Commit 72d0d523 authored by Cy Schubert's avatar Cy Schubert
Browse files

UPDATING: Document unbound support of RFC8375

As of unbound 1.14.0rc1, as per RFC8375 unbound by default blocks
'home.arpa'. Document this new behaviour and how to unblock it.

Reported by:	avg
Discussed with:	glebius, avg
RFC:		8375, Section 6: Security Considerations
parent 273016e8
......@@ -27,6 +27,21 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 14.x IS SLOW:
world, or to merely disable the most expensive debugging functionality
at runtime, run "ln -s 'abort:false,junk:false' /etc/malloc.conf".)
20211202:
Unbound support for RFC8375: The special-use domain 'home.arpa' is
by default blocked. To unblock it use a local-zone nodefault
statement in unbound.conf:
local-zone: "home.arpa." nodefault
Or use another type of local-zone to override with your choice.
The reason for this is discussed in Section 6.1 of RFC8375:
Because 'home.arpa.' is not globally scoped and cannot be secured
using DNSSEC based on the root domain's trust anchor, there is no way
to tell, using a standard DNS query, in which homenet scope an answer
belongs. Consequently, users may experience surprising results with
such names when roaming to different homenets.
20211230:
The macros provided for the manipulation of CPU sets (e.g. CPU_AND)
have been modified to take 2 source arguments instead of only 1.
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment