Project

General

Profile

Actions
Copy link

Feature #10449

closed

Aggressive NSEC option

Added by Viktor Gurov about 4 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Renato Botelho
Category:
DNS Resolver
Target version:
2.5.0
Start date:
04/13/2020
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:

Description

Very nice feature for DNS optimization, which can reduce the number of queries to authoritative name servers.
See https://tools.ietf.org/html/rfc8198

unbound.conf(5):

aggressive-nsec: <yes or no>
              Aggressive  NSEC uses the DNSSEC NSEC chain to synthesize NXDOMAIN and other denials, using information from previous
              NXDOMAINs answers.  Default is no.  It helps to reduce the query rate towards targets that get a very  high  nonexis‐
              tent name lookup rate.

Actions
Copy link
 #2

Updated by Jim Pingle about 4 years ago

  • Status changed from New to Pull Request Review
  • Target version set to 2.5.0
Actions
Copy link
 #3

Updated by DRago_Angel [InV@DER] about 4 years ago

+1

Actions
Copy link
 #4

Updated by Renato Botelho about 4 years ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Renato Botelho
  • % Done changed from 0 to 100

PR has been merged. Thanks!

Actions
Copy link
 #5

Updated by Viktor Gurov about 4 years ago

  • Status changed from Feedback to Resolved

tested on 2.5.0.a.20200414.1347

works as expected,
I can see aggressive-nsec: yes/no option in /var/unbound/unbound.conf

Actions
Copy link

Also available in: Atom PDF