3600000 A 184.108.40.206 ; ; temporarily housed at ISI (IANA) .
3600000 A 1.12 ; ; temporarily housed at ISI (IANA) .
hermit.ourroot.private ( 1997071401 ; serial number (YYYYMMDD##) 10800 ; refresh after 3 hours 3600 ; retry after 1 hour 604800 ; expire after 1 week 86400 ) ; minimum TTL of 1 day ; ourroot.private.
3600000 A 1.12 ; End of File; @ IN SOA ourroot.private.
This file contains the names and IP addresses of the authoritative name servers for the root zone, so the software can bootstrap the DNS resolution process.
You need to add an NS record and an A record for each root server you want to include in the file. The process of replacing the 2010 key with the 2017 key requires a period of overlap, during which the 2010 key is still used for signing, but the 2017 key is also present, so that systems can learn the 2017 key and ‘trust’ it, based on the 2010 key.While both keys are present, they will increase the size of some messages in the DNS.The Root Trust Anchor, or Key Signing Key, is used by DNSSEC-enabled software to verify the contents of the DNS root zone is valid.It additionally enables a single chain of trust to DNSSEC-enabled top-level domains and beyond.