Why?

> This patchset does not apply.
> 
> On Mon, 2018-08-27 at 17:29 +0200, Peter Müller wrote:
>> By default, Unbound neither keeps track of the number of unwanted
>> replies nor initiates countermeasures if they become too large (DNS
>> cache poisoning).
>>
>> This sets the maximum number of tolerated unwanted replies to
>> 1M, causing the cache to be flushed afterwards. (Upstream documentation
>> recommends 10M as a threshold, but this turned out to be ineffective
>> against attacks in the wild.)
>>
>> See https://nlnetlabs.nl/documentation/unbound/unbound.conf/ for
>> details. This version of the patch uses 1M as threshold instead of
>> 5M and supersedes the first version.
>>
>> Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
>> ---
>>  config/unbound/unbound.conf | 3 +++
>>  1 file changed, 3 insertions(+)
>>
>> diff --git a/config/unbound/unbound.conf b/config/unbound/unbound.conf
>> index 3f724d8f7..fa2ca3fd4 100644
>> --- a/config/unbound/unbound.conf
>> +++ b/config/unbound/unbound.conf
>> @@ -61,6 +61,9 @@ server:
>>  	harden-algo-downgrade: no
>>  	use-caps-for-id: no
>>  
>> +	# Harden against DNS cache poisoning
>> +	unwanted-reply-threshold: 1000000
>> +
>>  	# Listen on all interfaces
>>  	interface-automatic: yes
>>  	interface: 0.0.0.0
> 

-- 
Microsoft DNS service terminates abnormally when it recieves a response
to a DNS query that was never made.  Fix Information: Run your DNS
service on a different platform.
		-- bugtraq