Commit a20c42dc authored by Ondřej Surý's avatar Ondřej Surý
Browse files

Disable NSEC Aggressive Cache (synth-from-dnssec) by default

It was found that NSEC Aggressive Caching has a significant performance impact
on BIND 9 when used as recursor.  This commit disables the synth-from-dnssec
configuration option by default to provide immediate remedy for people running
BIND 9.12+.  The NSEC Aggressive Cache will be enabled again after a proper fix
will be prepared.
parent 7abd918d
......@@ -193,7 +193,7 @@ options {\n\
# sortlist <none>\n\
stale-answer-enable false;\n\
stale-answer-ttl 1; /* 1 second */\n\
synth-from-dnssec yes;\n\
synth-from-dnssec no;\n\
# topology <none>\n\
transfer-format many-answers;\n\
v6-bias 50;\n\
......
......@@ -6768,7 +6768,9 @@ options {
<para>
Synthesize answers from cached NSEC, NSEC3 and
other RRsets that have been proved to be correct
using DNSSEC. The default is <command>yes</command>.
using DNSSEC. The default is <command>no</command>,
but it will become <command>yes</command> again
in the future releases.
</para>
<para>
Note:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment