]> git.ipfire.org Git - ipfire-2.x.git/blobdiff - config/unbound/unbound.conf
projects / ipfire-2.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Unbound: Enable DNS cache poisoning mitigation
[ipfire-2.x.git] / config / unbound / unbound.conf
diff --git a/config/unbound/unbound.conf b/config/unbound/unbound.conf
index 3f724d8f76a81027a3a2b6542fb086a149010229..ce9ddcd62fecab8900377b745d23c5ad6add8287 100644 (file)
--- a/config/unbound/unbound.conf
+++ b/config/unbound/unbound.conf
@@ -61,6 +61,9 @@ server:
        harden-algo-downgrade: no
        use-caps-for-id: no
 
+       # Harden against DNS cache poisoning
+       unwanted-reply-threshold: 1000000
+
        # Listen on all interfaces
        interface-automatic: yes
        interface: 0.0.0.0
IPFire 2.x development tree