[Unbound-users] DNS poisoning - any ideas how this can happen?
Dave Warren
davew at hireahit.com
Wed Feb 11 23:52:09 UTC 2015
On 2015-02-10 13:49, Dave Warren wrote:
> On 2015-02-10 06:50, W.C.A. Wijngaards wrote:
>> After off-list conversation (with conf and logs), the solution is
>> harden-glue: yes in unbound.conf. The default is yes, but in pfSense
>> it was turned off.
>
> Ouch, that seems like a sub-optimal configuration.
>
> Was this in the unbound package available for pfSense 2.1 and earlier,
> or the native unbound implementation in pfSense 2.2? Did you log any
> bugs on the pfSense side or does this still need to be done?
>
I had a chance to play with pfSense 2.2 a bit, and this is a UI option,
so there's no concern here. Sorry for the additional noise, when I first
read the thread I was assuming that you meant the unbound default is
set, but pfSense turned it off.
tl;dr: Everything is good.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
More information about the Unbound-users
mailing list