From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Fri, 18 Jan 2019 16:23:27 +0000 (+0100)
Subject: Disable trustanchor queries by default
X-Git-Tag: dnsdist-1.4.0-rc1~108^2~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0273d4ab236af23093ed6da0cc0508158f37abfa;p=thirdparty%2Fpdns.git

Disable trustanchor queries by default
---

diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index 24a9a81f45..3d55aeb4e7 100644
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -4230,7 +4230,7 @@ int main(int argc, char **argv)
     ::arg().set("single-socket", "If set, only use a single socket for outgoing queries")="off";
     ::arg().set("auth-zones", "Zones for which we have authoritative data, comma separated domain=file pairs ")="";
     ::arg().set("lua-config-file", "More powerful configuration options")="";
-    ::arg().setSwitch("allow-trust-anchor-query", "Allow queries for trustanchor.server CH TXT")="yes";
+    ::arg().setSwitch("allow-trust-anchor-query", "Allow queries for trustanchor.server CH TXT and negativetrustanchor.server CH TXT")="no";
 
     ::arg().set("forward-zones", "Zones for which we forward queries, comma separated domain=ip pairs")="";
     ::arg().set("forward-zones-recurse", "Zones for which we forward queries with recursion bit, comma separated domain=ip pairs")="";