Not sure if this actually makes a difference in reality. It is quite
unlikely to hit a match here.

But I can live with this change.

-Michael

On Sun, 2018-08-19 at 20:13 +0200, Peter Müller wrote:
> This avoids some needless lookups to destination domains
> with a very high NXDOMAIN rate and reduces load on upstream
> servers.
> 
> See https://nlnetlabs.nl/documentation/unbound/unbound.conf/
> for further details.
> 
> Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
> ---
>  config/unbound/unbound.conf | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/config/unbound/unbound.conf b/config/unbound/unbound.conf
> index 8b5d34ee3..8ad6bcb03 100644
> --- a/config/unbound/unbound.conf
> +++ b/config/unbound/unbound.conf
> @@ -60,6 +60,7 @@ server:
>  	harden-referral-path: yes
>  	harden-algo-downgrade: no
>  	use-caps-for-id: yes
> +	aggressive-nsec: yes
>  
>  	# Harden against DNS cache poisoning
>  	unwanted-reply-threshold: 5000000