Commit a20c42dc authored by Ondřej Surý's avatar Ondřej Surý
Browse files

Disable NSEC Aggressive Cache (synth-from-dnssec) by default

It was found that NSEC Aggressive Caching has a significant performance impact
on BIND 9 when used as recursor.  This commit disables the synth-from-dnssec
configuration option by default to provide immediate remedy for people running
BIND 9.12+.  The NSEC Aggressive Cache will be enabled again after a proper fix
will be prepared.
parent 7abd918d
...@@ -193,7 +193,7 @@ options {\n\ ...@@ -193,7 +193,7 @@ options {\n\
# sortlist <none>\n\ # sortlist <none>\n\
stale-answer-enable false;\n\ stale-answer-enable false;\n\
stale-answer-ttl 1; /* 1 second */\n\ stale-answer-ttl 1; /* 1 second */\n\
synth-from-dnssec yes;\n\ synth-from-dnssec no;\n\
# topology <none>\n\ # topology <none>\n\
transfer-format many-answers;\n\ transfer-format many-answers;\n\
v6-bias 50;\n\ v6-bias 50;\n\
......
...@@ -6768,7 +6768,9 @@ options { ...@@ -6768,7 +6768,9 @@ options {
<para> <para>
Synthesize answers from cached NSEC, NSEC3 and Synthesize answers from cached NSEC, NSEC3 and
other RRsets that have been proved to be correct other RRsets that have been proved to be correct
using DNSSEC. The default is <command>yes</command>. using DNSSEC. The default is <command>no</command>,
but it will become <command>yes</command> again
in the future releases.
</para> </para>
<para> <para>
Note: Note:
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment