From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: [PATCH 2/3 v3] Unbound: Use caps for IDs Date: Mon, 27 Aug 2018 17:29:43 +0200 Message-ID: <2203e7aa-b981-228c-4cf2-f65ccc9a10a8@link38.eu> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4977958949061137316==" List-Id: --===============4977958949061137316== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Attempt to detect DNS spoofing attacks by inserting 0x20-encoded random bits into upstream queries. Upstream documentation claims it to be an experimental implementation, it did not cause any trouble on productive systems here. See https://nlnetlabs.nl/documentation/unbound/unbound.conf/ for further details. Signed-off-by: Peter Müller --- config/unbound/unbound.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/unbound/unbound.conf b/config/unbound/unbound.conf index fa2ca3fd4..8b5d34ee3 100644 --- a/config/unbound/unbound.conf +++ b/config/unbound/unbound.conf @@ -59,7 +59,7 @@ server: harden-below-nxdomain: yes harden-referral-path: yes harden-algo-downgrade: no - use-caps-for-id: no + use-caps-for-id: yes # Harden against DNS cache poisoning unwanted-reply-threshold: 5000000 -- 2.16.4 --===============4977958949061137316==--