but fragment memory usage. # msg-cache-slabs: 4 # the number of queries that a thread gets to service. # num-queries-per-thread: 2048 # if very busy, 50% queries run to completion, 50% get timeout in msec # jostle-timeout: 200 # msec to wait before close of port on timeout UDP. 0 disables. # delay-close: 0 # perform connect for UDP sockets to mitigate ICMP side channel. # udp-connect: yes # The number of retries, per upstream nameserver in a delegation, when # a throwaway response (also timeouts) is received. # outbound-msg-retry: 5 # Hard limit on the number of outgoing queries Unbound will make while # resolving a name, making sure large NS sets do not loop. # It resets on query restarts (e.g., CNAME) and referrals. # max-sent-count: 32 # Hard limit on the number of times Unbound is allowed to restart a # query upon encountering a CNAME record. # max-query-restarts: 11 # Limit on number of NS records in NS RRset for incoming packets. # iter-scrub-ns: 20 # Limit on number of CNAME, DNAME records for incoming packets. # iter-scrub-cname: 11 # Limit on upstream queries for an incoming query and its recursion. # max-global-quota: 200 # Should the scrubber remove promiscuous NS from positive answers, # protects against poison attempts. # iter-scrub-promiscuous: yes # msec for waiting for an unknown server to reply. Increase if you # are behind a slow satellite link, to eg. 1128. # unknown-server-time-limit: 376 # msec before recursion replies are dropped. The work item continues. # discard-timeout: 1900 # Max number of replies waiting for recursion per IP address. # wait-limit: 1000 # Max replies waiting for recursion for IP address with cookie. # wait-limit-cookie: 10000 # Apart from the default, the wait limit can be set for a netblock. # wait-limit-netblock: 192.0.2.0/24 50000 # Apart from the default, the wait limit with cookie can be adjusted. # wait-limit-cookie-netblock: 192.0.2.0/24 50000 # Defaults for loopback, it has no wait limit. # wait-limit-netblock: 127.0.0.0/8 -1 # wait-limit-netblock: ::1/128 -1 # wait-limit-cookie-netblock: 127.0.0.0/8 -1 # wait-limit-cookie-netblock: ::1/128 -1 # the amount of memory to use for the RRset cache. # plain value in bytes or you can append k, m or G. default is "4Mb". # rrset-cache-size: 4m # the number of slabs to use for the RRset cache. # the number of slabs must be a power of 2. # more slabs reduce lock contention, but fragment memory usage. # rrset-cache-slabs: 4 # the time to live (TTL) value lower bound, in seconds. Default 0. # If more than an hour could easily give trouble due to stale data. # cache-min-ttl: 0 # the time to live (TTL) value cap for RRsets and messages in the # cache. Items are not cached for longer. In seconds. # cache-max-ttl: 86400 # the time to live (TTL) value cap for negative responses in the cache # cache-max-negative-ttl: 3600 # the time to live (TTL) value lower bound, in seconds. Default 0. # For negative responses in the cache. If disabled, default, # cache-min-ttl applies if configured. # cache-min-negative-ttl: 0 # the time to live (TTL) value for cached roundtrip times, lameness and # EDNS version information for hosts. In seconds. # infra-host-ttl: 900 # minimum wait time for responses, increase if uplink is long. In msec. # infra-cache-min-rtt: 50 # maximum wait time for responses. In msec. # infra-cache-max-rtt: 120000 # enable to make server probe down hosts more frequently. # infra-keep-probing: no # the number of slabs to use for the Infrastructure cache. # the number of slabs must be a power of 2. # more slabs reduce lock contention, but fragment memory usage. # infra-cache-slabs: 4 # the maximum number of hosts that are cached (roundtrip, EDNS, lame). # infra-cache-numhosts: 10000 # define a number of tags here, use with local-zone, access-control, # interface-*. # repeat the define-tag statement to add additional tags. # define-tag: "tag1 tag2 tag3" # Enable IPv4, "yes" or "no". # do-ip4: yes # Enable IPv6, "yes" or "no". # do-ip6: yes # If running unbound on an IPv6-only host, domains that only have # IPv4 servers would become unresolvable. If NAT64 is available in # the network, unbound can use NAT64 to reach these servers with # the following option. This is NOT needed for enabling DNS64 on a # system that has IPv4 connectivity. # Consider also enabling prefer-ip6 to prefer native IPv6 connections # to nameservers. # do-nat64: no # NAT64 prefix. Defaults to using dns64-prefix value. # nat64-prefix: 64:ff9b::0/96 # Enable UDP, "yes" or "no". # do-udp: yes # Enable TCP, "yes" or "no". # do-tcp: yes # upstream connections use TCP only (and no UDP), "yes" or "no" # useful for tunneling scenarios, default no. # tcp-upstream: no # upstream connections also use UDP (even if do-udp is no). # useful if if you want UDP upstream, but don't provide UDP downstream. # udp-upstream-without-downstream: no # Maximum segment size (MSS) of TCP socket on which the server # responds to queries. Default is 0, system default MSS. # tcp-mss: 0 # Maximum segment size (MSS) of TCP socket for outgoing queries. # Default is 0, system default MSS. # outgoing-tcp-mss: 0 # Idle TCP timeout, connection closed in milliseconds # tcp-idle-timeout: 30000 # Enable EDNS TCP keepalive option. # edns-tcp-keepalive: no # Timeout for EDNS TCP keepalive, in msec. Overrides tcp-idle-timeout # if edns-tcp-keepalive is set. # edns-tcp-keepalive-timeout: 120000 # UDP queries that have waited in the socket buffer for a long time # can be dropped. Default is 0, disabled. In seconds, such as 3. # sock-queue-timeout: 0 # Use systemd socket activation for UDP, TCP, and control sockets. # use-systemd: no # Detach from the terminal, run in background, "yes" or "no". # Set the value to "no" when Unbound runs as systemd service. # do-daemonize: yes # control which clients are allowed to make (recursive) queries # to this server. Specify classless netblocks with /size and action. # By default everything is refused, except for localhost. # Choose deny (drop message), refuse (polite error reply), # allow (recursive ok), allow_setrd (recursive ok, rd bit is forced on), # allow_snoop (recursive and nonrecursive ok) # allow_cookie (allow UDP with valid cookie or stateful transport) # deny_non_local (drop queries unless can be answered from local-data) # refuse_non_local (like deny_non_local but polite error reply). # access-control: 127.0.0.0/8 allow # access-control: ::1 allow # access-control: ::ffff:127.0.0.1 allow # tag access-control with list of tags (in "" with spaces between) # Clients using this access control element use localzones that # are tagged with one of these tags. # access-control-tag: 192.0.2.0/24 "tag2 tag3" # set action for particular tag for given access control element. # if you have multiple tag values, the tag used to lookup the action # is the first tag match between access-control-tag and local-zone-tag # where "first" comes from the order of the define-tag values. # access-control-tag-action: 192.0.2.0/24 tag3 refuse # set redirect data for particular tag for access control element # access-control-tag-data: 192.0.2.0/24 tag2 "A 127.0.0.1" # Set view for access control element # access-control-view: 192.0.2.0/24 viewname # Similar to 'access-control:' but for interfaces. # Control which listening interfaces are allowed to accept (recursive) # queries for this server. # The specified interfaces should be the same as the ones specified in # 'interface:' followed by the action. # The actions are the same as 'access-control:' above. # By default all the interfaces configured are refused. # Note: any 'access-control*:' setting overrides all 'interface-*:' # settings for targeted clients. # interface-action: 192.0.2.153 allow # interface-action: 192.0.2.154 allow # interface-action: 192.0.2.154@5003 allow # interface-action: 2001:DB8::5 allow # interface-action: eth0@5003 allow interface-action: {{ unbound_interface_intra_ipv6 }} {{ unbound_interface_action_intra_ipv6 }} interface-action: {{ unbound_interface_intra_ipv4 }} {{ unbound_interface_action_intra_ipv4 }} interface-action: {{ unbound_interface_idmz_ipv6 }} {{ unbound_interface_action_idmz_ipv6 }} interface-action: {{ unbound_interface_idmz_ipv4 }} {{ unbound_interface_action_idmz_ipv4 }} # Similar to 'access-control-tag:' but for interfaces. # Tag interfaces with a list of tags (in "" with spaces between). # Interfaces using these tags use localzones that are tagged with one # of these tags. # The specified interfaces should be the same as the ones specified in # 'interface:' followed by the list of tags. # Note: any 'access-control*:' setting overrides all 'interface-*:' # settings for targeted clients. # interface-tag: eth0@5003 "tag2 tag3" # Similar to 'access-control-tag-action:' but for interfaces. # Set action for particular tag for a given interface element. # If you have multiple tag values, the tag used to lookup the action # is the first tag match between interface-tag and local-zone-tag # where "first" comes from the order of the define-tag values. # The specified interfaces should be the same as the ones specified in # 'interface:' followed by the tag and action. # Note: any 'access-control*:' setting overrides all 'interface-*:' # settings for targeted clients. # interface-tag-action: eth0@5003 tag3 refuse # Similar to 'access-control-tag-data:' but for interfaces. # Set redirect data for a particular tag for an interface element. # The specified interfaces should be the same as the ones specified in # 'interface:' followed by the tag and the redirect data. # Note: any 'access-control*:' setting overrides all 'interface-*:' # settings for targeted clients. # interface-tag-data: eth0@5003 tag2 "A 127.0.0.1" # Similar to 'access-control-view:' but for interfaces. # Set view for an interface element. # The specified interfaces should be the same as the ones specified in # 'interface:' followed by the view name. # Note: any 'access-control*:' setting overrides all 'interface-*:' # settings for targeted clients. # interface-view: eth0@5003 viewname # if given, a chroot(2) is done to the given directory. # i.e. you can chroot to the working directory, for example, # for extra security, but make sure all files are in that directory. # # If chroot is enabled, you should pass the configfile (from the # commandline) as a full path from the original root. After the # chroot has been performed the now defunct portion of the config # file path is removed to be able to reread the config after a reload. # # All other file paths (working dir, logfile, roothints, and # key files) can be specified in several ways: # o as an absolute path relative to the new root. # o as a relative path to the working directory. # o as an absolute path relative to the original root. # In the last case the path is adjusted to remove the unused portion. # # The pid file can be absolute and outside of the chroot, it is # written just prior to performing the chroot and dropping permissions. # # Additionally, Unbound may need to access /dev/urandom (for entropy). # How to do this is specific to your OS. # # If you give "" no chroot is performed. The path must not end in a /. # chroot: "/etc/unbound" # if given, user privileges are dropped (after binding port), # and the given username is assumed. Default is user "unbound". # If you give "" no privileges are dropped. # username: "unbound" # the working directory. The relative files in this config are # relative to this directory. If you give "" the working directory # is not changed. # If you give a server: directory: dir before include: file statements # then those includes can be relative to the working directory. # directory: "/etc/unbound" # the log file, "" means log to stderr. # Use of this option sets use-syslog to "no". # logfile: "" # Log to syslog(3) if yes. The log facility LOG_DAEMON is used to # log to. If yes, it overrides the logfile. # use-syslog: yes # Log identity to report. if empty, defaults to the name of argv[0] # (usually "unbound"). # log-identity: "" # print UTC timestamp in ascii to logfile, default is epoch in seconds. # log-time-ascii: no # log timestamp in ISO8601 format if also log-time-ascii is enabled. # (y-m-dTh:m:s.msec[+-]tzhours:tzminutes) # log-time-iso: no # print one line with time, IP, name, type, class for every query. # log-queries: no # print one line per reply, with time, IP, name, type, class, rcode, # timetoresolve, fromcache and responsesize. # log-replies: no # log with tag 'query' and 'reply' instead of 'info' for # filtering log-queries and log-replies from the log. # log-tag-queryreply: no # log with destination address, port and type for log-replies. # log-destaddr: no # log the local-zone actions, like local-zone type inform is enabled # also for the other local zone types. # log-local-actions: no # print log lines that say why queries return SERVFAIL to clients. # log-servfail: no # the pid file. Can be an absolute path outside of chroot/work dir. # pidfile: "/run/unbound.pid" # file to read root hints from. # get one from https://www.internic.net/domain/named.cache # root-hints: "" root-hints: "{{ unbound_root_hints }}" # enable to not answer id.server and hostname.bind queries. # hide-identity: no hide-identity: {{ unbound_hide_identity }} # enable to not answer version.server and version.bind queries. # hide-version: no hide-version: {{ unbound_hide_version }} # enable to not answer trustanchor.unbound queries. # hide-trustanchor: no # enable to not set the User-Agent HTTP header. # hide-http-user-agent: no # the identity to report. Leave "" or default to return hostname. # identity: "" # the version to report. Leave "" or default to return package version. # version: "" # NSID identity (hex string, or "ascii_somestring"). default disabled. # nsid: "aabbccdd" # User-Agent HTTP header to use. Leave "" or default to use package name # and version. # http-user-agent: "" # the target fetch policy. # series of integers describing the policy per dependency depth. # The number of values in the list determines the maximum dependency # depth the recursor will pursue before giving up. Each integer means: # -1 : fetch all targets opportunistically, # 0: fetch on demand, # positive value: fetch that many targets opportunistically. # Enclose the list of numbers between quotes (""). # target-fetch-policy: "3 2 1 0 0" # Harden against very small EDNS buffer sizes. # harden-short-bufsize: yes # Harden against unseemly large queries. # harden-large-queries: no # Harden against out of zone rrsets, to avoid spoofing attempts. # harden-glue: yes # Harden against unverified (outside-zone, including sibling zone) glue rrsets # harden-unverified-glue: no # Harden against receiving dnssec-stripped data. If you turn it # off, failing to validate dnskey data for a trustanchor will # trigger insecure mode for that zone (like without a trustanchor). # Default on, which insists on dnssec data for trust-anchored zones. # harden-dnssec-stripped: yes # Harden against queries that fall under dnssec-signed nxdomain names. # harden-below-nxdomain: yes # Harden the referral path by performing additional queries for # infrastructure data. Validates the replies (if possible). # Default off, because the lookups burden the server. Experimental # implementation of draft-wijngaards-dnsext-resolver-side-mitigation. # harden-referral-path: no # Harden against algorithm downgrade when multiple algorithms are # advertised in the DS record. If no, allows any algorithm # to validate the zone which is the standard behavior for validators. # Check the manpage for detailed information. # harden-algo-downgrade: no # Harden against unknown records in the authority section and the # additional section. # harden-unknown-additional: no # Sent minimum amount of information to upstream servers to enhance # privacy. Only sent minimum required labels of the QNAME and set QTYPE # to A when possible. # qname-minimisation: yes # QNAME minimisation in strict mode. Do not fall-back to sending full # QNAME to potentially broken nameservers. A lot of domains will not be # resolvable when this option in enabled. # This option only has effect when qname-minimisation is enabled. # qname-minimisation-strict: no # Aggressive NSEC uses the DNSSEC NSEC chain to synthesize NXDOMAIN # and other denials, using information from previous NXDOMAINs answers. # aggressive-nsec: yes # Use 0x20-encoded random bits in the query to foil spoof attempts. # This feature is an experimental implementation of draft dns-0x20. # use-caps-for-id: no # Domains (and domains in them) without support for dns-0x20 and # the fallback fails because they keep sending different answers. # caps-exempt: "licdn.com" # caps-exempt: "senderbase.org" # Enforce privacy of these addresses. Strips them away from answers. # It may cause DNSSEC validation to additionally mark it as bogus. # Protects against 'DNS Rebinding' (uses browser as network proxy). # Only 'private-domain' and 'local-data' names are allowed to have # these private addresses. No default. # private-address: 10.0.0.0/8 # private-address: 172.16.0.0/12 # private-address: 192.168.0.0/16 # private-address: 169.254.0.0/16 # private-address: fd00::/8 # private-address: fe80::/10 # private-address: ::ffff:0:0/96 # Allow the domain (and its subdomains) to contain private addresses. # local-data statements are allowed to contain private addresses too. # private-domain: "example.com" # If nonzero, unwanted replies are not only reported in statistics, # but also a running total is kept per thread. If it reaches the # threshold, a warning is printed and a defensive action is taken, # the cache is cleared to flush potential poison out of it. # A suggested value is 10000000, the default is 0 (turned off). # unwanted-reply-threshold: 0 # Do not query the following addresses. No DNS queries are sent there. # List one address per entry. List classless netblocks with /size, # do-not-query-address: 127.0.0.1/8 # do-not-query-address: ::1 # if yes, the above default do-not-query-address entries are present. # if no, localhost can be queried (for testing and debugging). # do-not-query-localhost: yes do-not-query-localhost: {{ unbound_do_not_query_localhost }} # if yes, perform prefetching of almost expired message cache entries. # prefetch: no # if yes, perform key lookups adjacent to normal lookups. # prefetch-key: no # deny queries of type ANY with an empty response. # deny-any: no # if yes, Unbound rotates RRSet order in response. # rrset-roundrobin: yes # if yes, Unbound doesn't insert authority/additional sections # into response messages when those sections are not required. # minimal-responses: yes # true to disable DNSSEC lameness check in iterator. # disable-dnssec-lame-check: no # module configuration of the server. A string with identifiers # separated by spaces. Syntax: "[dns64] [validator] iterator" # most modules have to be listed at the beginning of the line, # except cachedb(just before iterator), and python (at the beginning, # or, just before the iterator). # module-config: "validator iterator" # File with trusted keys, kept uptodate using RFC5011 probes, # initial file like trust-anchor-file, then it stores metadata. # Use several entries, one per domain name, to track multiple zones. # # If you want to perform DNSSEC validation, run unbound-anchor before # you start Unbound (i.e. in the system boot scripts). # And then enable the auto-trust-anchor-file config item. # Please note usage of unbound-anchor root anchor is at your own risk # and under the terms of our LICENSE (see that file in the source). # auto-trust-anchor-file: "/etc/trusted-key.key" {% for item in unbound_zones %} auto-trust-anchor-file: "/etc/unbound/keys/K{{ item.key_name }}.bind_key" {% endfor %} # trust anchor signaling sends a RFC8145 key tag query after priming. # trust-anchor-signaling: yes # Root key trust anchor sentinel (draft-ietf-dnsop-kskroll-sentinel) # root-key-sentinel: yes # File with trusted keys for validation. Specify more than one file # with several entries, one file per entry. # Zone file format, with DS and DNSKEY entries. # Note this gets out of date, use auto-trust-anchor-file please. # trust-anchor-file: "/etc/unbound/trusted-key.key" # Trusted key for validation. DS or DNSKEY. specify the RR on a # single line, surrounded by "". TTL is ignored. class is IN default. # Note this gets out of date, use auto-trust-anchor-file please. # (These examples are from August 2007 and may not be valid anymore). # trust-anchor: "nlnetlabs.nl. DNSKEY 257 3 5 AQPzzTWMz8qSWIQlfRnPckx2BiVmkVN6LPupO3mbz7FhLSnm26n6iG9N Lby97Ji453aWZY3M5/xJBSOS2vWtco2t8C0+xeO1bc/d6ZTy32DHchpW 6rDH1vp86Ll+ha0tmwyy9QP7y2bVw5zSbFCrefk8qCUBgfHm9bHzMG1U BYtEIQ==" # trust-anchor: "jelte.nlnetlabs.nl. DS 42860 5 1 14D739EB566D2B1A5E216A0BA4D17FA9B038BE4A" # File with trusted keys for validation. Specify more than one file # with several entries, one file per entry. Like trust-anchor-file # but has a different file format. Format is BIND-9 style format, # the trusted-keys { name flag proto algo "key"; }; clauses are read. # you need external update procedures to track changes in keys. # trusted-keys-file: "" trusted-keys-file: "{{ unbound_trusted_keys_file }}" # Ignore chain of trust. Domain is treated as insecure. # domain-insecure: "example.com" domain-insecure: "{{ unbound_domain_insecure_1 }}" domain-insecure: "{{ unbound_domain_insecure_2 }}" domain-insecure: "{{ unbound_domain_insecure_3 }}" # Override the date for validation with a specific fixed date. # Do not set this unless you are debugging signature inception # and expiration. "" or "0" turns the feature off. -1 ignores date. # val-override-date: "" # The time to live for bogus data, rrsets and messages. This avoids # some of the revalidation, until the time interval expires. in secs. # val-bogus-ttl: 60 # The signature inception and expiration dates are allowed to be off # by 10% of the signature lifetime (expir-incep) from our local clock. # This leeway is capped with a minimum and a maximum. In seconds. # val-sig-skew-min: 3600 # val-sig-skew-max: 86400 # The maximum number the validator should restart validation with # another authority in case of failed validation. # val-max-restart: 5 # Should additional section of secure message also be kept clean of # unsecure data. Useful to shield the users of this validator from # potential bogus data in the additional section. All unsigned data # in the additional section is removed from secure messages. # val-clean-additional: yes # Turn permissive mode on to permit bogus messages. Thus, messages # for which security checks failed will be returned to clients, # instead of SERVFAIL. It still performs the security checks, which # result in interesting log files and possibly the AD bit in # replies if the message is found secure. The default is off. # val-permissive-mode: no # Ignore the CD flag in incoming queries and refuse them bogus data. # Enable it if the only clients of Unbound are legacy servers (w2008) # that set CD but cannot validate themselves. # ignore-cd-flag: no # Disable the DO flag in outgoing requests. It is helpful for upstream # devices that cannot handle DNSSEC information. But do not enable it # otherwise, because it would stop DNSSEC validation. # disable-edns-do: no # Serve expired responses from cache, with serve-expired-reply-ttl in # the response. By default it first tries to refresh an expired answer. # Can be configured with serve-expired-client-timeout. # serve-expired: no # # Limit serving of expired responses to configured seconds after # expiration. 0 disables the limit. # serve-expired-ttl: 86400 # # Set the TTL of expired records to the serve-expired-ttl value after a # failed attempt to retrieve the record from upstream. This makes sure # that the expired records will be served as long as there are queries # for it. # serve-expired-ttl-reset: no # # TTL value to use when replying with expired data. # serve-expired-reply-ttl: 30 # # Time in milliseconds before replying to the client with expired data. # This essentially enables the serve-stale behavior as specified in # RFC 8767 that first tries to resolve before immediately responding # with expired data. 0 disables this behavior. # serve-expired-client-timeout: 1800 # Return the original TTL as received from the upstream name server rather # than the decrementing TTL as stored in the cache. Enabling this feature # does not impact cache expiry, it only changes the TTL Unbound embeds in # responses to queries. Note that enabling this feature implicitly disables # enforcement of the configured minimum and maximum TTL. # serve-original-ttl: no # Have the validator log failed validations for your diagnosis. # 0: off. 1: A line per failed user query. 2: With reason and bad IP. # val-log-level: 0 # It is possible to configure NSEC3 maximum iteration counts per # keysize. Keep this table very short, as linear search is done. # A message with an NSEC3 with larger count is marked insecure. # List in ascending order the keysize and count values. # val-nsec3-keysize-iterations: "1024 150 2048 150 4096 150" # if enabled, ZONEMD verification failures do not block the zone. # zonemd-permissive-mode: no # instruct the auto-trust-anchor-file probing to add anchors after ttl. # add-holddown: 2592000 # 30 days # instruct the auto-trust-anchor-file probing to del anchors after ttl. # del-holddown: 2592000 # 30 days # auto-trust-anchor-file probing removes missing anchors after ttl. # If the value 0 is given, missing anchors are not removed. # keep-missing: 31622400 # 366 days # debug option that allows very small holddown times for key rollover, # otherwise the RFC mandates probe intervals must be at least 1 hour. # permit-small-holddown: no # the amount of memory to use for the key cache. # plain value in bytes or you can append k, m or G. default is "4Mb". # key-cache-size: 4m # the number of slabs to use for the key cache. # the number of slabs must be a power of 2. # more slabs reduce lock contention, but fragment memory usage. # key-cache-slabs: 4 # the amount of memory to use for the negative cache. # plain value in bytes or you can append k, m or G. default is "1Mb". # neg-cache-size: 1m # By default, for a number of zones a small default 'nothing here' # reply is built-in. Query traffic is thus blocked. If you # wish to serve such zone you can unblock them by uncommenting one # of the nodefault statements below. # You may also have to use domain-insecure: zone to make DNSSEC work, # unless you have your own trust anchors for this zone. # local-zone: "localhost." nodefault # local-zone: "127.in-addr.arpa." nodefault # local-zone: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." nodefault # local-zone: "home.arpa." nodefault # local-zone: "resolver.arpa." nodefault # local-zone: "service.arpa." nodefault # local-zone: "onion." nodefault # local-zone: "test." nodefault # local-zone: "invalid." nodefault # local-zone: "10.in-addr.arpa." nodefault # local-zone: "16.172.in-addr.arpa." nodefault # local-zone: "17.172.in-addr.arpa." nodefault # local-zone: "18.172.in-addr.arpa." nodefault # local-zone: "19.172.in-addr.arpa." nodefault # local-zone: "20.172.in-addr.arpa." nodefault # local-zone: "21.172.in-addr.arpa." nodefault # local-zone: "22.172.in-addr.arpa." nodefault # local-zone: "23.172.in-addr.arpa." nodefault # local-zone: "24.172.in-addr.arpa." nodefault # local-zone: "25.172.in-addr.arpa." nodefault # local-zone: "26.172.in-addr.arpa." nodefault # local-zone: "27.172.in-addr.arpa." nodefault # local-zone: "28.172.in-addr.arpa." nodefault # local-zone: "29.172.in-addr.arpa." nodefault # local-zone: "30.172.in-addr.arpa." nodefault # local-zone: "31.172.in-addr.arpa." nodefault # local-zone: "168.192.in-addr.arpa." nodefault # local-zone: "0.in-addr.arpa." nodefault # local-zone: "254.169.in-addr.arpa." nodefault # local-zone: "2.0.192.in-addr.arpa." nodefault # local-zone: "100.51.198.in-addr.arpa." nodefault # local-zone: "113.0.203.in-addr.arpa." nodefault # local-zone: "255.255.255.255.in-addr.arpa." nodefault # local-zone: "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." nodefault # local-zone: "d.f.ip6.arpa." nodefault # local-zone: "8.e.f.ip6.arpa." nodefault # local-zone: "9.e.f.ip6.arpa." nodefault # local-zone: "a.e.f.ip6.arpa." nodefault # local-zone: "b.e.f.ip6.arpa." nodefault # local-zone: "8.b.d.0.1.0.0.2.ip6.arpa." nodefault # And for 64.100.in-addr.arpa. to 127.100.in-addr.arpa. {% for item in unbound_local_zones %} local-zone: "{{ item.netz }}" {{ item.aktion }} {% endfor %} # Add example.com into ipset # local-zone: "example.com" ipset # If Unbound is running service for the local host then it is useful # to perform lan-wide lookups to the upstream, and unblock the # long list of local-zones above. If this Unbound is a dns server # for a network of computers, disabled is better and stops information # leakage of local lan information. # unblock-lan-zones: no # The insecure-lan-zones option disables validation for # these zones, as if they were all listed as domain-insecure. # insecure-lan-zones: no # a number of locally served zones can be configured. # local-zone: <zone> <type> # local-data: "<resource record string>" # o deny serves local data (if any), else, drops queries. # o refuse serves local data (if any), else, replies with error. # o static serves local data, else, nxdomain or nodata answer. # o transparent gives local data, but resolves normally for other names # o redirect serves the zone data for any subdomain in the zone. # o nodefault can be used to normally resolve AS112 zones. # o typetransparent resolves normally for other types and other names # o inform acts like transparent, but logs client IP address # o inform_deny drops queries and logs client IP address # o inform_redirect redirects queries and logs client IP address # o always_transparent, always_refuse, always_nxdomain, always_nodata, # always_deny resolve in that way but ignore local data for # that name # o block_a resolves all records normally but returns # NODATA for A queries and ignores local data for that name # o always_null returns 0.0.0.0 or ::0 for any name in the zone. # o noview breaks out of that view towards global local-zones. # # defaults are localhost address, reverse for 127.0.0.1 and ::1 # and nxdomain for AS112 zones. If you configure one of these zones # the default content is omitted, or you can omit it with 'nodefault'. # # If you configure local-data without specifying local-zone, by # default a transparent local-zone is created for the data. # # You can add locally served data with # local-zone: "local." static # local-data: "mycomputer.local. IN A 192.0.2.51" # local-data: 'mytext.local TXT "content of text record"' # # You can override certain queries with # local-data: "adserver.example.com A 127.0.0.1" # # You can redirect a domain to a fixed address with # (this makes example.com, www.example.com, etc, all go to 192.0.2.3) # local-zone: "example.com" redirect # local-data: "example.com A 192.0.2.3" # # Shorthand to make PTR records, "IPv4 name" or "IPv6 name". # You can also add PTR records using local-data directly, but then # you need to do the reverse notation yourself. # local-data-ptr: "192.0.2.3 www.example.com" # tag a localzone with a list of tag names (in "" with spaces between) # local-zone-tag: "example.com" "tag2 tag3" # add a netblock specific override to a localzone, with zone type # local-zone-override: "example.com" 192.0.2.0/24 refuse # service clients over TLS (on the TCP sockets) with plain DNS inside # the TLS stream, and over HTTPS using HTTP/2 as specified in RFC8484. # Give the certificate to use and private key. # default is "" (disabled). requires restart to take effect. # tls-service-key: "path/to/privatekeyfile.key" # tls-service-pem: "path/to/publiccertfile.pem" # tls-port: 853 # https-port: 443 # quic-port: 853 # cipher setting for TLSv1.2 # tls-ciphers: "DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256" # cipher setting for TLSv1.3 # tls-ciphersuites: "TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_AES_128_CCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256" # Pad responses to padded queries received over TLS # pad-responses: yes # Padded responses will be padded to the closest multiple of this size. # pad-responses-block-size: 468 # Use the SNI extension for TLS connections. Default is yes. # Changing the value requires a reload. # tls-use-sni: yes # Add the secret file for TLS Session Ticket. # Secret file must be 80 bytes of random data. # First key use to encrypt and decrypt TLS session tickets. # Other keys use to decrypt only. # requires restart to take effect. # tls-session-ticket-keys: "path/to/secret_file1" # tls-session-ticket-keys: "path/to/secret_file2" # request upstream over TLS (with plain DNS inside the TLS stream). # Default is no. Can be turned on and off with unbound-control. # tls-upstream: no # Certificates used to authenticate connections made upstream. # tls-cert-bundle: "" # Add system certs to the cert bundle, from the Windows Cert Store # tls-win-cert: no # and on other systems, the default openssl certificates # tls-system-cert: no # Pad queries over TLS upstreams # pad-queries: yes # Padded queries will be padded to the closest multiple of this size. # pad-queries-block-size: 128 # Also serve tls on these port numbers (eg. 443, ...), by listing # tls-additional-port: portno for each of the port numbers. # HTTP endpoint to provide DNS-over-HTTPS service on. # http-endpoint: "/dns-query" # HTTP/2 SETTINGS_MAX_CONCURRENT_STREAMS value to use. # http-max-streams: 100 # Maximum number of bytes used for all HTTP/2 query buffers. # http-query-buffer-size: 4m # Maximum number of bytes used for all HTTP/2 response buffers. # http-response-buffer-size: 4m # Set TCP_NODELAY socket option on sockets used for DNS-over-HTTPS # service. # http-nodelay: yes # Disable TLS for DNS-over-HTTP downstream service. # http-notls-downstream: no # Maximum number of bytes used for QUIC buffers. # quic-size: 8m # The interfaces that use these listed port numbers will support and # expect PROXYv2. For UDP and TCP/TLS interfaces. # proxy-protocol-port: portno for each of the port numbers. # DNS64 prefix. Must be specified when DNS64 is use. # Enable dns64 in module-config. Used to synthesize IPv6 from IPv4. # dns64-prefix: 64:ff9b::0/96 # DNS64 ignore AAAA records for these domains and use A instead. # dns64-ignore-aaaa: "example.com" # ratelimit for uncached, new queries, this limits recursion effort. # ratelimiting is experimental, and may help against randomqueryflood. # if 0(default) it is disabled, otherwise state qps allowed per zone. # ratelimit: 0 # ratelimits are tracked in a cache, size in bytes of cache (or k,m). # ratelimit-size: 4m # ratelimit cache slabs, reduces lock contention if equal to cpucount. # ratelimit-slabs: 4 # 0 blocks when ratelimited, otherwise let 1/xth traffic through # ratelimit-factor: 10 # Aggressive rate limit when the limit is reached and until demand has # decreased in a 2 second rate window. # ratelimit-backoff: no # override the ratelimit for a specific domain name. # give this setting multiple times to have multiple overrides. # ratelimit-for-domain: example.com 1000 # override the ratelimits for all domains below a domain name # can give this multiple times, the name closest to the zone is used. # ratelimit-below-domain: com 1000 # global query ratelimit for all ip addresses. # feature is experimental. # if 0(default) it is disabled, otherwise states qps allowed per ip address # ip-ratelimit: 0 # global query ratelimit for all ip addresses with a valid DNS Cookie. # feature is experimental. # if 0(default) it is disabled, otherwise states qps allowed per ip address # useful in combination with 'allow_cookie'. # If used, suggested to be higher than ip-ratelimit, tenfold. # ip-ratelimit-cookie: 0 # ip ratelimits are tracked in a cache, size in bytes of cache (or k,m). # ip-ratelimit-size: 4m # ip ratelimit cache slabs, reduces lock contention if equal to cpucount. # ip-ratelimit-slabs: 4 # 0 blocks when ip is ratelimited, otherwise let 1/xth traffic through # ip-ratelimit-factor: 10 # Aggressive rate limit when the limit is reached and until demand has # decreased in a 2 second rate window. # ip-ratelimit-backoff: no # Limit the number of connections simultaneous from a netblock # tcp-connection-limit: 192.0.2.0/24 12 # select from the fastest servers this many times out of 1000. 0 means # the fast server select is disabled. prefetches are not sped up. # fast-server-permil: 0 # the number of servers that will be used in the fast server selection. # fast-server-num: 3 # reply to requests containing DNS Cookies as specified in RFC 7873 and RFC 9018. # answer-cookie: no # secret for DNS Cookie generation. # useful for anycast deployments. # example value "000102030405060708090a0b0c0d0e0f". # cookie-secret: <128 bit random hex string> # File with cookie secrets, the 'cookie-secret:' option is ignored # and the file can be managed to have staging and active secrets # with remote control commands. Disabled with "". Default is "". # cookie-secret-file: "/usr/local/etc/unbound_cookiesecrets.txt" # Enable to attach Extended DNS Error codes (RFC8914) to responses. # ede: no # Enable to attach an Extended DNS Error (RFC8914) Code 3 - Stale # Answer as EDNS0 option to expired responses. # Note that the ede option above needs to be enabled for this to work. # ede-serve-expired: no # Enable DNS Error Reporting (RFC9567). # qname-minimisation is advised to be turned on as well to increase # privacy on the outgoing reports. # dns-error-reporting: no # Specific options for ipsecmod. Unbound needs to be configured with # --enable-ipsecmod for these to take effect. # # Enable or disable ipsecmod (it still needs to be defined in # module-config above). Can be used when ipsecmod needs to be # enabled/disabled via remote-control(below). # ipsecmod-enabled: yes # # Path to executable external hook. It must be defined when ipsecmod is # listed in module-config (above). # ipsecmod-hook: "./my_executable" # # When enabled Unbound will reply with SERVFAIL if the return value of # the ipsecmod-hook is not 0. # ipsecmod-strict: no # # Maximum time to live (TTL) for cached A/AAAA records with IPSECKEY. # ipsecmod-max-ttl: 3600 # # Reply with A/AAAA even if the relevant IPSECKEY is bogus. Mainly used for # testing. # ipsecmod-ignore-bogus: no # # Domains for which ipsecmod will be triggered. If not defined (default) # all domains are treated as being allowed. # ipsecmod-allow: "example.com" # ipsecmod-allow: "nlnetlabs.nl" # Timeout for REUSE entries in milliseconds. # tcp-reuse-timeout: 60000 # Max number of queries on a reuse connection. # max-reuse-tcp-queries: 200 # Timeout in milliseconds for TCP queries to auth servers. # tcp-auth-query-timeout: 3000 # Python config section. To enable: # o use --with-pythonmodule to configure before compiling. # o list python in the module-config string (above) to enable. # It can be at the start, it gets validated results, or just before # the iterator and process before DNSSEC validation. # o and give a python-script to run. python: # Script file to load # python-script: "/etc/unbound/ubmodule-tst.py" # Dynamic library config section. To enable: # o use --with-dynlibmodule to configure before compiling. # o list dynlib in the module-config string (above) to enable. # It can be placed anywhere, the dynlib module is only a very thin wrapper # to load modules dynamically. # o and give a dynlib-file to run. If more than one dynlib entry is listed in # the module-config then you need one dynlib-file per instance. dynlib: # Script file to load # dynlib-file: "/etc/unbound/dynlib.so" # Remote control config section. remote-control: # Enable remote control with unbound-control(8) here. # set up the keys and certificates with unbound-control-setup. # control-enable: no control-enable: {{ unbound_control_enable }} # what interfaces are listened to for remote control. # give 0.0.0.0 and ::0 to listen to all interfaces. # set to an absolute path to use a unix local name pipe, certificates # are not used for that, so key and cert files need not be present. # control-interface: 127.0.0.1 # control-interface: ::1 control-interface: {{ unbound_control_interface_ipv6 }} control-interface: {{ unbound_control_interface_ipv4 }} # port number for remote control operations. # control-port: 8953 control-port: {{ unbound_control_port }} # for localhost, you can disable use of TLS by setting this to "no" # For local sockets this option is ignored, and TLS is not used. # control-use-cert: "yes" control-use-cert: "{{ unbound_control_use_cert }}" # Unbound server key file. # server-key-file: "/etc/unbound/unbound_server.key" server-key-file: "{{ unbound_server_key_file }}" # Unbound server certificate file. # server-cert-file: "/etc/unbound/unbound_server.pem" server-cert-file: "{{ unbound_server_cert_file }}" # unbound-control key file. # control-key-file: "/etc/unbound/unbound_control.key" control-key-file: "{{ unbound_control_key_file }}" # unbound-control certificate file. # control-cert-file: "/etc/unbound/unbound_control.pem" control-cert-file: "{{ unbound_control_cert_file }}" # Stub zones. # Create entries like below, to make all queries for 'example.com' and # 'example.org' go to the given list of nameservers. list zero or more # nameservers by hostname or by ipaddress. If you set stub-prime to yes, # the list is treated as priming hints (default is no). # With stub-first yes, it attempts without the stub if it fails. # Consider adding domain-insecure: name and local-zone: name nodefault # to the server: section if the stub is a locally served zone. # stub-zone: # name: "example.com" # stub-addr: 192.0.2.68 # stub-prime: no # stub-first: no # stub-tcp-upstream: no # stub-tls-upstream: no # stub-no-cache: no # stub-zone: # name: "example.org" # stub-host: ns.example.com. # Forward zones # Create entries like below, to make all queries for 'example.com' and # 'example.org' go to the given list of servers. These servers have to handle # recursion to other nameservers. List zero or more nameservers by hostname # or by ipaddress. Use an entry with name "." to forward all queries. # If you enable forward-first, it attempts without the forward if it fails. # forward-zone: # name: "example.com" # forward-addr: 192.0.2.68 # forward-addr: 192.0.2.73@5355 # forward to port 5355. # forward-first: no # forward-tcp-upstream: no # forward-tls-upstream: no # forward-no-cache: no # forward-zone: # name: "example.org" # forward-host: fwd.example.com forward-zone: name: "localhost" forward-addr: ::1 forward-zone: name: "1.0.0.127.in-addr.arpa" forward-addr: ::1 forward-zone: name: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" forward-addr: ::1 {% for item in unbound_zones %} forward-zone: name: "{{ item.key_name }}" forward-addr: ::1 {% endfor %} # Authority zones # The data for these zones is kept locally, from a file or downloaded. # The data can be served to downstream clients, or used instead of the # upstream (which saves a lookup to the upstream). The first example # has a copy of the root for local usage. The second serves example.org # authoritatively. zonefile: reads from file (and writes to it if you also # download it), primary: fetches with AXFR and IXFR, or url to zonefile. # With allow-notify: you can give additional (apart from primaries and urls) # sources of notifies. # auth-zone: # name: "." # primary: 170.247.170.2 # b.root-servers.net # primary: 192.33.4.12 # c.root-servers.net # primary: 199.7.91.13 # d.root-servers.net # primary: 192.5.5.241 # f.root-servers.net # primary: 192.112.36.4 # g.root-servers.net # primary: 193.0.14.129 # k.root-servers.net # primary: 192.0.47.132 # xfr.cjr.dns.icann.org # primary: 192.0.32.132 # xfr.lax.dns.icann.org # primary: 2801:1b8:10::b # b.root-servers.net # primary: 2001:500:2::c # c.root-servers.net # primary: 2001:500:2d::d # d.root-servers.net # primary: 2001:500:2f::f # f.root-servers.net # primary: 2001:500:12::d0d # g.root-servers.net # primary: 2001:7fd::1 # k.root-servers.net # primary: 2620:0:2830:202::132 # xfr.cjr.dns.icann.org # primary: 2620:0:2d0:202::132 # xfr.lax.dns.icann.org # fallback-enabled: yes # for-downstream: no # for-upstream: yes # auth-zone: # name: "example.org" # for-downstream: yes # for-upstream: yes # zonemd-check: no # zonemd-reject-absence: no # zonefile: "example.org.zone" # Views # Create named views. Name must be unique. Map views to requests using # the access-control-view option. Views can contain zero or more local-zone # and local-data options. Options from matching views will override global # options. Global options will be used if no matching view is found. # With view-first yes, it will try to answer using the global local-zone and # local-data elements if there is no view specific match. # view: # name: "viewname" # local-zone: "example.com" redirect # local-data: "example.com A 192.0.2.3" # local-data-ptr: "192.0.2.3 www.example.com" # view-first: no # view: # name: "anotherview" # local-zone: "example.com" refuse # DNSCrypt # To enable, use --enable-dnscrypt to configure before compiling. # Caveats: # 1. the keys/certs cannot be produced by Unbound. You can use dnscrypt-wrapper # for this: https://github.com/cofyc/dnscrypt-wrapper/blob/master/README.md#usage # 2. dnscrypt channel attaches to an interface. you MUST set interfaces to # listen on `dnscrypt-port` with the follo0wing snippet: # server: # interface: 0.0.0.0@443 # interface: ::0@443 # # Finally, `dnscrypt` config has its own section. # dnscrypt: # dnscrypt-enable: yes # dnscrypt-port: 443 # dnscrypt-provider: 2.dnscrypt-cert.example.com. # dnscrypt-secret-key: /path/unbound-conf/keys1/1.key # dnscrypt-secret-key: /path/unbound-conf/keys2/1.key # dnscrypt-provider-cert: /path/unbound-conf/keys1/1.cert # dnscrypt-provider-cert: /path/unbound-conf/keys2/1.cert # CacheDB # External backend DB as auxiliary cache. # To enable, use --enable-cachedb to configure before compiling. # Specify the backend name # (default is "testframe", which has no use other than for debugging and # testing) and backend-specific options. The 'cachedb' module must be # included in module-config, just before the iterator module. # cachedb: # backend: "testframe" # # secret seed string to calculate hashed keys # secret-seed: "default" # # if the backend should be read from, but not written to. # cachedb-no-store: no # # if the cachedb should be checked before a serve-expired response is # # given, when serve-expired is enabled. # cachedb-check-when-serve-expired: yes # # # For "redis" backend: # # (to enable, use --with-libhiredis to configure before compiling) # # redis server's IP address or host name # redis-server-host: 127.0.0.1 # # redis server's TCP port # redis-server-port: 6379 # # if the server uses a unix socket, set its path, or "" when not used. # redis-server-path: "/var/lib/redis/redis-server.sock" # # if the server uses an AUTH password, specify here, or "" when not used. # redis-server-password: "" # # timeout (in ms) for communication with the redis server # redis-timeout: 100 # # timeout (in ms) for commands, if 0, uses redis-timeout. # redis-command-timeout: 0 # # timeout (in ms) for connection set up, if 0, uses redis-timeout. # redis-connect-timeout: 0 # # set timeout on redis records based on DNS response TTL # redis-expire-records: no # # redis logical database to use, 0 is the default database. # redis-logical-db: 0 # # redis replica server's IP address or host name # redis-replica-server-host: 127.0.0.1 # # redis replica server's TCP port # redis-replica-server-port: 6379 # # if the replica server uses a unix socket, set its path, or "" when not used. # redis-replica-server-path: "/var/lib/redis/redis-server.sock" # # if the replica server uses an AUTH password, specify here, or "" when not used. # redis-replica-server-password: "" # # timeout (in ms) for communication with the redis replica server # redis-replica-timeout: 100 # # timeout (in ms) for redis replica commands, if 0, uses redis-replica-timeout. # redis-replica-command-timeout: 0 # # timeout (in ms) for redis replica connection set up, if 0, uses redis-replica-timeout. # redis-replica-connect-timeout: 0 # # redis logical database to use for the replica server, 0 is the default database. # redis-replica-logical-db: 0 # IPSet # Add specify domain into set via ipset. # To enable: # o use --enable-ipset to configure before compiling; # o Unbound then needs to run as root user. # ipset: # # set name for ip v4 addresses # name-v4: "list-v4" # # set name for ip v6 addresses # name-v6: "list-v6" # # Dnstap logging support, if compiled in by using --enable-dnstap to configure. # To enable, set the dnstap-enable to yes and also some of # dnstap-log-..-messages to yes. And select an upstream log destination, by # socket path, TCP or TLS destination. # dnstap: # dnstap-enable: no # # if set to yes frame streams will be used in bidirectional mode # dnstap-bidirectional: yes # dnstap-socket-path: "/etc/unbound/dnstap.sock" # # if "" use the unix socket in dnstap-socket-path, otherwise, # # set it to "IPaddress[@port]" of the destination. # dnstap-ip: "" # # if set to yes if you want to use TLS to dnstap-ip, no for TCP. # dnstap-tls: yes # # name for authenticating the upstream server. or "" disabled. # dnstap-tls-server-name: "" # # if "", it uses the cert bundle from the main Unbound config. # dnstap-tls-cert-bundle: "" # # key file for client authentication, or "" disabled. # dnstap-tls-client-key-file: "" # # cert file for client authentication, or "" disabled. # dnstap-tls-client-cert-file: "" # dnstap-send-identity: no # dnstap-send-version: no # # if "" it uses the hostname. # dnstap-identity: "" # # if "" it uses the package version. # dnstap-version: "" # # log only 1/N messages, if 0 it is disabled. default 0. # dnstap-sample-rate: 0 # dnstap-log-resolver-query-messages: no # dnstap-log-resolver-response-messages: no # dnstap-log-client-query-messages: no # dnstap-log-client-response-messages: no # dnstap-log-forwarder-query-messages: no # dnstap-log-forwarder-response-messages: no # Response Policy Zones # RPZ policies. Applied in order of configuration. Any match from an earlier # RPZ zone will terminate the RPZ lookup. QNAME, Response IP # Address, nsdname, nsip and clientip triggers are supported. Supported # actions are: NXDOMAIN, NODATA, PASSTHRU, DROP, Local Data, tcp-only # and drop. Policies can be loaded from a file, or using zone # transfer, or using HTTP. The respip module needs to be added # to the module-config, e.g.: module-config: "respip validator iterator". # rpz: # name: "rpz.example.com" # zonefile: "rpz.example.com" # primary: 192.0.2.0 # allow-notify: 192.0.2.0/32 # url: http://www.example.com/rpz.example.org.zone # rpz-action-override: cname # rpz-cname-override: www.example.org # rpz-log: yes # rpz-log-name: "example policy" # rpz-signal-nxdomain-ra: no # for-downstream: no # tags: "example"
Für die Erstellung der systemd-Timers für das monatliche Updaten der root.hints Datei sind noch die zwei betreffenden Templates notwendig.
$ vim roles/unbound/templates/root-hints.j2
roles/unbound/templates/root-hints.j2
- roles/unbound/templates/root-hints.j2
# Ansible managed configuration file, do not modify manually! [Unit] Description=Update root hints for unbound After=network.target [Service] ExecStart=/usr/bin/curl -o /etc/unbound/root.hints https://www.internic.net/domain/named.cache && systemctl restart unbound.service
und:
$ vim roles/unbound/templates/root-hints-timer.j2
roles/unbound/templates/root-hints-timer.j2
- roles/unbound/templates/root-hints-timer.j2
# Ansible managed configuration file, do not modify manually! [Unit] Description=Run root-hints monthly to get actual root.hints [Timer] OnCalendar=monthly Persistent=true Unit=root-hints.service [Install] WantedBy=multi-user.target
Zu guter Letzt brauchen wir dann noch ein Template für die Datei /etc/sysctl.d/60-net-memory.conf mit deren Hilfe wir die Optimierung Netzwerk-Stack (Puffergröße) vornehmen.
$ vim roles/unbound/templates/net-memory.j2
roles/unbound/templates/net-memory.j2
- roles/unbound/templates/net-memory.j2
# Ansible managed configuration file, do not modify manually! # Configure default and maximum amount for the receive socket memory. net.core.rmem_max=4194304 # Configure default and maximum amount for the send socket memory. net.core.wmem_max=4194304
Ausführung - Playbooklauf
Die orchestrierte Variante der Installation und Konfiguration unseres unbounda-Daemon gestaltet sich ab sofort sehr einfach, brauchen wir doch lediglich die Konfigurationswerte im Inventory zu hinterlegen und zu pflegen und letztendlich das Playbook entsprechend aufzurufen:
$ ansible-playbook playbooks/unbound.yml
[16:19:29] Gathering Facts ↳ vml010110 | SUCCESS | 2.10s [16:19:31] unbound : Installation des Unbound-Daemon. ↳ vml010110 | SUCCESS | 18ms [16:19:32] ↳ install: Installation der benötigten unbound Paketes. ↳ vml010110 | SUCCESS | 1.91s [16:19:33] unbound : Vorbereitende Konfiguration des Unbound-Resolvers. ↳ vml010110 | SUCCESS | 27ms [16:19:33] ↳ grundkonfig: Checken ob es bereits eine Backupdatei von unbound.conf gibt. ↳ vml010110 | SUCCESS | 746ms [16:19:34] ↳ grundkonfig: Backupdatei der Konfigurationsdatei unbound.conf erstellen. vml010110 | SKIPPED | 21ms [16:19:34] ↳ grundkonfig: Checken ob unbound_control bereits initialisiert worden ist. ↳ vml010110 | SUCCESS | 641ms [16:19:35] ↳ grundkonfig: Zertifikate und Schlüssel für unbound_control erzeugen. vml010110 | SKIPPED | 16ms [16:19:35] ↳ grundkonfig: Checken ob es bereits eine Datei /etc/unbound/root.hints. ↳ vml010110 | SUCCESS | 703ms [16:19:36] ↳ grundkonfig: Liste der 13 Root-Nameserver holen und ablegen. vml010110 | SKIPPED | 12ms [16:19:36] ↳ grundkonfig: Systemd Unit File für Update der root.hints erzeugen. ↳ vml010110 | SUCCESS | 1.32s [16:19:37] ↳ grundkonfig: Systemd Timer für Update der root.hints erzeugen. ↳ vml010110 | SUCCESS | 1.24s [16:19:38] ↳ grundkonfig: Systemd Service root-hints.timer aktivieren. ↳ vml010110 | SUCCESS | 1.12s [16:19:39] ↳ grundkonfig: Sicherstellen dass das Verzeichnis für die Schlüssel des hidden-master existiert. ↳ vml010110 | SUCCESS | 674ms [16:19:40] ↳ grundkonfig: Optimierung Netzwerk-Stack. ↳ vml010110 | SUCCESS | 1.29s [16:19:41] unbound : Keyfilename ermitteln. ↳ vml010110 | SUCCESS | 72ms [16:19:42] ↳ keyfilename: Vollständigen Bind-Pfad des Schlüssels ermitteln: nausch.org ↳ vml010110 | SUCCESS | 684ms [16:19:42] ↳ keyfilename: Dateiname und Pfad des Schlüssels merken: nausch.org ↳ vml010110 | SUCCESS | 21ms [16:19:42] ↳ keyfilename: Schlüsseldatei vom ISC BIND zum Unbound kopieren: nausch.org ↳ vml010110 | CHANGED | 739ms [16:19:43] ↳ keyfilename: Vollständigen Bind-Pfad des Schlüssels ermitteln: 13.92.217.in-addr.arpa ↳ vml010110 | SUCCESS | 666ms [16:19:44] ↳ keyfilename: Dateiname und Pfad des Schlüssels merken: 13.92.217.in-addr.arpa ↳ vml010110 | SUCCESS | 17ms [16:19:44] ↳ keyfilename: Schlüsseldatei vom ISC BIND zum Unbound kopieren: 13.92.217.in-addr.arpa ↳ vml010110 | CHANGED | 666ms [16:19:44] ↳ keyfilename: Vollständigen Bind-Pfad des Schlüssels ermitteln: omni128.de ↳ vml010110 | SUCCESS | 662ms [16:19:45] ↳ keyfilename: Dateiname und Pfad des Schlüssels merken: omni128.de ↳ vml010110 | SUCCESS | 23ms [16:19:45] ↳ keyfilename: Schlüsseldatei vom ISC BIND zum Unbound kopieren: omni128.de ↳ vml010110 | CHANGED | 654ms [16:19:46] ↳ keyfilename: Vollständigen Bind-Pfad des Schlüssels ermitteln: ebersberger-liedersammlung.de ↳ vml010110 | SUCCESS | 700ms [16:19:46] ↳ keyfilename: Dateiname und Pfad des Schlüssels merken: ebersberger-liedersammlung.de ↳ vml010110 | SUCCESS | 21ms [16:19:46] ↳ keyfilename: Schlüsseldatei vom ISC BIND zum Unbound kopieren: ebersberger-liedersammlung.de ↳ vml010110 | CHANGED | 653ms [16:19:47] ↳ keyfilename: Vollständigen Bind-Pfad des Schlüssels ermitteln: wetterstation-pliening.info ↳ vml010110 | SUCCESS | 664ms [16:19:48] ↳ keyfilename: Dateiname und Pfad des Schlüssels merken: wetterstation-pliening.info ↳ vml010110 | SUCCESS | 23ms [16:19:48] ↳ keyfilename: Schlüsseldatei vom ISC BIND zum Unbound kopieren: wetterstation-pliening.info ↳ vml010110 | CHANGED | 679ms [16:19:49] ↳ keyfilename: Vollständigen Bind-Pfad des Schlüssels ermitteln: intra.nausch.org ↳ vml010110 | SUCCESS | 677ms [16:19:49] ↳ keyfilename: Dateiname und Pfad des Schlüssels merken: intra.nausch.org ↳ vml010110 | SUCCESS | 29ms [16:19:49] ↳ keyfilename: Schlüsseldatei vom ISC BIND zum Unbound kopieren: intra.nausch.org ↳ vml010110 | CHANGED | 644ms [16:19:50] ↳ keyfilename: Vollständigen Bind-Pfad des Schlüssels ermitteln: 10.0.10.in-addr.arpa ↳ vml010110 | SUCCESS | 648ms [16:19:51] ↳ keyfilename: Dateiname und Pfad des Schlüssels merken: 10.0.10.in-addr.arpa ↳ vml010110 | SUCCESS | 42ms [16:19:51] ↳ keyfilename: Schlüsseldatei vom ISC BIND zum Unbound kopieren: 10.0.10.in-addr.arpa ↳ vml010110 | CHANGED | 608ms [16:19:51] ↳ keyfilename: Vollständigen Bind-Pfad des Schlüssels ermitteln: 7.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa ↳ vml010110 | SUCCESS | 667ms [16:19:52] ↳ keyfilename: Dateiname und Pfad des Schlüssels merken: 7.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa ↳ vml010110 | SUCCESS | 20ms [16:19:52] ↳ keyfilename: Schlüsseldatei vom ISC BIND zum Unbound kopieren: 7.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa ↳ vml010110 | CHANGED | 710ms [16:19:53] ↳ keyfilename: Vollständigen Bind-Pfad des Schlüssels ermitteln: idmz.nausch.org ↳ vml010110 | SUCCESS | 547ms [16:19:53] ↳ keyfilename: Dateiname und Pfad des Schlüssels merken: idmz.nausch.org ↳ vml010110 | SUCCESS | 21ms [16:19:53] ↳ keyfilename: Schlüsseldatei vom ISC BIND zum Unbound kopieren: idmz.nausch.org ↳ vml010110 | CHANGED | 674ms [16:19:54] ↳ keyfilename: Vollständigen Bind-Pfad des Schlüssels ermitteln: 0.0.10.in-addr.arpa ↳ vml010110 | SUCCESS | 692ms [16:19:55] ↳ keyfilename: Dateiname und Pfad des Schlüssels merken: 0.0.10.in-addr.arpa ↳ vml010110 | SUCCESS | 44ms [16:19:55] ↳ keyfilename: Schlüsseldatei vom ISC BIND zum Unbound kopieren: 0.0.10.in-addr.arpa ↳ vml010110 | CHANGED | 676ms [16:19:56] ↳ keyfilename: Vollständigen Bind-Pfad des Schlüssels ermitteln: 3.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa ↳ vml010110 | SUCCESS | 691ms [16:19:56] ↳ keyfilename: Dateiname und Pfad des Schlüssels merken: 3.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa ↳ vml010110 | SUCCESS | 43ms [16:19:56] ↳ keyfilename: Schlüsseldatei vom ISC BIND zum Unbound kopieren: 3.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa ↳ vml010110 | CHANGED | 649ms [16:19:57] ↳ keyfilename: Vollständigen Bind-Pfad des Schlüssels ermitteln: edmz.nausch.org ↳ vml010110 | SUCCESS | 622ms [16:19:58] ↳ keyfilename: Dateiname und Pfad des Schlüssels merken: edmz.nausch.org ↳ vml010110 | SUCCESS | 22ms [16:19:58] ↳ keyfilename: Schlüsseldatei vom ISC BIND zum Unbound kopieren: edmz.nausch.org ↳ vml010110 | CHANGED | 625ms [16:19:58] ↳ keyfilename: Vollständigen Bind-Pfad des Schlüssels ermitteln: 2.17.172.in-addr.arpa ↳ vml010110 | SUCCESS | 641ms [16:19:59] ↳ keyfilename: Dateiname und Pfad des Schlüssels merken: 2.17.172.in-addr.arpa ↳ vml010110 | SUCCESS | 20ms [16:19:59] ↳ keyfilename: Schlüsseldatei vom ISC BIND zum Unbound kopieren: 2.17.172.in-addr.arpa ↳ vml010110 | CHANGED | 635ms [16:20:00] ↳ keyfilename: Vollständigen Bind-Pfad des Schlüssels ermitteln: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa ↳ vml010110 | SUCCESS | 704ms [16:20:00] ↳ keyfilename: Dateiname und Pfad des Schlüssels merken: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa ↳ vml010110 | SUCCESS | 24ms [16:20:00] ↳ keyfilename: Schlüsseldatei vom ISC BIND zum Unbound kopieren: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa ↳ vml010110 | CHANGED | 635ms [16:20:01] unbound : Konfiguration der firewalld-Regeln für den DNS-Resolver. ↳ vml010110 | SUCCESS | 14ms [16:20:01] ↳ firewalld: Konfiguration der firewalld Regeln in Zone_1 für den Unbound-Resolver. ↳ vml010110 | SUCCESS | 7.91s [16:20:09] ↳ firewalld: Konfiguration der firewalld Regeln in Zone_2 für den Unbound-Resolver. ↳ vml010110 | SUCCESS | 7.91s [16:20:17] ↳ firewalld: Zum Schluss den aktuellen permanenten Regelsatz final neu laden. ↳ vml010110 | CHANGED | 1.24s [16:20:18] unbound : Konfiguration des Unbound-Resolvers. ↳ vml010110 | SUCCESS | 16ms [16:20:18] ↳ konfig: Individuelle Konfigurationsdatei unbound.conf erzeugen und kopieren. ↳ vml010110 | SUCCESS | 1.27s triggering handler | unbound : Restart unbound ↳ vml010110 | CHANGED | 2.40s [16:20:21] system -- Play recap -- vml010110 : ok=75 changed=16 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0
In diesem Beispiel haben wir nach nicht etwas mehr als 10 Sekunden einen voll funktionsfähigen DNSSEC-fähigen Unbound-Resolvers.
Links
Diese Website verwendet Cookies. Durch die Nutzung der Website stimmen Sie dem Speichern von Cookies auf Ihrem Computer zu. Außerdem bestätigen Sie, dass Sie unsere Datenschutzbestimmungen gelesen und verstanden haben. Wenn Sie nicht einverstanden sind, verlassen Sie die Website.Weitere Information
django