From c2adb460d66b2d7813bcda533960c9f4c7e89fb2 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri, 16 Dec 2016 11:59:59 +0000
Subject: [PATCH] Revert "unbound: Deactivate qname-minimization &
 harden-below-nxdomain"

This reverts commit 86e9d04bfb73eb256682a567e187fe1e5cdcc3ca.

This seems to be working with unbound 1.6.0 so that this can be
re-enabled for better privacy.

http://lists.ipfire.org/pipermail/development/2016-December/002807.html
---
 config/unbound/unbound.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/config/unbound/unbound.conf b/config/unbound/unbound.conf
index c9b01b8f47..3f724d8f76 100644
--- a/config/unbound/unbound.conf
+++ b/config/unbound/unbound.conf
@@ -42,6 +42,7 @@ server:
 	# Privacy Options
 	hide-identity: yes
 	hide-version: yes
+	qname-minimisation: yes
 	minimal-responses: yes
 
 	# DNSSEC
@@ -55,6 +56,7 @@ server:
 	harden-short-bufsize: no
 	harden-large-queries: yes
 	harden-dnssec-stripped: yes
+	harden-below-nxdomain: yes
 	harden-referral-path: yes
 	harden-algo-downgrade: no
 	use-caps-for-id: no
-- 
2.39.5