> From: Ralph Dolmans via Unbound-users <unbound-users@unbound.net> >> - Aggressive use of NSEC is not so transparent to me. >> unsure, what I really may expect here. Under which conditions is this >> active? > > When this option is enabled Unbound will try to use cached NSEC records > to generate an NXDOMAIN, NODATA or wildcard answer. See RFC8198.
Thanks very much for implementing RFC 8198. One comment is that there is no documentation about "aggressive-nsec: yes" in server secton. (default no) # I read it from util/config_file.c . Please add documentations about aggressive-nsec. -- Kazunori Fujiwara / fujiw...@jprs.co.jp