rfc6761 compliance
Paul Wouters
paul at nohats.ca
Tue Sep 22 16:30:39 UTC 2015
On Tue, 22 Sep 2015, Robert Edmonds via Unbound-users wrote:
> W.C.A. Wijngaards via Unbound-users wrote:
>> It is not a particularly heavy root server load to mitigate, less code
>> is better and easier, the unblock-lan-zones statement is a frequently
>> asked question from our users. That said, we could add new code for
>> this (and .onion?).
> Here are the caching DNS considerations for the zones that Unbound
> currently doesn't handle:
>
> [ "test." ]
> [ "invalid." ]
> [ "onion." ]
While I don't see much harm in test and valid, there is a stronger case
for onion not to leak out. I hope upstream will block it per default.
If not, I might add a conf file to do so in the default unbound
configuration for Fedora.
Paul
More information about the Unbound-users
mailing list