From 7e2a5e7e2dc9140c1245b5172c929eb177ecb307 Mon Sep 17 00:00:00 2001
From: florian <>
Date: Thu, 29 Mar 2018 20:40:22 +0000
Subject: [PATCH] Add aggressive-nsec example block. While here, qname
 minimisation is an RFC since some time.

tweak & OK sthen
---
 src/etc/unbound.conf | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/etc/unbound.conf b/src/etc/unbound.conf
index 6e3d5ead..03eb9858 100644
--- a/src/etc/unbound.conf
+++ b/src/etc/unbound.conf
@@ -1,4 +1,4 @@
-# $OpenBSD: unbound.conf,v 1.7 2016/03/30 01:41:25 sthen Exp $
+# $OpenBSD: unbound.conf,v 1.8 2018/03/29 20:40:22 florian Exp $
 
 server:
 	interface: 127.0.0.1
@@ -20,14 +20,19 @@ server:
 	hide-version: yes
 
 	# Uncomment to enable qname minimisation.
-	# https://tools.ietf.org/html/draft-ietf-dnsop-qname-minimisation-08
+	# https://tools.ietf.org/html/rfc7816
 	#
-	# qname-minimisation: yes
+	#qname-minimisation: yes
 
 	# Uncomment to enable DNSSEC validation.
 	#
 	#auto-trust-anchor-file: "/var/unbound/db/root.key"
 
+	# Uncomment to synthesize NXDOMAINs from DNSSEC NSEC chains
+	# https://tools.ietf.org/html/rfc8198
+	#
+	#aggressive-nsec: yes
+
 	# Serve zones authoritatively from Unbound to resolver clients.
 	# Not for external service.
 	#