* [PATCH 3/3] Unbound: Use aggressive NSEC
@ 2018-08-19 18:13 Peter Müller
2018-08-23 13:43 ` Michael Tremer
2018-08-27 15:26 ` [PATCH 3/3 v2] " Peter Müller
0 siblings, 2 replies; 3+ messages in thread
From: Peter Müller @ 2018-08-19 18:13 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 728 bytes --]
This avoids some needless lookups to destination domains
with a very high NXDOMAIN rate and reduces load on upstream
servers.
See https://nlnetlabs.nl/documentation/unbound/unbound.conf/
for further details.
Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
---
config/unbound/unbound.conf | 1 +
1 file changed, 1 insertion(+)
diff --git a/config/unbound/unbound.conf b/config/unbound/unbound.conf
index 8b5d34ee3..8ad6bcb03 100644
--- a/config/unbound/unbound.conf
+++ b/config/unbound/unbound.conf
@@ -60,6 +60,7 @@ server:
harden-referral-path: yes
harden-algo-downgrade: no
use-caps-for-id: yes
+ aggressive-nsec: yes
# Harden against DNS cache poisoning
unwanted-reply-threshold: 5000000
--
2.16.4
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH 3/3] Unbound: Use aggressive NSEC
2018-08-19 18:13 [PATCH 3/3] Unbound: Use aggressive NSEC Peter Müller
@ 2018-08-23 13:43 ` Michael Tremer
2018-08-27 15:26 ` [PATCH 3/3 v2] " Peter Müller
1 sibling, 0 replies; 3+ messages in thread
From: Michael Tremer @ 2018-08-23 13:43 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 966 bytes --]
Not sure if this actually makes a difference in reality. It is quite
unlikely to hit a match here.
But I can live with this change.
-Michael
On Sun, 2018-08-19 at 20:13 +0200, Peter Müller wrote:
> This avoids some needless lookups to destination domains
> with a very high NXDOMAIN rate and reduces load on upstream
> servers.
>
> See https://nlnetlabs.nl/documentation/unbound/unbound.conf/
> for further details.
>
> Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
> ---
> config/unbound/unbound.conf | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/config/unbound/unbound.conf b/config/unbound/unbound.conf
> index 8b5d34ee3..8ad6bcb03 100644
> --- a/config/unbound/unbound.conf
> +++ b/config/unbound/unbound.conf
> @@ -60,6 +60,7 @@ server:
> harden-referral-path: yes
> harden-algo-downgrade: no
> use-caps-for-id: yes
> + aggressive-nsec: yes
>
> # Harden against DNS cache poisoning
> unwanted-reply-threshold: 5000000
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH 3/3 v2] Unbound: Use aggressive NSEC
2018-08-19 18:13 [PATCH 3/3] Unbound: Use aggressive NSEC Peter Müller
2018-08-23 13:43 ` Michael Tremer
@ 2018-08-27 15:26 ` Peter Müller
1 sibling, 0 replies; 3+ messages in thread
From: Peter Müller @ 2018-08-27 15:26 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 730 bytes --]
This avoids some needless lookups to destination domains
with a very high NXDOMAIN rate and reduces load on upstream
servers.
See https://nlnetlabs.nl/documentation/unbound/unbound.conf/
for further details.
Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
---
config/unbound/unbound.conf | 1 +
1 file changed, 1 insertion(+)
diff --git a/config/unbound/unbound.conf b/config/unbound/unbound.conf
index 8b5d34ee3..8ad6bcb03 100644
--- a/config/unbound/unbound.conf
+++ b/config/unbound/unbound.conf
@@ -60,6 +60,7 @@ server:
harden-referral-path: yes
harden-algo-downgrade: no
use-caps-for-id: yes
+ aggressive-nsec: yes
# Harden against DNS cache poisoning
unwanted-reply-threshold: 5000000
--
2.16.4
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-08-27 15:26 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-08-19 18:13 [PATCH 3/3] Unbound: Use aggressive NSEC Peter Müller
2018-08-23 13:43 ` Michael Tremer
2018-08-27 15:26 ` [PATCH 3/3 v2] " Peter Müller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox