unbound: Deactivate qname-minimization & harden-below-nxdomain

This causes trouble when you try to resolve a record like
a.b.blah.com where b.blah.com responds with NXDOMAIN. unbound
won't try to resolve a.b.blah.com because it is assumed that
everything longer than b.blah.com does not exist which is
probably not good usability.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/unbound/unbound.conf b/config/unbound/unbound.conf
index 3f724d8f76a81027a3a2b6542fb086a149010229..c9b01b8f47c3745545b41fc3e51d580bb8853a77 100644 (file)
--- a/config/unbound/unbound.conf
+++ b/config/unbound/unbound.conf
@@ -42,7 +42,6 @@ server:
        # Privacy Options
        hide-identity: yes
        hide-version: yes
-       qname-minimisation: yes
        minimal-responses: yes
 
        # DNSSEC
@@ -56,7 +55,6 @@ server:
        harden-short-bufsize: no
        harden-large-queries: yes
        harden-dnssec-stripped: yes
-       harden-below-nxdomain: yes
        harden-referral-path: yes
        harden-algo-downgrade: no
        use-caps-for-id: no