| Summary: | harden-referral-path should default to "no" (as upstream has) | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Stefan Neufeind <redhat> |
| Component: | unbound | Assignee: | Paul Wouters <pwouters> |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 15 | CC: | pwouters |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-10-06 02:00:43 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Stefan Neufeind
2011-02-20 17:10:57 UTC
*ping* So there is a good reason to do this. What this option does is provide added security to non-DNSSEC domains. It looks up NS records on at least two nameservers, so that you would have to cache poison not one, but two packets successfully. If this is failing, it usually means the domain nameservers are not setup properly. The link you refer to is a bug that has been fixed. Is this really a widespread problem? *ping* ? |