This avoids some needless lookups to destination domains with a very high NXDOMAIN rate and reduces load on upstream servers.
See https://nlnetlabs.nl/documentation/unbound/unbound.conf/ for further details.
Signed-off-by: Peter Müller peter.mueller@link38.eu --- config/unbound/unbound.conf | 1 + 1 file changed, 1 insertion(+)
diff --git a/config/unbound/unbound.conf b/config/unbound/unbound.conf index 6eaf70a8e..cda591dab 100644 --- a/config/unbound/unbound.conf +++ b/config/unbound/unbound.conf @@ -60,6 +60,7 @@ server: harden-referral-path: yes harden-algo-downgrade: no use-caps-for-id: yes + aggressive-nsec: yes
# Harden against DNS cache poisoning unwanted-reply-threshold: 1000000