Project

General

Profile

Feature #10449

Aggressive NSEC option

Added by Viktor Gurov 7 months ago. Updated 7 months ago.

Status:
Resolved
Priority:
Normal
Category:
DNS Resolver
Target version:
Start date:
04/13/2020
Due date:
% Done:

100%

Estimated time:

Description

Very nice feature for DNS optimization, which can reduce the number of queries to authoritative name servers.
See https://tools.ietf.org/html/rfc8198

unbound.conf(5):

aggressive-nsec: <yes or no>
              Aggressive  NSEC uses the DNSSEC NSEC chain to synthesize NXDOMAIN and other denials, using information from previous
              NXDOMAINs answers.  Default is no.  It helps to reduce the query rate towards targets that get a very  high  nonexis‐
              tent name lookup rate.

Associated revisions

Revision 7e9d72cf (diff)
Added by Viktor Gurov 7 months ago

Aggressive NSEC option. Issue #10449

History

#2 Updated by Jim Pingle 7 months ago

  • Status changed from New to Pull Request Review
  • Target version set to 2.5.0

#3 Updated by DRago_Angel [InV@DER] 7 months ago

+1

#4 Updated by Renato Botelho 7 months ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Renato Botelho
  • % Done changed from 0 to 100

PR has been merged. Thanks!

#5 Updated by Viktor Gurov 7 months ago

  • Status changed from Feedback to Resolved

tested on 2.5.0.a.20200414.1347

works as expected,
I can see aggressive-nsec: yes/no option in /var/unbound/unbound.conf

Also available in: Atom PDF