On 25.8.2017 11:47, W.C.A. Wijngaards via Unbound-users wrote: > Hi Petr, > > Unbound already implements that draft. Method 4.1, select one (actually > a couple) RRsets. It picks them from cache if they are available there > (eg. A record or SOA record) and if no records are in cache, it'll make > a query. Oh, nice! Is it released already? I'm not able to find string "refuse-any" either in http://unbound.nlnetlabs.nl/svn/trunk/doc/Changelog or in SVN log. Curious question: How are these RRsets selected? For example domain cpsc.gov. which is often used for attacks using our resolver can produce rather large answers for QTYPE, so returning more than one QTYPE might not cut the size down as we would wish. Petr Špaček @ CZ.NIC > > There may be tricks with local-zones or local-data or python scripting > or views. > > Best regards, Wouter > > On 25/08/17 11:42, Petr Špaček via Unbound-users wrote: >> Hello, >> >> is it possible to use some trick to configure Unbound to refuse ANY queries? >> >> It would be helpful for (intentionally) open recursors before >> https://tools.ietf.org/html/draft-ietf-dnsop-refuse-any is implemented. >> >> Thank you for your time.