diff mbox series

[v4,3/3] Unbound: Use aggressive NSEC

Message ID	20180910142126.5265-3-peter.mueller@link38.eu
State	Accepted
Commit	8a0585837c4f743676a27ad16212a68b8fb4172b
Headers	From: =?utf-8?q?Peter_M=C3=BCller?= <peter.mueller@link38.eu> To: development@lists.ipfire.org Subject: [PATCH v4 3/3] Unbound: Use aggressive NSEC Date: Mon, 10 Sep 2018 16:21:26 +0200 Message-Id: <20180910142126.5265-3-peter.mueller@link38.eu> In-Reply-To: <20180910142126.5265-1-peter.mueller@link38.eu> References: <20180910142126.5265-1-peter.mueller@link38.eu> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ipnet: 37.120.160.0/19(-4.96), asn: 197540(-3.96), country: DE(-0.09)]; ASN(0.00)[asn:197540, ipnet:37.120.160.0/19, country:DE]; RCVD_TLS_ALL(0.00)[]; BAYES_HAM(-3.00)[100.00%] Precedence: list Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org>
Series	[v4,1/3] Unbound: Enable DNS cache poisoning mitigation \| [v4,1/3] Unbound: Enable DNS cache poisoning mitigation [v4,2/3] Unbound: Use caps for IDs [v4,3/3] Unbound: Use aggressive NSEC

Commit Message

Peter Müller Sept. 11, 2018, 12:21 a.m. UTC

  This avoids some needless lookups to destination domains
with a very high NXDOMAIN rate and reduces load on upstream
servers.

See https://nlnetlabs.nl/documentation/unbound/unbound.conf/
for further details.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
---
 config/unbound/unbound.conf | 1 +
 1 file changed, 1 insertion(+)

diff mbox series

Patch

diff --git a/config/unbound/unbound.conf b/config/unbound/unbound.conf
index 6eaf70a8e..cda591dab 100644
--- a/config/unbound/unbound.conf
+++ b/config/unbound/unbound.conf
@@ -60,6 +60,7 @@  server:
 	harden-referral-path: yes
 	harden-algo-downgrade: no
 	use-caps-for-id: yes
+	aggressive-nsec: yes
 
 	# Harden against DNS cache poisoning
 	unwanted-reply-threshold: 1000000