[v4,3/3] Unbound: Use aggressive NSEC
Commit Message
This avoids some needless lookups to destination domains
with a very high NXDOMAIN rate and reduces load on upstream
servers.
See https://nlnetlabs.nl/documentation/unbound/unbound.conf/
for further details.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
---
config/unbound/unbound.conf | 1 +
1 file changed, 1 insertion(+)
@@ -60,6 +60,7 @@ server:
harden-referral-path: yes
harden-algo-downgrade: no
use-caps-for-id: yes
+ aggressive-nsec: yes
# Harden against DNS cache poisoning
unwanted-reply-threshold: 1000000