From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@link38.eu>
To: development@lists.ipfire.org
Subject: [PATCH 3/3 v3] Unbound: Use aggressive NSEC
Date: Mon, 27 Aug 2018 17:29:45 +0200
Message-ID: <fe989732-7d8c-b706-a694-5b03669fccfd@link38.eu>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============8683772607185957550=="
List-Id: <development.lists.ipfire.org>

--===============8683772607185957550==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit

This avoids some needless lookups to destination domains
with a very high NXDOMAIN rate and reduces load on upstream
servers.

See https://nlnetlabs.nl/documentation/unbound/unbound.conf/
for further details.

Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
---
 config/unbound/unbound.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/unbound/unbound.conf b/config/unbound/unbound.conf
index 8b5d34ee3..8ad6bcb03 100644
--- a/config/unbound/unbound.conf
+++ b/config/unbound/unbound.conf
@@ -60,6 +60,7 @@ server:
 	harden-referral-path: yes
 	harden-algo-downgrade: no
 	use-caps-for-id: yes
+	aggressive-nsec: yes
 
 	# Harden against DNS cache poisoning
 	unwanted-reply-threshold: 5000000
-- 
2.16.4


--===============8683772607185957550==--