]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/commitdiff
projects / people / pmueller / ipfire-2.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4e4128f)
Unbound: Use aggressive NSEC
authorPeter Müller <peter.mueller@link38.eu>
Mon, 10 Sep 2018 14:21:26 +0000 (16:21 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Mon, 10 Sep 2018 15:34:30 +0000 (16:34 +0100)
This avoids some needless lookups to destination domains
with a very high NXDOMAIN rate and reduces load on upstream
servers.

See https://nlnetlabs.nl/documentation/unbound/unbound.conf/
for further details.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
config/unbound/unbound.conf patch | blob | blame | history

diff --git a/config/unbound/unbound.conf b/config/unbound/unbound.conf
index 6eaf70a8eaef8082e9a92a4cbf9c6b2d578d2715..cda591dab4dd862f00f06aa010486ac2f0c181d0 100644 (file)
--- a/config/unbound/unbound.conf
+++ b/config/unbound/unbound.conf
@@ -60,6 +60,7 @@ server:
        harden-referral-path: yes
        harden-algo-downgrade: no
        use-caps-for-id: yes
+       aggressive-nsec: yes
 
        # Harden against DNS cache poisoning
        unwanted-reply-threshold: 1000000
Peter's tree of IPFire 2.x