Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
harden-algo-downgrade: no
use-caps-for-id: yes
aggressive-nsec: yes
+ qname-minimisation: yes
# TLS
tls-cert-bundle: /etc/ssl/certs/ca-bundle.crt
(
config_header
+ # Enable strict QNAME minimisation
+ if [ "${QNAME_MIN}" = "strict" ]; then
+ echo "server:"
+ echo " qname-minimisation-strict: yes"
+ echo
+ fi
+
# Force using TCP for upstream servers only
if [ "${PROTO}" = "TCP" ]; then
echo "# Force using TCP for upstream servers only"