From d0bb7e6ac971f19475870dd2ba1add0c52a0bdd8 Mon Sep 17 00:00:00 2001
From: mibere <mibere@users.noreply.github.com>
Date: Fri, 6 Dec 2019 21:04:12 +0100
Subject: [PATCH] enable aggressive-nsec

for detailed description and benefits read https://medium.com/nlnetlabs/aggressive-use-of-the-dnssec-validated-cache-in-unbound-1ab3e315d13f
---
 unbound.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/unbound.sh b/unbound.sh
index a50b21e..17284ad 100755
--- a/unbound.sh
+++ b/unbound.sh
@@ -67,6 +67,7 @@ server:
   access-control: 0.0.0.0/0 allow
   access-control: ::0/0 allow
   tls-cert-bundle: "/etc/ssl/certs/ca-certificates.crt"
+  aggressive-nsec: yes
 
   local-zone: "belkin." static
   local-zone: "corp." static