Post A1Ms3ZOjrrORJw6DGS by florian@bsd.network
 (DIR) More posts by florian@bsd.network
 (DIR) Post #A1Ms3ZOjrrORJw6DGS by florian@bsd.network
       2020-11-19T16:18:34Z
       
       1 likes, 2 repeats
       
       So I have upgraded my pf.conf on my laptop to protect unwind(8) from saddns.https://pbot.rmdir.de/5KkH3M03q9d-nGFHxAPHlAThe interesting bit isblock drop log allwhich prevents the side channel information leak via the rate limited icmp port unreachable mechanism.Of course this only helps when unwind does it's own recursion. If it talks to a forwarder and that one is vulnerable then we only have dnssec.