B-Root Statement on TLS
2026-04-30
b.root-servers.net commits to offer production DNS service over DNS-over-TLS (DoT) on port 853 (following RFC-8310).
However, we reserve the right to suspend DoT service if it interferes with our primary responsibility of service DNS over UDP and TCP.
B-Root announced experimental TLS service in Feb. 2023.
Testing it
You can test our TLS support using the ISC bind package’s
dig utility, using the +tls option:
$ dig +tls @b.root-servers.net . soa
...
. 86400 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2024082600 1800 900 604800 86400
...
;; SERVER: 170.247.170.2#853(b.root-servers.net) (TLS)
...
PKIX Trust Anchor
The following trust anchor can used to authenticate our servers, or as a file: b.root-servers.net-CA.crt.
-----BEGIN CERTIFICATE-----
MIIEHzCCAoegAwIBAgIUGkzBrzwY0IEo20CQzUDcJ6KslwUwDQYJKoZIhvcNAQEL
BQAwJzElMCMGA1UEAxMcQi1Sb290IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0y
MDA2MjIxNzQ5NTRaFw0zMDA2MjAxNzUwMTFaMCcxJTAjBgNVBAMTHEItUm9vdCBD
ZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGK
AoIBgQDFJZHe3e7y70qN+eoZJdCdnd8zM5XULyl21+DunO+t+9vTUWljU6E/374R
2Kr1iZOcG8qsGaLZwsTVKQ1KcZysk4yFHMnGwMJMSCkC6RQsRLLMFUtEZyShLIq2
WWnvTGX0a4WbRTU2DbDCDv/IQzjwoCx1MA0liLWUTqtu1/Mgh/Ur7zHW2eQLqxqX
HlBLYMSRR4RdxeWBKTI9/ioH3XK5OeAfWQfVN26shsYbvCA3XJBR2KmaYtgnFJYR
/oCz3sHbrvM5zNmmTeYJlou6Bc+ghrUPumZHztqYGomg39DPraVnWVpE2lYF8YXS
HBG4XvgzN8aQ/+PNITqr+1hZJM9YsDNALiIbSPVc0z9DLlArwXcLx3vaER2JUAN4
T49cX60c/IqONKXTWcv1QhDsjZi2W1Z2yW99tyLC47jSdb42fuZI+zbP2Gu8YSEF
7Ovh6/gDLKQQ1iM500AUZ2KhSPxV8rz60aPMMPNQgqa+E3fOyCagP/rsxTWYqDD+
fU9qC3sCAwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDB4QA
MB0GA1UdDgQWBBSE3dxYGgoAmDyoMX/lso64NVnfmjANBgkqhkiG9w0BAQsFAAOC
AYEAqr/uVGcRVnIbTjPD4lm2lKuskbjaMUlxVMmSKq9eWxR3rsVMgZptYwFlDkZ3
kUQ+qqWZVYXZiLTcDn/zW8qRjhMzAH+buQIvHd2ffpHppKcfhF6wclBYal8b0Fgg
O0QxKtaFORCHoafXIl7wWPTMErOM9lNwxugNl4m9E4RcpadABY/734Qhy6Dwcu5s
7FgC+lS7/uWXE+/VBB66xOr2Qc7WhXlXLIDXNXmztgIG5bBtsACzjl1ssmQ0bsn/
JxaJDXCpPuIoOprqX2Xj/+uyqRwTuq++d5v6HeaE621smNahFf6H/Q1egEMUDuQ6
BRnZkZZk5zOamYSdnXXLlD/luOsnXCdY0WRJ6v7hY1f1tLekJ5oE8jDPd0dTEinF
24/LIyl7DT5CUUFARFC72pvcC3qoV8UnJT4G4UPcZEGuGdZF8ELgYPJpjeov1SWX
z4EgqgnYlBuCGYuCcRUlTTWQAyh4Duj2k7Q3xECT4pMBN6VUS/6hMWQnAI374ZI6
ECua
-----END CERTIFICATE-----
Statements on Zone Transfers, DNS Data Sharing, Operational Principles, , Research, Responses, RSSAC001 Compliance,