george at nlnetlabs.nl
Tue Apr 21 10:50:47 UTC 2020
I want to thank you for the input.
It seems that the consensus is to change the default to yes and thus
enforcing the rrset definition of an unordered set.
Nice suggestion. The dnsop thread from a couple of years ago
was an interesting read.
On your concern about side channel attacks, it is a rotation scheme but
unbound rotates the rrset randomly by using client data (query ID) and
not state on the resolver side; also mentioned in that thread.
All changes per release are communicated to users(this list), package
maintainers (another list), a news item on our website and tweets
linking to said news article. It is then up to the users/maintainers how
to proceed with the changes.
More information about the Unbound-users