Michael Tremer announced the availability for public testing of the upcoming IPFire 2.19 Core Update 109 maintenance release of the open source Linux-based router and firewall distribution.The most important change included in this update appears to be support for the unbound 1.6.0 recursive and caching DNS resolver in the built-in DNS proxy, which will re-activate QNAME hardening and minimisation below NX domains. The change should also make IPFire check if a router drops DNS responses that are longer than a specific threshold.
"At start time, IPFire now also checks if a router in front of IPFire drops DNS responses which are longer than a certain threshold (some Cisco devices do this to "harden" DNS)," said Michael Tremer in the release announcement. "If this is detected, the EDNS buffer size if reduced which makes unbound fall back to TCP for larger responses."
Unf... (read more)
from Softpedia News / Linux http://ift.tt/2kwzJsS
via IFTTT
No comments:
Post a Comment