Maintained by: NLnet Labs

rfc6761 compliance

Paul Wouters
Tue Sep 22 18:30:39 CEST 2015


On Tue, 22 Sep 2015, Robert Edmonds via Unbound-users wrote:

> W.C.A. Wijngaards via Unbound-users wrote:
>> It is not a particularly heavy root server load to mitigate, less code
>> is better and easier, the unblock-lan-zones statement is a frequently
>> asked question from our users.  That said, we could add new code for
>> this (and .onion?).

> Here are the caching DNS considerations for the zones that Unbound
> currently doesn't handle:
>
> [ "test." ]
> [ "invalid." ]
> [ "onion." ]

While I don't see much harm in test and valid, there is a stronger case
for onion not to leak out. I hope upstream will block it per default.
If not, I might add a conf file to do so in the default unbound
configuration for Fedora.

Paul