From: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri, 16 Dec 2016 11:59:59 +0000 (+0000)
Subject: Revert "unbound: Deactivate qname-minimization & harden-below-nxdomain"
X-Git-Tag: v2.19-core109^2~55
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c2adb460d66b2d7813bcda533960c9f4c7e89fb2;p=ipfire-2.x.git

Revert "unbound: Deactivate qname-minimization & harden-below-nxdomain"

This reverts commit 86e9d04bfb73eb256682a567e187fe1e5cdcc3ca.

This seems to be working with unbound 1.6.0 so that this can be
re-enabled for better privacy.

http://lists.ipfire.org/pipermail/development/2016-December/002807.html
---

diff --git a/config/unbound/unbound.conf b/config/unbound/unbound.conf
index c9b01b8f47..3f724d8f76 100644
--- a/config/unbound/unbound.conf
+++ b/config/unbound/unbound.conf
@@ -42,6 +42,7 @@ server:
 	# Privacy Options
 	hide-identity: yes
 	hide-version: yes
+	qname-minimisation: yes
 	minimal-responses: yes
 
 	# DNSSEC
@@ -55,6 +56,7 @@ server:
 	harden-short-bufsize: no
 	harden-large-queries: yes
 	harden-dnssec-stripped: yes
+	harden-below-nxdomain: yes
 	harden-referral-path: yes
 	harden-algo-downgrade: no
 	use-caps-for-id: no