mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-09 18:45:54 +02:00
Unbound: Use caps for IDs
Attempt to detect DNS spoofing attacks by inserting 0x20-encoded random bits into upstream queries. Upstream documentation claims it to be an experimental implementation, it did not cause any trouble on productive systems here. See https://nlnetlabs.nl/documentation/unbound/unbound.conf/ for further details. Signed-off-by: Peter Müller <peter.mueller@link38.eu> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Peter Müller
committed by
Michael Tremer
Michael Tremer
parent
ffba3c98ba
commit
4e4128faac
@@ -59,7 +59,7 @@ server:
|
||||
harden-below-nxdomain: yes
|
||||
harden-referral-path: yes
|
||||
harden-algo-downgrade: no
|
||||
use-caps-for-id: no
|
||||
use-caps-for-id: yes
|
||||
|
||||
# Harden against DNS cache poisoning
|
||||
unwanted-reply-threshold: 1000000
|
||||
|
||||
Reference in New Issue
Block a user