]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blobdiff - config/unbound/unbound.conf
projects / people / pmueller / ipfire-2.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
core125: Ship JSON-C
[people/pmueller/ipfire-2.x.git] / config / unbound / unbound.conf
diff --git a/config/unbound/unbound.conf b/config/unbound/unbound.conf
index 3f724d8f76a81027a3a2b6542fb086a149010229..cda591dab4dd862f00f06aa010486ac2f0c181d0 100644 (file)
--- a/config/unbound/unbound.conf
+++ b/config/unbound/unbound.conf
@@ -59,7 +59,11 @@ server:
        harden-below-nxdomain: yes
        harden-referral-path: yes
        harden-algo-downgrade: no
-       use-caps-for-id: no
+       use-caps-for-id: yes
+       aggressive-nsec: yes
+
+       # Harden against DNS cache poisoning
+       unwanted-reply-threshold: 1000000
 
        # Listen on all interfaces
        interface-automatic: yes
Peter's tree of IPFire 2.x