- Set defaults to yes for a number of options to increase speed and

resilience of the server. The so-reuseport, harden-below-nxdomain, and minimal-responses options are enabled by default. They used to be disabled by default, waiting to make sure they worked. They are enabled by default now, and can be disabled explicitly by setting them to "no" in the unbound.conf config file. The reuseport and minimal options increases speed of the server, and should be otherwise harmless. The harden-below-nxdomain option works well together with the recently default enabled qname minimisation, this causes more fetches to use information from the cache. git-svn-id: file:///svn/unbound/trunk@4871 be551aaa-1e26-0410-a405-d3ace91eadb9
2024-09-21 06:37:08 +00:00 · 2018-08-27 13:18:19 +00:00 · 2018-08-27 13:18:19 +00:00 · e0745813f4
commit e0745813f4
parent 0171d06aa2
109 changed files with 136 additions and 12 deletions
--- a/doc/Changelog
+++ b/doc/Changelog
@ -1,3 +1,15 @@
+27 August 2018: Wouter
+	- Set defaults to yes for a number of options to increase speed and
+	  resilience of the server.  The so-reuseport, harden-below-nxdomain,
+	  and minimal-responses options are enabled by default.  They used
+	  to be disabled by default, waiting to make sure they worked.  They
+	  are enabled by default now, and can be disabled explicitly by
+	  setting them to "no" in the unbound.conf config file.  The reuseport
+	  and minimal options increases speed of the server, and should be
+	  otherwise harmless.  The harden-below-nxdomain option works well
+	  together with the recently default enabled qname minimisation, this
+	  causes more fetches to use information from the cache.
+
 22 August 2018: George
 	- #4140: Expose repinfo (comm_reply) to the inplace_callbacks. This
 	  gives access to reply information for the client's communication
--- a/doc/example.conf.in
+++ b/doc/example.conf.in
@ -103,7 +103,7 @@ server:
 	# so-sndbuf: 0

 	# use SO_REUSEPORT to distribute queries over threads.
-	# so-reuseport: no
+	# so-reuseport: yes

 	# use IP_TRANSPARENT so the interface: addresses can be non-local
 	# and you can config non-existing IPs that are going to work later on
@ -373,7 +373,7 @@ server:
 	# harden-dnssec-stripped: yes

 	# Harden against queries that fall under dnssec-signed nxdomain names.
-	# harden-below-nxdomain: no
+	# harden-below-nxdomain: yes

 	# Harden the referral path by performing additional queries for
 	# infrastructure data.  Validates the replies (if possible).
@ -454,7 +454,7 @@ server:

 	# if yes, Unbound doesn't insert authority/additional sections
 	# into response messages when those sections are not required.
-	# minimal-responses: no
+	# minimal-responses: yes

 	# true to disable DNSSEC lameness check in iterator.
 	# disable-dnssec-lame-check: no
--- a/doc/unbound.conf.5.in
+++ b/doc/unbound.conf.5.in
@ -278,9 +278,9 @@ to so\-rcvbuf.
 .B so\-reuseport: \fI<yes or no>
 If yes, then open dedicated listening sockets for incoming queries for each
 thread and try to set the SO_REUSEPORT socket option on each socket.  May
-distribute incoming queries to threads more evenly.  Default is no.  On Linux
-it is supported in kernels >= 3.9.  On other systems, FreeBSD, OSX it may
-also work.  You can enable it (on any platform and kernel),
+distribute incoming queries to threads more evenly.  Default is yes.
+On Linux it is supported in kernels >= 3.9.  On other systems, FreeBSD, OSX
+it may also work.  You can enable it (on any platform and kernel),
 it then attempts to open the port and passes the option if it was available
 at compile time, if that works it is used, if it fails, it continues
 silently (unless verbosity 3) without the option.
@ -747,7 +747,7 @@ noerror for empty nonterminals, hence this is possible.  Very old software
 might return nxdomain for empty nonterminals (that usually happen for reverse
 IP address lookups), and thus may be incompatible with this.  To try to avoid
 this only DNSSEC-secure nxdomains are used, because the old software does not
-have DNSSEC.  Default is off.
+have DNSSEC.  Default is on.
 The nxdomain must be secure, this means nsec3 with optout is insufficient.
 .TP
 .B harden\-referral\-path: \fI<yes or no>
@ -861,9 +861,11 @@ from the query ID, for speed and thread safety).  Default is no.
 If yes, Unbound doesn't insert authority/additional sections into response
 messages when those sections are not required.  This reduces response
 size significantly, and may avoid TCP fallback for some responses.
-This may cause a slight speedup.  The default is no, because the DNS
+This may cause a slight speedup.  The default is yes, even though the DNS
 protocol RFCs mandate these sections, and the additional content could
-be of use and save roundtrips for clients.
+be of use and save roundtrips for clients.  Because they are not used,
+and the saved roundtrips are easier saved with prefetch, whilst this is
+faster.
 .TP
 .B disable-dnssec-lame-check: \fI<yes or no>
 If true, disables the DNSSEC lameness check in the iterator.  This check
--- a/testdata/autotrust_init.rpl
+++ b/testdata/autotrust_init.rpl
@ -4,6 +4,7 @@ server:
 	log-time-ascii: yes
 	fake-sha1: yes
 	trust-anchor-signaling: no
+	minimal-responses: no
 stub-zone:
 	name: "."
 	stub-addr: 193.0.14.129         # K.ROOT-SERVERS.NET.
--- a/testdata/autotrust_init_ds.rpl
+++ b/testdata/autotrust_init_ds.rpl
@ -4,6 +4,7 @@ server:
 	log-time-ascii: yes
 	fake-sha1: yes
 	trust-anchor-signaling: no
+	minimal-responses: no
 stub-zone:
 	name: "."
 	stub-addr: 193.0.14.129         # K.ROOT-SERVERS.NET.
--- a/testdata/autotrust_init_sigs.rpl
+++ b/testdata/autotrust_init_sigs.rpl
@ -4,6 +4,7 @@ server:
 	log-time-ascii: yes
 	fake-sha1: yes
 	trust-anchor-signaling: no
+	minimal-responses: no
 stub-zone:
 	name: "."
 	stub-addr: 193.0.14.129         # K.ROOT-SERVERS.NET.
--- a/testdata/autotrust_init_zsk.rpl
+++ b/testdata/autotrust_init_zsk.rpl
@ -4,6 +4,7 @@ server:
 	log-time-ascii: yes
 	fake-sha1: yes
 	trust-anchor-signaling: no
+	minimal-responses: no
 stub-zone:
 	name: "."
 	stub-addr: 193.0.14.129         # K.ROOT-SERVERS.NET.
--- a/testdata/black_data.rpl
+++ b/testdata/black_data.rpl
@ -7,6 +7,7 @@ server:
 	qname-minimisation: "no"
 	fake-sha1: yes
 	trust-anchor-signaling: no
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/black_prime.rpl
+++ b/testdata/black_prime.rpl
@ -7,6 +7,7 @@ server:
 	qname-minimisation: "no"
 	fake-sha1: yes
 	trust-anchor-signaling: no
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/dlv_anchor.rpl
+++ b/testdata/dlv_anchor.rpl
@ -7,6 +7,7 @@ server:
 	qname-minimisation: "no"
 	fake-sha1: yes
 	trust-anchor-signaling: no
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/dlv_ask_higher.rpl
+++ b/testdata/dlv_ask_higher.rpl
@ -7,6 +7,7 @@ server:
 	qname-minimisation: "no"
 	fake-sha1: yes
 	trust-anchor-signaling: no
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/dlv_below_ta.rpl
+++ b/testdata/dlv_below_ta.rpl
@ -8,6 +8,7 @@ server:
 	qname-minimisation: "no"
 	fake-sha1: yes
 	trust-anchor-signaling: no
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/dlv_delegation.rpl
+++ b/testdata/dlv_delegation.rpl
@ -7,6 +7,7 @@ server:
 	qname-minimisation: "no"
 	fake-sha1: yes
 	trust-anchor-signaling: no
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/dlv_insecure.rpl
+++ b/testdata/dlv_insecure.rpl
@ -8,6 +8,7 @@ server:
 	qname-minimisation: "no"
 	fake-sha1: yes
 	trust-anchor-signaling: no
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/dlv_insecure_negcache.rpl
+++ b/testdata/dlv_insecure_negcache.rpl
@ -8,6 +8,7 @@ server:
 	qname-minimisation: "no"
 	fake-sha1: yes
 	trust-anchor-signaling: no
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/dlv_remove_empty.rpl
+++ b/testdata/dlv_remove_empty.rpl
@ -5,6 +5,7 @@ server:
 	val-override-date: "20070916134226"
 	target-fetch-policy: "0 0 0 0 0"
 	fake-sha1: yes
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/dlv_remove_nodel.rpl
+++ b/testdata/dlv_remove_nodel.rpl
@ -6,6 +6,7 @@ server:
 	val-override-date: "20070916134226"
 	target-fetch-policy: "0 0 0 0 0"
 	fake-sha1: yes
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/dlv_remove_pos.rpl
+++ b/testdata/dlv_remove_pos.rpl
@ -8,6 +8,7 @@ server:
 	qname-minimisation: "no"
 	fake-sha1: yes
 	trust-anchor-signaling: no
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/dlv_unused.rpl
+++ b/testdata/dlv_unused.rpl
@ -7,6 +7,7 @@ server:
 	target-fetch-policy: "0 0 0 0 0"
 	fake-sha1: yes
 	trust-anchor-signaling: no
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/dns64_lookup.rpl
+++ b/testdata/dns64_lookup.rpl
@ -4,6 +4,7 @@ server:
 	qname-minimisation: "no"
 	module-config: "dns64 validator iterator"
 	dns64-prefix: 64:ff9b::0/96
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/domain_insec_dlv.rpl
+++ b/testdata/domain_insec_dlv.rpl
@ -5,6 +5,7 @@ server:
 	domain-insecure: "example.net"
 	val-override-date: "20070916134226"
 	target-fetch-policy: "0 0 0 0 0"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/fetch_glue.rpl
+++ b/testdata/fetch_glue.rpl
@ -2,6 +2,7 @@
 server:
 	target-fetch-policy: "0 0 0 0 0"
 	qname-minimisation: "no"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/fetch_glue_cname.rpl
+++ b/testdata/fetch_glue_cname.rpl
@ -2,6 +2,7 @@
 server:
 	target-fetch-policy: "0 0 0 0 0"
 	qname-minimisation: "no"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/fwd_cached.rpl
+++ b/testdata/fwd_cached.rpl
@ -1,5 +1,7 @@
 ; This is a comment.
 ; config options go here.
+server:
+	minimal-responses: no
 forward-zone: name: "." forward-addr: 216.0.0.1
 CONFIG_END

--- a/testdata/iter_class_any.rpl
+++ b/testdata/iter_class_any.rpl
@ -7,6 +7,7 @@ server:
 	qname-minimisation: "no"
 	fake-sha1: yes
 	trust-anchor-signaling: no
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_cycle_noh.rpl
+++ b/testdata/iter_cycle_noh.rpl
@ -3,6 +3,7 @@ server:
 	harden-glue: "no"
 	target-fetch-policy: "0 0 0 0 0"
 	qname-minimisation: "no"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_dname_insec.rpl
+++ b/testdata/iter_dname_insec.rpl
@ -3,6 +3,7 @@ server:
 	harden-referral-path: no
 	target-fetch-policy: "0 0 0 0 0"
 	qname-minimisation: "no"
+	minimal-responses: no

 stub-zone:
        name: "."
--- a/testdata/iter_domain_sale.rpl
+++ b/testdata/iter_domain_sale.rpl
@ -1,6 +1,7 @@
 ; config options
 server:
 	target-fetch-policy: "0 0 0 0 0"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_domain_sale_nschange.rpl
+++ b/testdata/iter_domain_sale_nschange.rpl
@ -1,6 +1,7 @@
 ; config options
 server:
 	target-fetch-policy: "0 0 0 0 0"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_emptydp.rpl
+++ b/testdata/iter_emptydp.rpl
@ -7,6 +7,7 @@ server:
 	qname-minimisation: "no"
 	fake-sha1: yes
 	trust-anchor-signaling: no
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_emptydp_for_glue.rpl
+++ b/testdata/iter_emptydp_for_glue.rpl
@ -7,6 +7,7 @@ server:
 	qname-minimisation: "no"
 	fake-sha1: yes
 	trust-anchor-signaling: no
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_fwdfirst.rpl
+++ b/testdata/iter_fwdfirst.rpl
@ -1,6 +1,7 @@
 ; config options
 server:
 	target-fetch-policy: "0 0 0 0 0"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_fwdfirstequal.rpl
+++ b/testdata/iter_fwdfirstequal.rpl
@ -1,6 +1,7 @@
 ; config options
 server:
 	target-fetch-policy: "0 0 0 0 0"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_fwdstub.rpl
+++ b/testdata/iter_fwdstub.rpl
@ -1,6 +1,7 @@
 ; config options
 server:
 	target-fetch-policy: "0 0 0 0 0"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_fwdstubroot.rpl
+++ b/testdata/iter_fwdstubroot.rpl
@ -1,6 +1,7 @@
 ; config options
 server:
 	target-fetch-policy: "0 0 0 0 0"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_got6only.rpl
+++ b/testdata/iter_got6only.rpl
@ -3,6 +3,7 @@ server:
 	do-ip6: no
 	target-fetch-policy: "0 0 0 0 0 "
 	qname-minimisation: "no"
+	minimal-responses: no
 stub-zone:
 	name: "."
 	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
--- a/testdata/iter_hint_lame.rpl
+++ b/testdata/iter_hint_lame.rpl
@ -2,6 +2,7 @@
 server:
 	target-fetch-policy: "0 0 0 0 0"
 	qname-minimisation: "no"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_lame_noaa.rpl
+++ b/testdata/iter_lame_noaa.rpl
@ -3,6 +3,7 @@ server:
 	harden-referral-path: no
 	target-fetch-policy: "0 0 0 0 0"
 	qname-minimisation: "no"
+	minimal-responses: no

 stub-zone:
        name: "."
--- a/testdata/iter_lame_nosoa.rpl
+++ b/testdata/iter_lame_nosoa.rpl
@ -1,6 +1,7 @@
 ; config options
 server:
 	target-fetch-policy: "0 0 0 0 0"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_mod.rpl
+++ b/testdata/iter_mod.rpl
@ -3,6 +3,7 @@ server:
 	target-fetch-policy: "0 0 0 0 0"
 	qname-minimisation: "no"
 	module-config: "iterator"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_ns_badip.rpl
+++ b/testdata/iter_ns_badip.rpl
@ -2,6 +2,7 @@
 server:
 	target-fetch-policy: "3 2 1 0 0"
 	qname-minimisation: "no"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_ns_spoof.rpl
+++ b/testdata/iter_ns_spoof.rpl
@ -3,6 +3,7 @@ server:
 	harden-referral-path: yes
 	target-fetch-policy: "0 0 0 0 0"
 	qname-minimisation: "no"
+	minimal-responses: no
 stub-zone:
 	name: "."
 	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
--- a/testdata/iter_pc_a.rpl
+++ b/testdata/iter_pc_a.rpl
@ -1,6 +1,7 @@
 ; config options
 server:
 	target-fetch-policy: "0 0 0 0 0"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_pc_aaaa.rpl
+++ b/testdata/iter_pc_aaaa.rpl
@ -1,6 +1,7 @@
 ; config options
 server:
 	target-fetch-policy: "0 0 0 0 0"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_pcdiff.rpl
+++ b/testdata/iter_pcdiff.rpl
@ -1,6 +1,7 @@
 ; config options
 server:
 	target-fetch-policy: "0 0 0 0 0"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_pcdirect.rpl
+++ b/testdata/iter_pcdirect.rpl
@ -2,6 +2,7 @@
 server:
 	target-fetch-policy: "0 0 0 0 0"
 	qname-minimisation: "no"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_pcname.rpl
+++ b/testdata/iter_pcname.rpl
@ -1,6 +1,7 @@
 ; config options
 server:
 	target-fetch-policy: "0 0 0 0 0"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_pcnamech.rpl
+++ b/testdata/iter_pcnamech.rpl
@ -1,6 +1,7 @@
 ; config options
 server:
 	target-fetch-policy: "0 0 0 0 0"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_pcnamechrec.rpl
+++ b/testdata/iter_pcnamechrec.rpl
@ -1,6 +1,7 @@
 ; config options
 server:
 	target-fetch-policy: "0 0 0 0 0"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_pcnamerec.rpl
+++ b/testdata/iter_pcnamerec.rpl
@ -1,6 +1,7 @@
 ; config options
 server:
 	target-fetch-policy: "0 0 0 0 0"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_pcttl.rpl
+++ b/testdata/iter_pcttl.rpl
@ -2,6 +2,7 @@
 server:
 	target-fetch-policy: "0 0 0 0 0"
 	do-ip6: no
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_prefetch.rpl
+++ b/testdata/iter_prefetch.rpl
@ -3,6 +3,7 @@ server:
 	target-fetch-policy: "0 0 0 0 0"
 	qname-minimisation: "no"
 	prefetch: "yes"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_prefetch_change.rpl
+++ b/testdata/iter_prefetch_change.rpl
@ -2,6 +2,7 @@
 server:
 	target-fetch-policy: "0 0 0 0 0"
 	prefetch: "yes"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_prefetch_change2.rpl
+++ b/testdata/iter_prefetch_change2.rpl
@ -2,6 +2,7 @@
 server:
 	target-fetch-policy: "0 0 0 0 0"
 	prefetch: "yes"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_prefetch_childns.rpl
+++ b/testdata/iter_prefetch_childns.rpl
@ -3,6 +3,7 @@ server:
 	target-fetch-policy: "0 0 0 0 0"
 	qname-minimisation: "no"
 	prefetch: "yes"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_prefetch_fail.rpl
+++ b/testdata/iter_prefetch_fail.rpl
@ -2,6 +2,7 @@
 server:
 	target-fetch-policy: "0 0 0 0 0"
 	prefetch: "yes"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_prefetch_ns.rpl
+++ b/testdata/iter_prefetch_ns.rpl
@ -3,6 +3,7 @@ server:
 	target-fetch-policy: "0 0 0 0 0"
 	qname-minimisation: "no"
 	prefetch: "yes"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_primenoglue.rpl
+++ b/testdata/iter_primenoglue.rpl
@ -7,6 +7,7 @@ server:
 	qname-minimisation: "no"
 	fake-sha1: yes
 	trust-anchor-signaling: no
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_privaddr.rpl
+++ b/testdata/iter_privaddr.rpl
@ -2,6 +2,7 @@
 server:
 	target-fetch-policy: "0 0 0 0 0"
 	qname-minimisation: "no"
+	minimal-responses: no

 	private-address: 10.0.0.0/8
 	private-address: 172.16.0.0/12
--- a/testdata/iter_ranoaa_lame.rpl
+++ b/testdata/iter_ranoaa_lame.rpl
@ -1,6 +1,7 @@
 ; config options
 server:
 	target-fetch-policy: "0 0 0 0 0"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_reclame_one.rpl
+++ b/testdata/iter_reclame_one.rpl
@ -2,6 +2,7 @@
 server:
 	target-fetch-policy: "0 0 0 0 0"
 	qname-minimisation: "no"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_reclame_two.rpl
+++ b/testdata/iter_reclame_two.rpl
@ -1,6 +1,7 @@
 ; config options
 server:
 	target-fetch-policy: "0 0 0 0 0"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_recurse.rpl
+++ b/testdata/iter_recurse.rpl
@ -2,6 +2,7 @@
 server:
 	target-fetch-policy: "0 0 0 0 0"
 	qname-minimisation: "no"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_resolve.rpl
+++ b/testdata/iter_resolve.rpl
@ -2,6 +2,7 @@
 server:
 	target-fetch-policy: "0 0 0 0 0"
 	qname-minimisation: "no"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_resolve_minimised.rpl
+++ b/testdata/iter_resolve_minimised.rpl
@ -1,6 +1,7 @@
 ; config options
 server:
 	target-fetch-policy: "0 0 0 0 0"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_resolve_minimised_nx.rpl
+++ b/testdata/iter_resolve_minimised_nx.rpl
@ -2,6 +2,7 @@
 server:
 	target-fetch-policy: "0 0 0 0 0"
 	qname-minimisation: yes
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_resolve_minimised_refused.rpl
+++ b/testdata/iter_resolve_minimised_refused.rpl
@ -2,6 +2,7 @@
 server:
 	target-fetch-policy: "0 0 0 0 0"
 	qname-minimisation: yes
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_resolve_minimised_timeout.rpl
+++ b/testdata/iter_resolve_minimised_timeout.rpl
@ -2,6 +2,7 @@
 server:
 	target-fetch-policy: "0 0 0 0 0"
 	qname-minimisation: yes
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_scrub_cname_an.rpl
+++ b/testdata/iter_scrub_cname_an.rpl
@ -3,6 +3,7 @@ server:
 	harden-referral-path: no
 	target-fetch-policy: "0 0 0 0 0"
 	qname-minimisation: "no"
+	minimal-responses: no

 stub-zone:
        name: "."
--- a/testdata/iter_scrub_dname_insec.rpl
+++ b/testdata/iter_scrub_dname_insec.rpl
@ -3,6 +3,7 @@ server:
 	harden-referral-path: no
 	target-fetch-policy: "0 0 0 0 0"
 	qname-minimisation: "no"
+	minimal-responses: no

 stub-zone:
        name: "."
--- a/testdata/iter_scrub_dname_rev.rpl
+++ b/testdata/iter_scrub_dname_rev.rpl
@ -7,6 +7,7 @@ server:
 	qname-minimisation: "no"
 	fake-sha1: yes
 	trust-anchor-signaling: no
+	minimal-responses: no

 stub-zone:
        name: "."
--- a/testdata/iter_scrub_dname_sec.rpl
+++ b/testdata/iter_scrub_dname_sec.rpl
@ -7,6 +7,7 @@ server:
 	qname-minimisation: "no"
 	fake-sha1: yes
 	trust-anchor-signaling: no
+	minimal-responses: no

 stub-zone:
        name: "."
--- a/testdata/iter_soamin.rpl
+++ b/testdata/iter_soamin.rpl
@ -1,6 +1,7 @@
 ; config options
 server:
 	target-fetch-policy: "0 0 0 0 0"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_stub_leak.rpl
+++ b/testdata/iter_stub_leak.rpl
@ -1,6 +1,7 @@
 ; config options
 server:
        target-fetch-policy: "0 0 0 0 0"
+	minimal-responses: no

 stub-zone:
        name: "."
--- a/testdata/iter_stub_noroot.rpl
+++ b/testdata/iter_stub_noroot.rpl
@ -1,6 +1,7 @@
 ; config options
 server:
 	target-fetch-policy: "0 0 0 0 0"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_stubfirst.rpl
+++ b/testdata/iter_stubfirst.rpl
@ -1,6 +1,7 @@
 ; config options
 server:
 	target-fetch-policy: "0 0 0 0 0"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/iter_timeout_ra_aaaa.rpl
+++ b/testdata/iter_timeout_ra_aaaa.rpl
@ -2,6 +2,7 @@
 server:
 	target-fetch-policy: "0 0 0 0 0"
 	qname-minimisation: "no"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/rrset_rettl.rpl
+++ b/testdata/rrset_rettl.rpl
@ -1,5 +1,7 @@
 ; This is a comment.
 ; config options go here.
+server:
+	minimal-responses: no
 forward-zone: name: "." forward-addr: 216.0.0.1
 CONFIG_END

--- a/testdata/rrset_untrusted.rpl
+++ b/testdata/rrset_untrusted.rpl
@ -1,5 +1,7 @@
 ; This is a comment.
 ; config options go here.
+server:
+	minimal-responses: no
 forward-zone: name: "." forward-addr: 216.0.0.1
 CONFIG_END

--- a/testdata/rrset_updated.rpl
+++ b/testdata/rrset_updated.rpl
@ -1,5 +1,7 @@
 ; This is a comment.
 ; config options go here.
+server:
+	minimal-responses: no
 forward-zone: name: "." forward-addr: 216.0.0.1
 CONFIG_END

--- a/testdata/trust_cname_chain.rpl
+++ b/testdata/trust_cname_chain.rpl
@ -1,6 +1,7 @@
 ; config options
 server:
 	target-fetch-policy: "0 0 0 0 0"
+	minimal-responses: no
 stub-zone:
 	name: "."
 	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
--- a/testdata/ttl_max.rpl
+++ b/testdata/ttl_max.rpl
@ -3,6 +3,7 @@ server:
 	access-control: 127.0.0.1 allow_snoop
 	cache-max-ttl: 10
 	qname-minimisation: "no"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/ttl_min.rpl
+++ b/testdata/ttl_min.rpl
@ -3,6 +3,7 @@ server:
 	access-control: 127.0.0.1 allow_snoop
 	cache-min-ttl: 10
 	qname-minimisation: "no"
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/val_adbit.rpl
+++ b/testdata/val_adbit.rpl
@ -7,6 +7,7 @@ server:
 	qname-minimisation: "no"
 	fake-sha1: yes
 	trust-anchor-signaling: no
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/val_adcopy.rpl
+++ b/testdata/val_adcopy.rpl
@ -6,6 +6,7 @@ server:
 	target-fetch-policy: "0 0 0 0 0"
 	qname-minimisation: "no"
 	fake-sha1: yes
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/val_ds_afterprime.rpl
+++ b/testdata/val_ds_afterprime.rpl
@ -7,6 +7,7 @@ server:
 	qname-minimisation: "no"
 	fake-sha1: yes
 	trust-anchor-signaling: no
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/val_faildnskey_ok.rpl
+++ b/testdata/val_faildnskey_ok.rpl
@ -7,6 +7,7 @@ server:
 	target-fetch-policy: "0 0 0 0 0"
 	fake-sha1: yes
 	trust-anchor-signaling: no
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/val_keyprefetch_verify.rpl
+++ b/testdata/val_keyprefetch_verify.rpl
@ -9,6 +9,7 @@ server:
 	prefetch: yes
 	fake-sha1: yes
 	trust-anchor-signaling: no
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/val_noadwhennodo.rpl
+++ b/testdata/val_noadwhennodo.rpl
@ -7,6 +7,7 @@ server:
 	qname-minimisation: "no"
 	fake-sha1: yes
 	trust-anchor-signaling: no
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/val_nsec3_b3_optout.rpl
+++ b/testdata/val_nsec3_b3_optout.rpl
@ -6,6 +6,7 @@ server:
 	qname-minimisation: "no"
 	fake-sha1: yes
 	trust-anchor-signaling: no
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/val_nsec3_b3_optout_negcache.rpl
+++ b/testdata/val_nsec3_b3_optout_negcache.rpl
@ -6,6 +6,7 @@ server:
 	qname-minimisation: "no"
 	fake-sha1: yes
 	trust-anchor-signaling: no
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/val_positive.rpl
+++ b/testdata/val_positive.rpl
@ -7,6 +7,7 @@ server:
 	qname-minimisation: "no"
 	fake-sha1: yes
 	trust-anchor-signaling: no
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/val_qds_badanc.rpl
+++ b/testdata/val_qds_badanc.rpl
@ -6,6 +6,7 @@ server:
 	target-fetch-policy: "0 0 0 0 0"
 	qname-minimisation: "no"
 	fake-sha1: yes
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/val_qds_oneanc.rpl
+++ b/testdata/val_qds_oneanc.rpl
@ -7,6 +7,7 @@ server:
 	qname-minimisation: "no"
 	fake-sha1: yes
 	trust-anchor-signaling: no
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/val_qds_twoanc.rpl
+++ b/testdata/val_qds_twoanc.rpl
@ -8,6 +8,7 @@ server:
 	qname-minimisation: "no"
 	fake-sha1: yes
 	trust-anchor-signaling: no
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/val_referd.rpl
+++ b/testdata/val_referd.rpl
@ -9,6 +9,7 @@ server:
 	qname-minimisation: "no"
 	fake-sha1: yes
 	trust-anchor-signaling: no
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/val_referglue.rpl
+++ b/testdata/val_referglue.rpl
@ -9,6 +9,7 @@ server:
 	qname-minimisation: "no"
 	fake-sha1: yes
 	trust-anchor-signaling: no
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/val_rrsig.rpl
+++ b/testdata/val_rrsig.rpl
@ -6,6 +6,7 @@ server:
 	target-fetch-policy: "0 0 0 0 0"
 	qname-minimisation: "no"
 	fake-sha1: yes
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/val_spurious_ns.rpl
+++ b/testdata/val_spurious_ns.rpl
@ -7,6 +7,7 @@ server:
 	qname-minimisation: "no"
 	fake-sha1: yes
 	trust-anchor-signaling: no
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/testdata/val_stub_noroot.rpl
+++ b/testdata/val_stub_noroot.rpl
@ -7,6 +7,7 @@ server:
 	dlv-anchor: "dlv.isc.org. IN DNSKEY 257 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3"
 	fake-sha1: yes
 	trust-anchor-signaling: no
+	minimal-responses: no

 stub-zone:
 	name: "."
--- a/Show More
+++ b/Show More