From e0745813f4fb15bbb2a84d0b8dfdbcd24b9d9b41 Mon Sep 17 00:00:00 2001 From: Wouter Wijngaards Date: Mon, 27 Aug 2018 13:18:19 +0000 Subject: [PATCH] - Set defaults to yes for a number of options to increase speed and resilience of the server. The so-reuseport, harden-below-nxdomain, and minimal-responses options are enabled by default. They used to be disabled by default, waiting to make sure they worked. They are enabled by default now, and can be disabled explicitly by setting them to "no" in the unbound.conf config file. The reuseport and minimal options increases speed of the server, and should be otherwise harmless. The harden-below-nxdomain option works well together with the recently default enabled qname minimisation, this causes more fetches to use information from the cache. git-svn-id: file:///svn/unbound/trunk@4871 be551aaa-1e26-0410-a405-d3ace91eadb9 --- doc/Changelog | 12 ++++++++++++ doc/example.conf.in | 6 +++--- doc/unbound.conf.5.in | 14 ++++++++------ testdata/autotrust_init.rpl | 1 + testdata/autotrust_init_ds.rpl | 1 + testdata/autotrust_init_sigs.rpl | 1 + testdata/autotrust_init_zsk.rpl | 1 + testdata/black_data.rpl | 1 + testdata/black_prime.rpl | 1 + testdata/dlv_anchor.rpl | 1 + testdata/dlv_ask_higher.rpl | 1 + testdata/dlv_below_ta.rpl | 1 + testdata/dlv_delegation.rpl | 1 + testdata/dlv_insecure.rpl | 1 + testdata/dlv_insecure_negcache.rpl | 1 + testdata/dlv_remove_empty.rpl | 1 + testdata/dlv_remove_nodel.rpl | 1 + testdata/dlv_remove_pos.rpl | 1 + testdata/dlv_unused.rpl | 1 + testdata/dns64_lookup.rpl | 1 + testdata/domain_insec_dlv.rpl | 1 + testdata/fetch_glue.rpl | 1 + testdata/fetch_glue_cname.rpl | 1 + testdata/fwd_cached.rpl | 2 ++ testdata/iter_class_any.rpl | 1 + testdata/iter_cycle_noh.rpl | 1 + testdata/iter_dname_insec.rpl | 1 + testdata/iter_domain_sale.rpl | 1 + testdata/iter_domain_sale_nschange.rpl | 1 + testdata/iter_emptydp.rpl | 1 + testdata/iter_emptydp_for_glue.rpl | 1 + testdata/iter_fwdfirst.rpl | 1 + testdata/iter_fwdfirstequal.rpl | 1 + testdata/iter_fwdstub.rpl | 1 + testdata/iter_fwdstubroot.rpl | 1 + testdata/iter_got6only.rpl | 1 + testdata/iter_hint_lame.rpl | 1 + testdata/iter_lame_noaa.rpl | 1 + testdata/iter_lame_nosoa.rpl | 1 + testdata/iter_mod.rpl | 1 + testdata/iter_ns_badip.rpl | 1 + testdata/iter_ns_spoof.rpl | 1 + testdata/iter_pc_a.rpl | 1 + testdata/iter_pc_aaaa.rpl | 1 + testdata/iter_pcdiff.rpl | 1 + testdata/iter_pcdirect.rpl | 1 + testdata/iter_pcname.rpl | 1 + testdata/iter_pcnamech.rpl | 1 + testdata/iter_pcnamechrec.rpl | 1 + testdata/iter_pcnamerec.rpl | 1 + testdata/iter_pcttl.rpl | 1 + testdata/iter_prefetch.rpl | 1 + testdata/iter_prefetch_change.rpl | 1 + testdata/iter_prefetch_change2.rpl | 1 + testdata/iter_prefetch_childns.rpl | 1 + testdata/iter_prefetch_fail.rpl | 1 + testdata/iter_prefetch_ns.rpl | 1 + testdata/iter_primenoglue.rpl | 1 + testdata/iter_privaddr.rpl | 1 + testdata/iter_ranoaa_lame.rpl | 1 + testdata/iter_reclame_one.rpl | 1 + testdata/iter_reclame_two.rpl | 1 + testdata/iter_recurse.rpl | 1 + testdata/iter_resolve.rpl | 1 + testdata/iter_resolve_minimised.rpl | 1 + testdata/iter_resolve_minimised_nx.rpl | 1 + testdata/iter_resolve_minimised_refused.rpl | 1 + testdata/iter_resolve_minimised_timeout.rpl | 1 + testdata/iter_scrub_cname_an.rpl | 1 + testdata/iter_scrub_dname_insec.rpl | 1 + testdata/iter_scrub_dname_rev.rpl | 1 + testdata/iter_scrub_dname_sec.rpl | 1 + testdata/iter_soamin.rpl | 1 + testdata/iter_stub_leak.rpl | 1 + testdata/iter_stub_noroot.rpl | 1 + testdata/iter_stubfirst.rpl | 1 + testdata/iter_timeout_ra_aaaa.rpl | 1 + testdata/rrset_rettl.rpl | 2 ++ testdata/rrset_untrusted.rpl | 2 ++ testdata/rrset_updated.rpl | 2 ++ testdata/trust_cname_chain.rpl | 1 + testdata/ttl_max.rpl | 1 + testdata/ttl_min.rpl | 1 + testdata/val_adbit.rpl | 1 + testdata/val_adcopy.rpl | 1 + testdata/val_ds_afterprime.rpl | 1 + testdata/val_faildnskey_ok.rpl | 1 + testdata/val_keyprefetch_verify.rpl | 1 + testdata/val_noadwhennodo.rpl | 1 + testdata/val_nsec3_b3_optout.rpl | 1 + testdata/val_nsec3_b3_optout_negcache.rpl | 1 + testdata/val_positive.rpl | 1 + testdata/val_qds_badanc.rpl | 1 + testdata/val_qds_oneanc.rpl | 1 + testdata/val_qds_twoanc.rpl | 1 + testdata/val_referd.rpl | 1 + testdata/val_referglue.rpl | 1 + testdata/val_rrsig.rpl | 1 + testdata/val_spurious_ns.rpl | 1 + testdata/val_stub_noroot.rpl | 1 + testdata/val_ta_algo_dnskey.rpl | 1 + testdata/val_ta_algo_dnskey_dp.rpl | 1 + testdata/val_ta_algo_missing_dp.rpl | 1 + testdata/val_twocname.rpl | 1 + testdata/val_unalgo_anchor.rpl | 1 + testdata/val_unalgo_dlv.rpl | 1 + testdata/val_wild_pos.rpl | 1 + testdata/views.rpl | 1 + util/config_file.c | 7 ++++--- 109 files changed, 136 insertions(+), 12 deletions(-) diff --git a/doc/Changelog b/doc/Changelog index 8d6ca34b4..39f524739 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,15 @@ +27 August 2018: Wouter + - Set defaults to yes for a number of options to increase speed and + resilience of the server. The so-reuseport, harden-below-nxdomain, + and minimal-responses options are enabled by default. They used + to be disabled by default, waiting to make sure they worked. They + are enabled by default now, and can be disabled explicitly by + setting them to "no" in the unbound.conf config file. The reuseport + and minimal options increases speed of the server, and should be + otherwise harmless. The harden-below-nxdomain option works well + together with the recently default enabled qname minimisation, this + causes more fetches to use information from the cache. + 22 August 2018: George - #4140: Expose repinfo (comm_reply) to the inplace_callbacks. This gives access to reply information for the client's communication diff --git a/doc/example.conf.in b/doc/example.conf.in index 61aa74780..7eb8b776d 100644 --- a/doc/example.conf.in +++ b/doc/example.conf.in @@ -103,7 +103,7 @@ server: # so-sndbuf: 0 # use SO_REUSEPORT to distribute queries over threads. - # so-reuseport: no + # so-reuseport: yes # use IP_TRANSPARENT so the interface: addresses can be non-local # and you can config non-existing IPs that are going to work later on @@ -373,7 +373,7 @@ server: # harden-dnssec-stripped: yes # Harden against queries that fall under dnssec-signed nxdomain names. - # harden-below-nxdomain: no + # harden-below-nxdomain: yes # Harden the referral path by performing additional queries for # infrastructure data. Validates the replies (if possible). @@ -454,7 +454,7 @@ server: # if yes, Unbound doesn't insert authority/additional sections # into response messages when those sections are not required. - # minimal-responses: no + # minimal-responses: yes # true to disable DNSSEC lameness check in iterator. # disable-dnssec-lame-check: no diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index f731d3c17..6b24d47d3 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -278,9 +278,9 @@ to so\-rcvbuf. .B so\-reuseport: \fI If yes, then open dedicated listening sockets for incoming queries for each thread and try to set the SO_REUSEPORT socket option on each socket. May -distribute incoming queries to threads more evenly. Default is no. On Linux -it is supported in kernels >= 3.9. On other systems, FreeBSD, OSX it may -also work. You can enable it (on any platform and kernel), +distribute incoming queries to threads more evenly. Default is yes. +On Linux it is supported in kernels >= 3.9. On other systems, FreeBSD, OSX +it may also work. You can enable it (on any platform and kernel), it then attempts to open the port and passes the option if it was available at compile time, if that works it is used, if it fails, it continues silently (unless verbosity 3) without the option. @@ -747,7 +747,7 @@ noerror for empty nonterminals, hence this is possible. Very old software might return nxdomain for empty nonterminals (that usually happen for reverse IP address lookups), and thus may be incompatible with this. To try to avoid this only DNSSEC-secure nxdomains are used, because the old software does not -have DNSSEC. Default is off. +have DNSSEC. Default is on. The nxdomain must be secure, this means nsec3 with optout is insufficient. .TP .B harden\-referral\-path: \fI @@ -861,9 +861,11 @@ from the query ID, for speed and thread safety). Default is no. If yes, Unbound doesn't insert authority/additional sections into response messages when those sections are not required. This reduces response size significantly, and may avoid TCP fallback for some responses. -This may cause a slight speedup. The default is no, because the DNS +This may cause a slight speedup. The default is yes, even though the DNS protocol RFCs mandate these sections, and the additional content could -be of use and save roundtrips for clients. +be of use and save roundtrips for clients. Because they are not used, +and the saved roundtrips are easier saved with prefetch, whilst this is +faster. .TP .B disable-dnssec-lame-check: \fI If true, disables the DNSSEC lameness check in the iterator. This check diff --git a/testdata/autotrust_init.rpl b/testdata/autotrust_init.rpl index c6bde72ac..d722273e0 100644 --- a/testdata/autotrust_init.rpl +++ b/testdata/autotrust_init.rpl @@ -4,6 +4,7 @@ server: log-time-ascii: yes fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_init_ds.rpl b/testdata/autotrust_init_ds.rpl index 37a168a1a..ad4019ebe 100644 --- a/testdata/autotrust_init_ds.rpl +++ b/testdata/autotrust_init_ds.rpl @@ -4,6 +4,7 @@ server: log-time-ascii: yes fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_init_sigs.rpl b/testdata/autotrust_init_sigs.rpl index fe5eeb0d6..d5d52f473 100644 --- a/testdata/autotrust_init_sigs.rpl +++ b/testdata/autotrust_init_sigs.rpl @@ -4,6 +4,7 @@ server: log-time-ascii: yes fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_init_zsk.rpl b/testdata/autotrust_init_zsk.rpl index b807f8ebe..56a5bc0b3 100644 --- a/testdata/autotrust_init_zsk.rpl +++ b/testdata/autotrust_init_zsk.rpl @@ -4,6 +4,7 @@ server: log-time-ascii: yes fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/black_data.rpl b/testdata/black_data.rpl index 04304d352..de6f57ec1 100644 --- a/testdata/black_data.rpl +++ b/testdata/black_data.rpl @@ -7,6 +7,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." diff --git a/testdata/black_prime.rpl b/testdata/black_prime.rpl index 2cbcc1606..7e73f32f3 100644 --- a/testdata/black_prime.rpl +++ b/testdata/black_prime.rpl @@ -7,6 +7,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." diff --git a/testdata/dlv_anchor.rpl b/testdata/dlv_anchor.rpl index 445da0a84..81547454e 100644 --- a/testdata/dlv_anchor.rpl +++ b/testdata/dlv_anchor.rpl @@ -7,6 +7,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." diff --git a/testdata/dlv_ask_higher.rpl b/testdata/dlv_ask_higher.rpl index 9f9331080..51ac3d24a 100644 --- a/testdata/dlv_ask_higher.rpl +++ b/testdata/dlv_ask_higher.rpl @@ -7,6 +7,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." diff --git a/testdata/dlv_below_ta.rpl b/testdata/dlv_below_ta.rpl index 6f72f261c..f5d630dfb 100644 --- a/testdata/dlv_below_ta.rpl +++ b/testdata/dlv_below_ta.rpl @@ -8,6 +8,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." diff --git a/testdata/dlv_delegation.rpl b/testdata/dlv_delegation.rpl index 1eada4064..53074c8e2 100644 --- a/testdata/dlv_delegation.rpl +++ b/testdata/dlv_delegation.rpl @@ -7,6 +7,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." diff --git a/testdata/dlv_insecure.rpl b/testdata/dlv_insecure.rpl index 94ba865d8..e6515a9fb 100644 --- a/testdata/dlv_insecure.rpl +++ b/testdata/dlv_insecure.rpl @@ -8,6 +8,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." diff --git a/testdata/dlv_insecure_negcache.rpl b/testdata/dlv_insecure_negcache.rpl index b91105160..8408870b9 100644 --- a/testdata/dlv_insecure_negcache.rpl +++ b/testdata/dlv_insecure_negcache.rpl @@ -8,6 +8,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." diff --git a/testdata/dlv_remove_empty.rpl b/testdata/dlv_remove_empty.rpl index 2e9b4bcf6..11b825bc2 100644 --- a/testdata/dlv_remove_empty.rpl +++ b/testdata/dlv_remove_empty.rpl @@ -5,6 +5,7 @@ server: val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" fake-sha1: yes + minimal-responses: no stub-zone: name: "." diff --git a/testdata/dlv_remove_nodel.rpl b/testdata/dlv_remove_nodel.rpl index 1f2d94721..1abe5a32f 100644 --- a/testdata/dlv_remove_nodel.rpl +++ b/testdata/dlv_remove_nodel.rpl @@ -6,6 +6,7 @@ server: val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" fake-sha1: yes + minimal-responses: no stub-zone: name: "." diff --git a/testdata/dlv_remove_pos.rpl b/testdata/dlv_remove_pos.rpl index fe2d7fee7..892ffa3c0 100644 --- a/testdata/dlv_remove_pos.rpl +++ b/testdata/dlv_remove_pos.rpl @@ -8,6 +8,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." diff --git a/testdata/dlv_unused.rpl b/testdata/dlv_unused.rpl index 386755835..aa7d04c1e 100644 --- a/testdata/dlv_unused.rpl +++ b/testdata/dlv_unused.rpl @@ -7,6 +7,7 @@ server: target-fetch-policy: "0 0 0 0 0" fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." diff --git a/testdata/dns64_lookup.rpl b/testdata/dns64_lookup.rpl index e24622c0d..898d0d01a 100644 --- a/testdata/dns64_lookup.rpl +++ b/testdata/dns64_lookup.rpl @@ -4,6 +4,7 @@ server: qname-minimisation: "no" module-config: "dns64 validator iterator" dns64-prefix: 64:ff9b::0/96 + minimal-responses: no stub-zone: name: "." diff --git a/testdata/domain_insec_dlv.rpl b/testdata/domain_insec_dlv.rpl index 8c89a70d3..c8bd98344 100644 --- a/testdata/domain_insec_dlv.rpl +++ b/testdata/domain_insec_dlv.rpl @@ -5,6 +5,7 @@ server: domain-insecure: "example.net" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/fetch_glue.rpl b/testdata/fetch_glue.rpl index 3ecc28abf..3e9f64f8d 100644 --- a/testdata/fetch_glue.rpl +++ b/testdata/fetch_glue.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/fetch_glue_cname.rpl b/testdata/fetch_glue_cname.rpl index e8158f9f0..4a86afa50 100644 --- a/testdata/fetch_glue_cname.rpl +++ b/testdata/fetch_glue_cname.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/fwd_cached.rpl b/testdata/fwd_cached.rpl index 23b4a08a2..2d6b0c2b8 100644 --- a/testdata/fwd_cached.rpl +++ b/testdata/fwd_cached.rpl @@ -1,5 +1,7 @@ ; This is a comment. ; config options go here. +server: + minimal-responses: no forward-zone: name: "." forward-addr: 216.0.0.1 CONFIG_END diff --git a/testdata/iter_class_any.rpl b/testdata/iter_class_any.rpl index a4ea822fd..6fb296e99 100644 --- a/testdata/iter_class_any.rpl +++ b/testdata/iter_class_any.rpl @@ -7,6 +7,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_cycle_noh.rpl b/testdata/iter_cycle_noh.rpl index 6c2982adc..eee26ca70 100644 --- a/testdata/iter_cycle_noh.rpl +++ b/testdata/iter_cycle_noh.rpl @@ -3,6 +3,7 @@ server: harden-glue: "no" target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_dname_insec.rpl b/testdata/iter_dname_insec.rpl index 791e38485..ce593ba5c 100644 --- a/testdata/iter_dname_insec.rpl +++ b/testdata/iter_dname_insec.rpl @@ -3,6 +3,7 @@ server: harden-referral-path: no target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_domain_sale.rpl b/testdata/iter_domain_sale.rpl index ff612780a..be05e2f43 100644 --- a/testdata/iter_domain_sale.rpl +++ b/testdata/iter_domain_sale.rpl @@ -1,6 +1,7 @@ ; config options server: target-fetch-policy: "0 0 0 0 0" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_domain_sale_nschange.rpl b/testdata/iter_domain_sale_nschange.rpl index bc396f67c..5af54efb9 100644 --- a/testdata/iter_domain_sale_nschange.rpl +++ b/testdata/iter_domain_sale_nschange.rpl @@ -1,6 +1,7 @@ ; config options server: target-fetch-policy: "0 0 0 0 0" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_emptydp.rpl b/testdata/iter_emptydp.rpl index f61b3064d..82ddccfad 100644 --- a/testdata/iter_emptydp.rpl +++ b/testdata/iter_emptydp.rpl @@ -7,6 +7,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_emptydp_for_glue.rpl b/testdata/iter_emptydp_for_glue.rpl index 33951e790..2e7db65e1 100644 --- a/testdata/iter_emptydp_for_glue.rpl +++ b/testdata/iter_emptydp_for_glue.rpl @@ -7,6 +7,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_fwdfirst.rpl b/testdata/iter_fwdfirst.rpl index 5154babb3..0f8a85f5a 100644 --- a/testdata/iter_fwdfirst.rpl +++ b/testdata/iter_fwdfirst.rpl @@ -1,6 +1,7 @@ ; config options server: target-fetch-policy: "0 0 0 0 0" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_fwdfirstequal.rpl b/testdata/iter_fwdfirstequal.rpl index d8da470cf..dc648143c 100644 --- a/testdata/iter_fwdfirstequal.rpl +++ b/testdata/iter_fwdfirstequal.rpl @@ -1,6 +1,7 @@ ; config options server: target-fetch-policy: "0 0 0 0 0" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_fwdstub.rpl b/testdata/iter_fwdstub.rpl index 06a8789b7..ad5b57cb7 100644 --- a/testdata/iter_fwdstub.rpl +++ b/testdata/iter_fwdstub.rpl @@ -1,6 +1,7 @@ ; config options server: target-fetch-policy: "0 0 0 0 0" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_fwdstubroot.rpl b/testdata/iter_fwdstubroot.rpl index e43584cbe..fa930430d 100644 --- a/testdata/iter_fwdstubroot.rpl +++ b/testdata/iter_fwdstubroot.rpl @@ -1,6 +1,7 @@ ; config options server: target-fetch-policy: "0 0 0 0 0" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_got6only.rpl b/testdata/iter_got6only.rpl index 7363a48b7..155228439 100644 --- a/testdata/iter_got6only.rpl +++ b/testdata/iter_got6only.rpl @@ -3,6 +3,7 @@ server: do-ip6: no target-fetch-policy: "0 0 0 0 0 " qname-minimisation: "no" + minimal-responses: no stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/iter_hint_lame.rpl b/testdata/iter_hint_lame.rpl index e9ffbce64..2fb6dde72 100644 --- a/testdata/iter_hint_lame.rpl +++ b/testdata/iter_hint_lame.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_lame_noaa.rpl b/testdata/iter_lame_noaa.rpl index 18d326b77..7a6eb1b30 100644 --- a/testdata/iter_lame_noaa.rpl +++ b/testdata/iter_lame_noaa.rpl @@ -3,6 +3,7 @@ server: harden-referral-path: no target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_lame_nosoa.rpl b/testdata/iter_lame_nosoa.rpl index 903bb29bc..4914f7461 100644 --- a/testdata/iter_lame_nosoa.rpl +++ b/testdata/iter_lame_nosoa.rpl @@ -1,6 +1,7 @@ ; config options server: target-fetch-policy: "0 0 0 0 0" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_mod.rpl b/testdata/iter_mod.rpl index c57e2328a..35b3a5af6 100644 --- a/testdata/iter_mod.rpl +++ b/testdata/iter_mod.rpl @@ -3,6 +3,7 @@ server: target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" module-config: "iterator" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_ns_badip.rpl b/testdata/iter_ns_badip.rpl index 6ce2b14d4..ad266c64d 100644 --- a/testdata/iter_ns_badip.rpl +++ b/testdata/iter_ns_badip.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "3 2 1 0 0" qname-minimisation: "no" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_ns_spoof.rpl b/testdata/iter_ns_spoof.rpl index 1679ce724..f67457635 100644 --- a/testdata/iter_ns_spoof.rpl +++ b/testdata/iter_ns_spoof.rpl @@ -3,6 +3,7 @@ server: harden-referral-path: yes target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" + minimal-responses: no stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/iter_pc_a.rpl b/testdata/iter_pc_a.rpl index 985345c15..d9add0056 100644 --- a/testdata/iter_pc_a.rpl +++ b/testdata/iter_pc_a.rpl @@ -1,6 +1,7 @@ ; config options server: target-fetch-policy: "0 0 0 0 0" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_pc_aaaa.rpl b/testdata/iter_pc_aaaa.rpl index 20e1a787f..a28354306 100644 --- a/testdata/iter_pc_aaaa.rpl +++ b/testdata/iter_pc_aaaa.rpl @@ -1,6 +1,7 @@ ; config options server: target-fetch-policy: "0 0 0 0 0" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_pcdiff.rpl b/testdata/iter_pcdiff.rpl index 18b984c16..57fb109af 100644 --- a/testdata/iter_pcdiff.rpl +++ b/testdata/iter_pcdiff.rpl @@ -1,6 +1,7 @@ ; config options server: target-fetch-policy: "0 0 0 0 0" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_pcdirect.rpl b/testdata/iter_pcdirect.rpl index 0a4487fd8..0bd5dfe78 100644 --- a/testdata/iter_pcdirect.rpl +++ b/testdata/iter_pcdirect.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_pcname.rpl b/testdata/iter_pcname.rpl index 037b6426f..e17c9102c 100644 --- a/testdata/iter_pcname.rpl +++ b/testdata/iter_pcname.rpl @@ -1,6 +1,7 @@ ; config options server: target-fetch-policy: "0 0 0 0 0" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_pcnamech.rpl b/testdata/iter_pcnamech.rpl index a979101d9..1aba95b07 100644 --- a/testdata/iter_pcnamech.rpl +++ b/testdata/iter_pcnamech.rpl @@ -1,6 +1,7 @@ ; config options server: target-fetch-policy: "0 0 0 0 0" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_pcnamechrec.rpl b/testdata/iter_pcnamechrec.rpl index f4c0197ba..90745fcf3 100644 --- a/testdata/iter_pcnamechrec.rpl +++ b/testdata/iter_pcnamechrec.rpl @@ -1,6 +1,7 @@ ; config options server: target-fetch-policy: "0 0 0 0 0" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_pcnamerec.rpl b/testdata/iter_pcnamerec.rpl index ecc03d353..faee6d029 100644 --- a/testdata/iter_pcnamerec.rpl +++ b/testdata/iter_pcnamerec.rpl @@ -1,6 +1,7 @@ ; config options server: target-fetch-policy: "0 0 0 0 0" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_pcttl.rpl b/testdata/iter_pcttl.rpl index 41d94bc42..413f8cb88 100644 --- a/testdata/iter_pcttl.rpl +++ b/testdata/iter_pcttl.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" do-ip6: no + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_prefetch.rpl b/testdata/iter_prefetch.rpl index feb6b81e8..bad92dc57 100644 --- a/testdata/iter_prefetch.rpl +++ b/testdata/iter_prefetch.rpl @@ -3,6 +3,7 @@ server: target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" prefetch: "yes" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_prefetch_change.rpl b/testdata/iter_prefetch_change.rpl index 2ed70cdad..007025ad0 100644 --- a/testdata/iter_prefetch_change.rpl +++ b/testdata/iter_prefetch_change.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" prefetch: "yes" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_prefetch_change2.rpl b/testdata/iter_prefetch_change2.rpl index 93196d555..7a8370ff6 100644 --- a/testdata/iter_prefetch_change2.rpl +++ b/testdata/iter_prefetch_change2.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" prefetch: "yes" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_prefetch_childns.rpl b/testdata/iter_prefetch_childns.rpl index 869aaa40c..00a91fcde 100644 --- a/testdata/iter_prefetch_childns.rpl +++ b/testdata/iter_prefetch_childns.rpl @@ -3,6 +3,7 @@ server: target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" prefetch: "yes" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_prefetch_fail.rpl b/testdata/iter_prefetch_fail.rpl index 2f7f99425..1d92a4c1c 100644 --- a/testdata/iter_prefetch_fail.rpl +++ b/testdata/iter_prefetch_fail.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" prefetch: "yes" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_prefetch_ns.rpl b/testdata/iter_prefetch_ns.rpl index f99fb80dc..93af21638 100644 --- a/testdata/iter_prefetch_ns.rpl +++ b/testdata/iter_prefetch_ns.rpl @@ -3,6 +3,7 @@ server: target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" prefetch: "yes" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_primenoglue.rpl b/testdata/iter_primenoglue.rpl index 0d6adefc5..a75ed82dd 100644 --- a/testdata/iter_primenoglue.rpl +++ b/testdata/iter_primenoglue.rpl @@ -7,6 +7,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_privaddr.rpl b/testdata/iter_privaddr.rpl index 2361af653..93a2a147d 100644 --- a/testdata/iter_privaddr.rpl +++ b/testdata/iter_privaddr.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" + minimal-responses: no private-address: 10.0.0.0/8 private-address: 172.16.0.0/12 diff --git a/testdata/iter_ranoaa_lame.rpl b/testdata/iter_ranoaa_lame.rpl index d2db84a8e..efb38a590 100644 --- a/testdata/iter_ranoaa_lame.rpl +++ b/testdata/iter_ranoaa_lame.rpl @@ -1,6 +1,7 @@ ; config options server: target-fetch-policy: "0 0 0 0 0" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_reclame_one.rpl b/testdata/iter_reclame_one.rpl index fe15b256c..4df9b6594 100644 --- a/testdata/iter_reclame_one.rpl +++ b/testdata/iter_reclame_one.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_reclame_two.rpl b/testdata/iter_reclame_two.rpl index 3b7dfd65c..f30edd941 100644 --- a/testdata/iter_reclame_two.rpl +++ b/testdata/iter_reclame_two.rpl @@ -1,6 +1,7 @@ ; config options server: target-fetch-policy: "0 0 0 0 0" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_recurse.rpl b/testdata/iter_recurse.rpl index ab62e1ae5..181af1107 100644 --- a/testdata/iter_recurse.rpl +++ b/testdata/iter_recurse.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_resolve.rpl b/testdata/iter_resolve.rpl index cab3887f7..ed051ff24 100644 --- a/testdata/iter_resolve.rpl +++ b/testdata/iter_resolve.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_resolve_minimised.rpl b/testdata/iter_resolve_minimised.rpl index ab3c6e9e7..2c6f9ccf5 100644 --- a/testdata/iter_resolve_minimised.rpl +++ b/testdata/iter_resolve_minimised.rpl @@ -1,6 +1,7 @@ ; config options server: target-fetch-policy: "0 0 0 0 0" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_resolve_minimised_nx.rpl b/testdata/iter_resolve_minimised_nx.rpl index cb877bc25..74e612ccb 100644 --- a/testdata/iter_resolve_minimised_nx.rpl +++ b/testdata/iter_resolve_minimised_nx.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" qname-minimisation: yes + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_resolve_minimised_refused.rpl b/testdata/iter_resolve_minimised_refused.rpl index 82852a438..66e8e631e 100644 --- a/testdata/iter_resolve_minimised_refused.rpl +++ b/testdata/iter_resolve_minimised_refused.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" qname-minimisation: yes + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_resolve_minimised_timeout.rpl b/testdata/iter_resolve_minimised_timeout.rpl index 2a166aff0..86b932160 100644 --- a/testdata/iter_resolve_minimised_timeout.rpl +++ b/testdata/iter_resolve_minimised_timeout.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" qname-minimisation: yes + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_scrub_cname_an.rpl b/testdata/iter_scrub_cname_an.rpl index 54a98c63b..9c5060af7 100644 --- a/testdata/iter_scrub_cname_an.rpl +++ b/testdata/iter_scrub_cname_an.rpl @@ -3,6 +3,7 @@ server: harden-referral-path: no target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_scrub_dname_insec.rpl b/testdata/iter_scrub_dname_insec.rpl index a2972202c..921abe628 100644 --- a/testdata/iter_scrub_dname_insec.rpl +++ b/testdata/iter_scrub_dname_insec.rpl @@ -3,6 +3,7 @@ server: harden-referral-path: no target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_scrub_dname_rev.rpl b/testdata/iter_scrub_dname_rev.rpl index b7e3ee2d0..3e649f936 100644 --- a/testdata/iter_scrub_dname_rev.rpl +++ b/testdata/iter_scrub_dname_rev.rpl @@ -7,6 +7,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_scrub_dname_sec.rpl b/testdata/iter_scrub_dname_sec.rpl index 1b9153ba7..4597cdf98 100644 --- a/testdata/iter_scrub_dname_sec.rpl +++ b/testdata/iter_scrub_dname_sec.rpl @@ -7,6 +7,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_soamin.rpl b/testdata/iter_soamin.rpl index 42eb80827..7e902601b 100644 --- a/testdata/iter_soamin.rpl +++ b/testdata/iter_soamin.rpl @@ -1,6 +1,7 @@ ; config options server: target-fetch-policy: "0 0 0 0 0" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_stub_leak.rpl b/testdata/iter_stub_leak.rpl index e5c620006..388344ce5 100644 --- a/testdata/iter_stub_leak.rpl +++ b/testdata/iter_stub_leak.rpl @@ -1,6 +1,7 @@ ; config options server: target-fetch-policy: "0 0 0 0 0" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_stub_noroot.rpl b/testdata/iter_stub_noroot.rpl index 0bc1ff5d2..ef306bd42 100644 --- a/testdata/iter_stub_noroot.rpl +++ b/testdata/iter_stub_noroot.rpl @@ -1,6 +1,7 @@ ; config options server: target-fetch-policy: "0 0 0 0 0" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_stubfirst.rpl b/testdata/iter_stubfirst.rpl index 6245a4f09..1a7112de4 100644 --- a/testdata/iter_stubfirst.rpl +++ b/testdata/iter_stubfirst.rpl @@ -1,6 +1,7 @@ ; config options server: target-fetch-policy: "0 0 0 0 0" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/iter_timeout_ra_aaaa.rpl b/testdata/iter_timeout_ra_aaaa.rpl index 9b06aea90..126867ba4 100644 --- a/testdata/iter_timeout_ra_aaaa.rpl +++ b/testdata/iter_timeout_ra_aaaa.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/rrset_rettl.rpl b/testdata/rrset_rettl.rpl index 2ae64e947..55dd62386 100644 --- a/testdata/rrset_rettl.rpl +++ b/testdata/rrset_rettl.rpl @@ -1,5 +1,7 @@ ; This is a comment. ; config options go here. +server: + minimal-responses: no forward-zone: name: "." forward-addr: 216.0.0.1 CONFIG_END diff --git a/testdata/rrset_untrusted.rpl b/testdata/rrset_untrusted.rpl index 232554872..6370ebf49 100644 --- a/testdata/rrset_untrusted.rpl +++ b/testdata/rrset_untrusted.rpl @@ -1,5 +1,7 @@ ; This is a comment. ; config options go here. +server: + minimal-responses: no forward-zone: name: "." forward-addr: 216.0.0.1 CONFIG_END diff --git a/testdata/rrset_updated.rpl b/testdata/rrset_updated.rpl index 4e877df11..d36ab8cc8 100644 --- a/testdata/rrset_updated.rpl +++ b/testdata/rrset_updated.rpl @@ -1,5 +1,7 @@ ; This is a comment. ; config options go here. +server: + minimal-responses: no forward-zone: name: "." forward-addr: 216.0.0.1 CONFIG_END diff --git a/testdata/trust_cname_chain.rpl b/testdata/trust_cname_chain.rpl index e4d2d2a99..f8415ba23 100644 --- a/testdata/trust_cname_chain.rpl +++ b/testdata/trust_cname_chain.rpl @@ -1,6 +1,7 @@ ; config options server: target-fetch-policy: "0 0 0 0 0" + minimal-responses: no stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/ttl_max.rpl b/testdata/ttl_max.rpl index 1faa05453..17eaca26c 100644 --- a/testdata/ttl_max.rpl +++ b/testdata/ttl_max.rpl @@ -3,6 +3,7 @@ server: access-control: 127.0.0.1 allow_snoop cache-max-ttl: 10 qname-minimisation: "no" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/ttl_min.rpl b/testdata/ttl_min.rpl index b965fdbea..3c79ff5ed 100644 --- a/testdata/ttl_min.rpl +++ b/testdata/ttl_min.rpl @@ -3,6 +3,7 @@ server: access-control: 127.0.0.1 allow_snoop cache-min-ttl: 10 qname-minimisation: "no" + minimal-responses: no stub-zone: name: "." diff --git a/testdata/val_adbit.rpl b/testdata/val_adbit.rpl index f8f44fcff..7ce62de77 100644 --- a/testdata/val_adbit.rpl +++ b/testdata/val_adbit.rpl @@ -7,6 +7,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." diff --git a/testdata/val_adcopy.rpl b/testdata/val_adcopy.rpl index beb952356..604fd57f2 100644 --- a/testdata/val_adcopy.rpl +++ b/testdata/val_adcopy.rpl @@ -6,6 +6,7 @@ server: target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" fake-sha1: yes + minimal-responses: no stub-zone: name: "." diff --git a/testdata/val_ds_afterprime.rpl b/testdata/val_ds_afterprime.rpl index 50c28aae6..3b1c0d614 100644 --- a/testdata/val_ds_afterprime.rpl +++ b/testdata/val_ds_afterprime.rpl @@ -7,6 +7,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." diff --git a/testdata/val_faildnskey_ok.rpl b/testdata/val_faildnskey_ok.rpl index c191859b2..d3ac00c47 100644 --- a/testdata/val_faildnskey_ok.rpl +++ b/testdata/val_faildnskey_ok.rpl @@ -7,6 +7,7 @@ server: target-fetch-policy: "0 0 0 0 0" fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." diff --git a/testdata/val_keyprefetch_verify.rpl b/testdata/val_keyprefetch_verify.rpl index f55bd7945..f2050fb7f 100644 --- a/testdata/val_keyprefetch_verify.rpl +++ b/testdata/val_keyprefetch_verify.rpl @@ -9,6 +9,7 @@ server: prefetch: yes fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." diff --git a/testdata/val_noadwhennodo.rpl b/testdata/val_noadwhennodo.rpl index c4b9afd75..46e1bad5a 100644 --- a/testdata/val_noadwhennodo.rpl +++ b/testdata/val_noadwhennodo.rpl @@ -7,6 +7,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." diff --git a/testdata/val_nsec3_b3_optout.rpl b/testdata/val_nsec3_b3_optout.rpl index 41e2e3893..0b0569201 100644 --- a/testdata/val_nsec3_b3_optout.rpl +++ b/testdata/val_nsec3_b3_optout.rpl @@ -6,6 +6,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." diff --git a/testdata/val_nsec3_b3_optout_negcache.rpl b/testdata/val_nsec3_b3_optout_negcache.rpl index e2897e53f..f8ef6f87d 100644 --- a/testdata/val_nsec3_b3_optout_negcache.rpl +++ b/testdata/val_nsec3_b3_optout_negcache.rpl @@ -6,6 +6,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." diff --git a/testdata/val_positive.rpl b/testdata/val_positive.rpl index bef91f6df..daaf36089 100644 --- a/testdata/val_positive.rpl +++ b/testdata/val_positive.rpl @@ -7,6 +7,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." diff --git a/testdata/val_qds_badanc.rpl b/testdata/val_qds_badanc.rpl index 5c9f75660..dc686153f 100644 --- a/testdata/val_qds_badanc.rpl +++ b/testdata/val_qds_badanc.rpl @@ -6,6 +6,7 @@ server: target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" fake-sha1: yes + minimal-responses: no stub-zone: name: "." diff --git a/testdata/val_qds_oneanc.rpl b/testdata/val_qds_oneanc.rpl index c742cfad3..f21ab422b 100644 --- a/testdata/val_qds_oneanc.rpl +++ b/testdata/val_qds_oneanc.rpl @@ -7,6 +7,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." diff --git a/testdata/val_qds_twoanc.rpl b/testdata/val_qds_twoanc.rpl index dc66388f8..4e4f2e732 100644 --- a/testdata/val_qds_twoanc.rpl +++ b/testdata/val_qds_twoanc.rpl @@ -8,6 +8,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." diff --git a/testdata/val_referd.rpl b/testdata/val_referd.rpl index dfc82e1cf..d475f835e 100644 --- a/testdata/val_referd.rpl +++ b/testdata/val_referd.rpl @@ -9,6 +9,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." diff --git a/testdata/val_referglue.rpl b/testdata/val_referglue.rpl index a9714d1c8..dd7e7de91 100644 --- a/testdata/val_referglue.rpl +++ b/testdata/val_referglue.rpl @@ -9,6 +9,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." diff --git a/testdata/val_rrsig.rpl b/testdata/val_rrsig.rpl index d9684e497..0b672e0f2 100644 --- a/testdata/val_rrsig.rpl +++ b/testdata/val_rrsig.rpl @@ -6,6 +6,7 @@ server: target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" fake-sha1: yes + minimal-responses: no stub-zone: name: "." diff --git a/testdata/val_spurious_ns.rpl b/testdata/val_spurious_ns.rpl index 0f9d84310..cb0a6e529 100644 --- a/testdata/val_spurious_ns.rpl +++ b/testdata/val_spurious_ns.rpl @@ -7,6 +7,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." diff --git a/testdata/val_stub_noroot.rpl b/testdata/val_stub_noroot.rpl index 07fb0e376..4235bcc52 100644 --- a/testdata/val_stub_noroot.rpl +++ b/testdata/val_stub_noroot.rpl @@ -7,6 +7,7 @@ server: dlv-anchor: "dlv.isc.org. IN DNSKEY 257 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3" fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." diff --git a/testdata/val_ta_algo_dnskey.rpl b/testdata/val_ta_algo_dnskey.rpl index a1f1ed5d0..03bac83aa 100644 --- a/testdata/val_ta_algo_dnskey.rpl +++ b/testdata/val_ta_algo_dnskey.rpl @@ -8,6 +8,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." diff --git a/testdata/val_ta_algo_dnskey_dp.rpl b/testdata/val_ta_algo_dnskey_dp.rpl index 1dd48bfb2..2b3609be8 100644 --- a/testdata/val_ta_algo_dnskey_dp.rpl +++ b/testdata/val_ta_algo_dnskey_dp.rpl @@ -9,6 +9,7 @@ server: harden-algo-downgrade: no fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." diff --git a/testdata/val_ta_algo_missing_dp.rpl b/testdata/val_ta_algo_missing_dp.rpl index 4709407ed..dc55a09da 100644 --- a/testdata/val_ta_algo_missing_dp.rpl +++ b/testdata/val_ta_algo_missing_dp.rpl @@ -10,6 +10,7 @@ server: harden-algo-downgrade: no fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." diff --git a/testdata/val_twocname.rpl b/testdata/val_twocname.rpl index 6756787b9..d8e8cf316 100644 --- a/testdata/val_twocname.rpl +++ b/testdata/val_twocname.rpl @@ -4,6 +4,7 @@ server: val-override-date: "20091116100204" fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no forward-zone: name: "." diff --git a/testdata/val_unalgo_anchor.rpl b/testdata/val_unalgo_anchor.rpl index 24dcbaf92..fbbf288a5 100644 --- a/testdata/val_unalgo_anchor.rpl +++ b/testdata/val_unalgo_anchor.rpl @@ -6,6 +6,7 @@ server: target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" fake-sha1: yes + minimal-responses: no stub-zone: name: "." diff --git a/testdata/val_unalgo_dlv.rpl b/testdata/val_unalgo_dlv.rpl index e78226fc8..142beae8d 100644 --- a/testdata/val_unalgo_dlv.rpl +++ b/testdata/val_unalgo_dlv.rpl @@ -7,6 +7,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." diff --git a/testdata/val_wild_pos.rpl b/testdata/val_wild_pos.rpl index 2fc3847e8..624d8e07b 100644 --- a/testdata/val_wild_pos.rpl +++ b/testdata/val_wild_pos.rpl @@ -7,6 +7,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + minimal-responses: no stub-zone: name: "." diff --git a/testdata/views.rpl b/testdata/views.rpl index 5573cd83c..6a9052fbe 100644 --- a/testdata/views.rpl +++ b/testdata/views.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" + minimal-responses: no access-control: 10.10.10.0/24 allow access-control-view: 10.10.10.10/32 "view1" diff --git a/util/config_file.c b/util/config_file.c index 7d933ca6e..3d7b4800b 100644 --- a/util/config_file.c +++ b/util/config_file.c @@ -177,7 +177,7 @@ config_create(void) cfg->if_automatic = 0; cfg->so_rcvbuf = 0; cfg->so_sndbuf = 0; - cfg->so_reuseport = 0; + cfg->so_reuseport = 1; cfg->ip_transparent = 0; cfg->ip_freebind = 0; cfg->num_ifs = 0; @@ -202,7 +202,7 @@ config_create(void) cfg->harden_large_queries = 0; cfg->harden_glue = 1; cfg->harden_dnssec_stripped = 1; - cfg->harden_below_nxdomain = 0; + cfg->harden_below_nxdomain = 1; cfg->harden_referral_path = 0; cfg->harden_algo_downgrade = 0; cfg->use_caps_bits_for_id = 0; @@ -254,7 +254,7 @@ config_create(void) cfg->control_ifs.last = NULL; cfg->control_port = UNBOUND_CONTROL_PORT; cfg->control_use_cert = 1; - cfg->minimal_responses = 0; + cfg->minimal_responses = 1; cfg->rrset_roundrobin = 0; cfg->max_udp_size = 4096; if(!(cfg->server_key_file = strdup(RUN_DIR"/unbound_server.key"))) @@ -344,6 +344,7 @@ struct config_file* config_create_forlib(void) forward nameserver running on localhost */ cfg->val_log_level = 2; /* to fill why_bogus with */ cfg->val_log_squelch = 1; + cfg->minimal_responses = 0; return cfg; }