rfc6761 compliance

Paul Wouters paul at nohats.ca
Tue Sep 22 16:30:39 UTC 2015

On Tue, 22 Sep 2015, Robert Edmonds via Unbound-users wrote:

> W.C.A. Wijngaards via Unbound-users wrote:
>> It is not a particularly heavy root server load to mitigate, less code
>> is better and easier, the unblock-lan-zones statement is a frequently
>> asked question from our users.  That said, we could add new code for
>> this (and .onion?).

> Here are the caching DNS considerations for the zones that Unbound
> currently doesn't handle:
> [ "test." ]
> [ "invalid." ]
> [ "onion." ]

While I don't see much harm in test and valid, there is a stronger case
for onion not to leak out. I hope upstream will block it per default.
If not, I might add a conf file to do so in the default unbound
configuration for Fedora.


More information about the Unbound-users mailing list