Hi, There are many other Root servers other than ICANN Root servers. For example: CesidianRoot (http://www.cesidianroot.net/), OpenNIC (http://www.opennicproject.org/), New Nations (New-Nations.net), Namecoin DNS (DotBIT project, bit DNS) (http://dot-bit.org), 42 (http://42registry.org/), OVH (http://ovh.co.uk/), i-DNS (MultiLingual DNS) (i-dns.net), Public-Root ( http://public-root.com), UnifiedRoot (unifiedroot.com), etc. How can i integrate all into one Unbound or into a central Unbound ? to use their all TLDs, which are not found in default ICANN/IANA root servers. For example, i had to add these in unbound.conf/service.conf for '42' TLD: domain-insecure: "42" stub-zone: name: "42" stub-addr: 22.214.171.124 # 42Registry a.42tld-servers.net europe stub-addr: 126.96.36.199 # 42Registry b.42tld-servers.net europe stub-addr: 188.8.131.52 # 42Registry c.42tld-servers.net europe now with the above 6 lines, i could not ping or browse the website at "search.42" :( but 'dig', 'nslookup' does resolve/show successfully ns, a , etc records. i tried "dig 42. any +dnssec", but flag does not show 'ad' bit, only shows 'qr rd ra'. answer does show 'SOA' with "a.42tld-servers.net. tech.42registry.org.", and 4 'NS' shows "a/b/c/d.42tld-servers.net.". so what is/are wrong ? if 42 TLD supports/has DNSSEC components, then how can i use them ? or how to enable DNSSEC for 42 TLD ? Similar like above, i added domain-insecure and stub-zone for .bit TLD in 'unbound.conf' / 'service.conf' file. The 'ping', 'nslookup', 'dig' etc worked on the http://dot-bit.bit/ site/host/domain. :) The CesidianRoot proper, root dns server/system, has at least 84 TLDs of their own. And they can also resolve other TLDs from other root dns servers. i added all of them (cesidianRoot and other root's TLDs) in this way, i'm showing only few TLD example instead of all 84 TLDs here: domain-insecure: "5wc" domain-insecure: "cesidio" domain-insecure: "linna" domain-insecure: "free" ... stub-zone: name: "cesidianroot-dnsSrv-randNum1.net" stub-addr: 184.108.40.206 # Master CesidianRoot.net Root Server stub-addr: 220.127.116.11 # CesidianRoot.net North America stub-addr: 18.104.22.168 # CesidianRoot.net North America stub-addr: 22.214.171.124 # CesidianRoot.net Europe stub-addr: 126.96.36.199 # CesidianRoot.net Europe stub-addr: 188.8.131.52 # CesidianRoot.net South-East Asia stub-addr: 184.108.40.206 # CesidianRoot.net South-East Asia stub-addr: 220.127.116.11 # CesidianRoot.net Australia & Ocenia stub-addr: 18.104.22.168 # CesidianRoot.net South America stub-addr: 22.214.171.124 # CesidianRoot.net Sub-Saharan Africa stub-zone: name: "5wc" stub-host: "ns.cesidianroot-dnsSrv-randNum1.net" stub-zone: name: "cesidio" stub-host: "ns.cesidianroot-dnsSrv-randNum1.net" stub-zone: name: "linna" stub-host: "ns.cesidianroot-dnsSrv-randNum1.net" stub-zone: name: "free" stub-host: "ns.cesidianroot-dnsSrv-randNum1.net" ... but when i tried to do ping/nslookup/dig on any TLD randomly from CesidianRoot, then none of the tool worked. ! :( :-( What is/are wrong ? i used this "cesidianroot-dnsSrv-randNum1.net" domain-name because such does not exist in real-life. do i need to define/declare 'ns' & 'cesidianroot-dnsSrv-randNum1.net' which are used in stub-host : "ns.cesidianroot-dnsSrv-randNum1.net" line ? And please help me to have a solution, where i dont have to use those 10 stub-addr dns server of CesidianRoot for all of those 84 TLDs for 84 times, then it will become at least 11 x 84 lines of codes ! how can i reduce line numbers ? if cesidianroot TLDs supports/has DNSSEC components/records, then how can i use them or how to enable DNSSEC for CesidianRoot ? CesidianRoot can also resolve TLDs authoritatively maintained by New-Nations.net root system, and i-DNS.net Root system. All of those TLDs are currently using 'ns.cesidianroot-dnsSrv-randNum1.net' as stub-host currently in 'service.conf' / 'unbound.conf' file. Since CesidinaRoot is not SOA / AA / DS of New-Nations.net & i-DNS.net TLDs, am i suppose to change the stub-host of those TLDs from 'ns.cesidianroot-dnsSrv-randNum1.net' into 'ns.new-nations-net-dnsSrv-randNum1.net' / 'ns.i-dns-net-dnsSrv-randNum1.net' ? if i could use CesidianRoot with DNSSEC via unbound (along with the default ICANN provided TLDs), then i could apply similar method/approach for other root dns server, which are similar. by the way, your irc channel #unbound in irc.freenode.net is very in-active, and some users who did post some messages, instead of helping out, they question the 'question' ! or question the 'user' who is posting the question or asking for help ! instead of asking more about the problem itself, and what can be done to solve it ! very unfriendly attitudes. Most likely these users does not like to help others, or grumpy, or busy with something else, or expecting something else from users. in website, please add sha1, sha256 hash/checksum of windows binary files, thanks. Thanks for your all help. ~ Bry8Star.