Project

General

Profile

Actions

Feature #10449

closed

Aggressive NSEC option

Added by Viktor Gurov over 4 years ago. Updated over 4 years ago.

Status:
Resolved
Priority:
Normal
Category:
DNS Resolver
Target version:
Start date:
04/13/2020
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:

Description

Very nice feature for DNS optimization, which can reduce the number of queries to authoritative name servers.
See https://tools.ietf.org/html/rfc8198

unbound.conf(5):

aggressive-nsec: <yes or no>
              Aggressive  NSEC uses the DNSSEC NSEC chain to synthesize NXDOMAIN and other denials, using information from previous
              NXDOMAINs answers.  Default is no.  It helps to reduce the query rate towards targets that get a very  high  nonexis‐
              tent name lookup rate.

Actions #2

Updated by Jim Pingle over 4 years ago

  • Status changed from New to Pull Request Review
  • Target version set to 2.5.0
Actions #3

Updated by DRago_Angel [InV@DER] over 4 years ago

+1

Actions #4

Updated by Renato Botelho over 4 years ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Renato Botelho
  • % Done changed from 0 to 100

PR has been merged. Thanks!

Actions #5

Updated by Viktor Gurov over 4 years ago

  • Status changed from Feedback to Resolved

tested on 2.5.0.a.20200414.1347

works as expected,
I can see aggressive-nsec: yes/no option in /var/unbound/unbound.conf

Actions

Also available in: Atom PDF