]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/commitdiff
projects / people / pmueller / ipfire-2.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ef2bb43)
Revert "unbound: Deactivate qname-minimization & harden-below-nxdomain"
authorMichael Tremer <michael.tremer@ipfire.org>
Fri, 16 Dec 2016 11:59:59 +0000 (11:59 +0000)
committerMichael Tremer <michael.tremer@ipfire.org>
Fri, 16 Dec 2016 11:59:59 +0000 (11:59 +0000)
This reverts commit 86e9d04bfb73eb256682a567e187fe1e5cdcc3ca.

This seems to be working with unbound 1.6.0 so that this can be
re-enabled for better privacy.

http://lists.ipfire.org/pipermail/development/2016-December/002807.html

config/unbound/unbound.conf patch | blob | blame | history

diff --git a/config/unbound/unbound.conf b/config/unbound/unbound.conf
index c9b01b8f47c3745545b41fc3e51d580bb8853a77..3f724d8f76a81027a3a2b6542fb086a149010229 100644 (file)
--- a/config/unbound/unbound.conf
+++ b/config/unbound/unbound.conf
@@ -42,6 +42,7 @@ server:
        # Privacy Options
        hide-identity: yes
        hide-version: yes
+       qname-minimisation: yes
        minimal-responses: yes
 
        # DNSSEC
@@ -55,6 +56,7 @@ server:
        harden-short-bufsize: no
        harden-large-queries: yes
        harden-dnssec-stripped: yes
+       harden-below-nxdomain: yes
        harden-referral-path: yes
        harden-algo-downgrade: no
        use-caps-for-id: no
Peter's tree of IPFire 2.x