From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: [PATCH 2/3 v2] Unbound: Use caps for IDs Date: Mon, 27 Aug 2018 17:26:30 +0200 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0779461685573125269==" List-Id: --===============0779461685573125269== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Attempt to detect DNS spoofing attacks by inserting 0x20-encoded random bits into upstream queries. Upstream documentation claims it to be an experimental implementation, it did not cause any trouble on productive systems here. See https://nlnetlabs.nl/documentation/unbound/unbound.conf/ for further details. Signed-off-by: Peter Müller --- config/unbound/unbound.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/unbound/unbound.conf b/config/unbound/unbound.conf index fa2ca3fd4..8b5d34ee3 100644 --- a/config/unbound/unbound.conf +++ b/config/unbound/unbound.conf @@ -59,7 +59,7 @@ server: harden-below-nxdomain: yes harden-referral-path: yes harden-algo-downgrade: no - use-caps-for-id: no + use-caps-for-id: yes # Harden against DNS cache poisoning unwanted-reply-threshold: 5000000 -- 2.16.4 --===============0779461685573125269== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KCmlRSXpCQUVCQ2dBZEZpRUV2UDRTaUdoRVlE SnlyUkxrMlVqeUQzMTduMmdGQWx1RUdDWUFDZ2tRMlVqeUQzMTcKbjJnUGl3LzhEQ1U5WHl3ZGds b3I2Z1MvZWNDay9jTEZxTEhqZVdVSVh3NjlRL3o5Ni8xMzRkc3F5NW84U3ptMApYc2FYc3lOSlpy VE1vdCszbjI1bllVMzVvZDdzcTBIVVI3VGFoQkhoNW9Sd0VrMXFqTlJVVzdtUVNzSDlsT3lJClJR YmtNRENmZzgvaTVHT1ROM3JmeXg3ZXE0cEtuMzVtcytoRDA0UVlRd0psM3ZpTVIvS21UYVhoNENs NGNMc0gKU29MRDNZdEJ4YWM2c1VxMGp5Um5kSVRxb25ES1hTYm5ObjBWMVk4ZEhWbEQvS2RldFh0 ZGQzaUc2b2dTUDNRSQo2ZjU3RjNmNERFbmRrNnRIVUgvekZRUnUvSm9SbGpJUXNSajBrNTFMUW5i V2RkY3lQWThoRnliZGR5elJvUU93CldWUU1CS2VUdTVxQXZJNzIvOXR0SHJEaThhSDFWT0srUlh1 Y3luSkwwWFdkbUVNN0tTNGlzd0xzVmhuYTFhWC8KYVpWRloybTZ0UE1iZUpFVzhNcUNxc2NYWWRt TDdkL0hIZmFQbS9Hd3NDcVRramRxV1V4cnV2bVZmam5CSGk5aQpJQ1pPTUsreVozQ3ZDWnFZVElu MEs2ZE5zUUdGNmRCZGlrMVR3Z1VhamRhd294SXFpd09DdGV0bDd4dTluWjhuCmlVSEFucEg3OGg3 ZzdvdHlCYkdFbWJQZzlNQzQyc3NFbVpqc2ZGbTRYc0t3RlFxOGxiN1JHOWxUMitFU0VUeDQKalBS THk1bG95R0t3cTNTaEFMbHVFUWF0Ri9zY0RVTXFjQmdLRmZxY2tNcytNRTRFaHFiY28rQ3h0eHFR ZU5HQgpDSEQ3d1JROEk2TmZWbVhuSmpMdmFrV0l3c1ZCSy9CTEl6SE0zWFdzaEExNzlSNFdUYzA9 Cj1zR1lyCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQo= --===============0779461685573125269==--