From: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Date: Fri, 10 Nov 2023 11:20:50 +0000 (+0100)
Subject: rec: change default of nsec3-max-iterations to 50
X-Git-Tag: rec-5.0.0-rc1~50^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a4873088752f4a7fff57b9c1f1817f8573757758;p=thirdparty%2Fpdns.git

rec: change default of nsec3-max-iterations to 50
---

diff --git a/pdns/recursordist/settings/table.py b/pdns/recursordist/settings/table.py
index f1809dc440..a4778bdb08 100644
--- a/pdns/recursordist/settings/table.py
+++ b/pdns/recursordist/settings/table.py
@@ -1811,14 +1811,15 @@ without consulting authoritative servers.
         'name' : 'nsec3_max_iterations',
         'section' : 'dnssec',
         'type' : LType.Uint64,
-        'default' : '150',
+        'default' : '50',
         'help' : 'Maximum number of iterations allowed for an NSEC3 record',
         'doc' : '''
 Maximum number of iterations allowed for an NSEC3 record.
-If an answer containing an NSEC3 record with more iterations is received, its DNSSEC validation status is treated as Insecure.
+If an answer containing an NSEC3 record with more iterations is received, its DNSSEC validation status is treated as ``Insecure``.
  ''',
         'versionadded': '4.1.0',
-        'versionchanged': ('4.5.2', 'Default is now 150, was 2500 before.')
+        'versionchanged': [('4.5.2', 'Default is now 150, was 2500 before.'),
+                           ('5.0.0', 'Default is now 50, was 150 before.')]
     },
     {
         'name' : 'ttl',