- TTL change: TTL decoding was updated to adhere to RFC8767 section 4
where a 'set high-order bit' means the value is positive instead of
0.
+ - unbound.conf manpage: explicitly mention RFC6891.
18 September 2025: Wouter
- Tag for 1.24.0 release. Includes the fixes below after rc1.
.B harden\-short\-bufsize: \fI<yes or no>\fP
Very small EDNS buffer sizes from queries are ignored.
.sp
-Default: yes (as described in the standard)
+Default: yes (per \fI\%RFC 6891\fP)
.UNINDENT
.INDENT 0.0
.TP
\fI\%serve\-expired\-client\-timeout\fP
is also used then it is RECOMMENDED to use 30 as the value (\fI\%RFC 8767\fP).
.sp
+This value is capped by the original TTL of the record.
+This means that records with higher original TTL than this value will use
+this value for expired replies.
+Records with lower original TTL than this value will use their original TTL
+for expired replies.
+.sp
Default: 30
.UNINDENT
.INDENT 0.0
@@UAHL@unbound.conf@harden-short-bufsize@@: *<yes or no>*
Very small EDNS buffer sizes from queries are ignored.
- Default: yes (as described in the standard)
+ Default: yes (per :rfc:`6891`)
@@UAHL@unbound.conf@harden-large-queries@@: *<yes or no>*
projects / thirdparty / unbound.git / commitdiff
