harden-below-nxdomain: yes
harden-referral-path: yes
harden-algo-downgrade: no
- use-caps-for-id: no
+ use-caps-for-id: yes
+ aggressive-nsec: yes
+
+ # Harden against DNS cache poisoning
+ unwanted-reply-threshold: 1000000
# Listen on all interfaces
interface-automatic: yes