Maintained by: NLnet Labs

[Unbound-users] DNS poisoning - any ideas how this can happen?

Dave Warren
Thu Feb 12 00:52:09 CET 2015


On 2015-02-10 13:49, Dave Warren wrote:
> On 2015-02-10 06:50, W.C.A. Wijngaards wrote:
>> After off-list conversation (with conf and logs), the solution is
>> harden-glue: yes in unbound.conf.  The default is yes, but in pfSense
>> it was turned off.
>
> Ouch, that seems like a sub-optimal configuration.
>
> Was this in the unbound package available for pfSense 2.1 and earlier, 
> or the native unbound implementation in pfSense 2.2? Did you log any 
> bugs on the pfSense side or does this still need to be done?
>

I had a chance to play with pfSense 2.2 a bit, and this is a UI option, 
so there's no concern here. Sorry for the additional noise, when I first 
read the thread I was assuming that you meant the unbound default is 
set, but pfSense turned it off.

tl;dr: Everything is good.

-- 
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren