[v4,2/3] Unbound: Use caps for IDs
Commit Message
Attempt to detect DNS spoofing attacks by inserting 0x20-encoded
random bits into upstream queries. Upstream documentation claims
it to be an experimental implementation, it did not cause any trouble
on productive systems here.
See https://nlnetlabs.nl/documentation/unbound/unbound.conf/ for
further details.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
---
config/unbound/unbound.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
@@ -59,7 +59,7 @@ server:
harden-below-nxdomain: yes
harden-referral-path: yes
harden-algo-downgrade: no
- use-caps-for-id: no
+ use-caps-for-id: yes
# Harden against DNS cache poisoning
unwanted-reply-threshold: 1000000