From: Peter Müller <peter.mueller@link38.eu>
Date: Mon, 10 Sep 2018 14:21:26 +0000 (+0200)
Subject: Unbound: Use aggressive NSEC
X-Git-Tag: v2.21-core124~31
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8a0585837c4f743676a27ad16212a68b8fb4172b;p=people%2Fstevee%2Fipfire-2.x.git

Unbound: Use aggressive NSEC

This avoids some needless lookups to destination domains
with a very high NXDOMAIN rate and reduces load on upstream
servers.

See https://nlnetlabs.nl/documentation/unbound/unbound.conf/
for further details.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/config/unbound/unbound.conf b/config/unbound/unbound.conf
index 6eaf70a8ea..cda591dab4 100644
--- a/config/unbound/unbound.conf
+++ b/config/unbound/unbound.conf
@@ -60,6 +60,7 @@ server:
 	harden-referral-path: yes
 	harden-algo-downgrade: no
 	use-caps-for-id: yes
+	aggressive-nsec: yes
 
 	# Harden against DNS cache poisoning
 	unwanted-reply-threshold: 1000000