mirror of
https://github.com/NLnetLabs/unbound.git
synced 2024-09-21 14:47:09 +00:00
- Added documentation for aggressive-nsec: yes.
git-svn-id: file:///svn/unbound/trunk@4575 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
parent
b8c60d092f
commit
5e6c2e37ca
@ -1,3 +1,6 @@
|
||||
12 March 2018: Wouter
|
||||
- Added documentation for aggressive-nsec: yes.
|
||||
|
||||
9 March 2018: Wouter
|
||||
- Fix #3598: Fix swig build issue on rhel6 based system.
|
||||
configure --disable-swig-version-check stops the swig version check.
|
||||
|
@ -380,6 +380,10 @@ server:
|
||||
# This option only has effect when qname-minimisation is enabled.
|
||||
# qname-minimisation-strict: no
|
||||
|
||||
# Aggressive NSEC uses the DNSSEC NSEC chain to synthesize NXDOMAIN
|
||||
# and other denials, using information from previous NXDOMAINs answers.
|
||||
# aggressive-nsec: no
|
||||
|
||||
# Use 0x20-encoded random bits in the query to foil spoof attempts.
|
||||
# This feature is an experimental implementation of draft dns-0x20.
|
||||
# use-caps-for-id: no
|
||||
|
@ -725,6 +725,12 @@ potentially broken nameservers. A lot of domains will not be resolvable when
|
||||
this option in enabled. Only use if you know what you are doing.
|
||||
This option only has effect when qname-minimisation is enabled. Default is off.
|
||||
.TP
|
||||
.B aggressive\-nsec: \fI<yes or no>
|
||||
Aggressive NSEC uses the DNSSEC NSEC chain to synthesize NXDOMAIN
|
||||
and other denials, using information from previous NXDOMAINs answers.
|
||||
Default is off. It helps to reduce the query rate towards targets that get
|
||||
a very high nonexistant name lookup rate.
|
||||
.TP
|
||||
.B private\-address: \fI<IP address or subnet>
|
||||
Give IPv4 of IPv6 addresses or classless subnets. These are addresses
|
||||
on your private network, and are not allowed to be returned for
|
||||
|
Loading…
Reference in New Issue
Block a user