This patchset does not apply.

On Mon, 2018-08-27 at 17:29 +0200, Peter Müller wrote:
> By default, Unbound neither keeps track of the number of unwanted
> replies nor initiates countermeasures if they become too large (DNS
> cache poisoning).
> 
> This sets the maximum number of tolerated unwanted replies to
> 1M, causing the cache to be flushed afterwards. (Upstream documentation
> recommends 10M as a threshold, but this turned out to be ineffective
> against attacks in the wild.)
> 
> See https://nlnetlabs.nl/documentation/unbound/unbound.conf/ for
> details. This version of the patch uses 1M as threshold instead of
> 5M and supersedes the first version.
> 
> Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
> ---
>  config/unbound/unbound.conf | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/config/unbound/unbound.conf b/config/unbound/unbound.conf
> index 3f724d8f7..fa2ca3fd4 100644
> --- a/config/unbound/unbound.conf
> +++ b/config/unbound/unbound.conf
> @@ -61,6 +61,9 @@ server:
>  	harden-algo-downgrade: no
>  	use-caps-for-id: no
>  
> +	# Harden against DNS cache poisoning
> +	unwanted-reply-threshold: 1000000
> +
>  	# Listen on all interfaces
>  	interface-automatic: yes
>  	interface: 0.0.0.0