DNS-0x20 encoding reduces cache hit count
Otto Retter
otto at relax.theregoesmy.email
Fri Feb 21 13:36:00 UTC 2025
Peter Russel via Unbound-users wrote:
> This implies a feature request to implement DNS-0x20 encoding for
> unbound, DNS-0x20 encoding is considered a security feature.
Unbound already has 0x20 support. You will need to set `use-caps-for-id:
yes` in your Unbound configuration. Here are the 0x20 options from the
example conf:
'''
# Use 0x20-encoded random bits in the query to foil spoof attempts.
# This feature is an experimental implementation of draft dns-0x20.
# use-caps-for-id: no
# Domains (and domains in them) without support for dns-0x20 and
# the fallback fails because they keep sending different answers.
# caps-exempt: "licdn.com"
# caps-exempt: "senderbase.org"
'''
Hope that helps,
Otto
More information about the Unbound-users
mailing list