* [PATCH 2/3 v3] Unbound: Use caps for IDs
@ 2018-08-27 15:29 Peter Müller
0 siblings, 0 replies; only message in thread
From: Peter Müller @ 2018-08-27 15:29 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 875 bytes --]
Attempt to detect DNS spoofing attacks by inserting 0x20-encoded
random bits into upstream queries. Upstream documentation claims
it to be an experimental implementation, it did not cause any trouble
on productive systems here.
See https://nlnetlabs.nl/documentation/unbound/unbound.conf/ for
further details.
Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
---
config/unbound/unbound.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/config/unbound/unbound.conf b/config/unbound/unbound.conf
index fa2ca3fd4..8b5d34ee3 100644
--- a/config/unbound/unbound.conf
+++ b/config/unbound/unbound.conf
@@ -59,7 +59,7 @@ server:
harden-below-nxdomain: yes
harden-referral-path: yes
harden-algo-downgrade: no
- use-caps-for-id: no
+ use-caps-for-id: yes
# Harden against DNS cache poisoning
unwanted-reply-threshold: 5000000
--
2.16.4
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2018-08-27 15:29 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-08-27 15:29 [PATCH 2/3 v3] Unbound: Use caps for IDs Peter Müller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox