unbound has a bunch of `ratelimit` options that may help you out.
On Tue, Apr 10, 2018 at 12:27 AM, W.C.A. Wijngaards via Unbound-users <
unbound-users@unbound.net> wrote:
> Hi Mahdi,
>
> This may not be what you are looking for but the just released
> aggressive-nsec: yes option uses DNSSEC
Hi Peter,
I think you are mixing up how DNScrypt in unbound work. By using:
```
interface: 0.0.0.0@443
interface: ::0@443
##DNSCRYPT
dnscrypt:
dnscrypt-enable:yes
dnscrypt-port:443
dnscrypt-provider:2.dnscrypt-cert.cryptostorm.is.
Hi Sebastian,
There is currently no easy way to rotate the certificates without
restarting unbound.
You can gracefully rotate certs by using
https://github.com/NLnetLabs/unbound/commit/52e2331dd495ca820c631d9aab6649455cb0c6e5#diff-47ddff7bf6b45ab98520775e2a29b9fd
to advertise new certs while
Hi Nick,
I have little experience with the python module, but based on how the
dnscrypt protocol is made, you could find out which certificate was chosen
based on the client magic:
https://github.com/jedisct1/dnscrypt-proxy/blob/master/DNSCRYPT-V2-PROTOCOL.txt#L55
Manu
On Tue, Dec 5, 2017 at