Re: IN TXT & NULL trash records

[ѽ҉ᶬḳ℠ via Unbound-users]

Not to cache TXT records in general sounds sort of detrimental to the concept of a caching resolver. And apparently none of the resolvers does evaluate which TXT records are legitimate and which are useless/nefarious - as in being attempts of DNS tunnelling. TXT records might be required for SPF/DKIM/DMARC. NULL records on the other hand should perhaps not be cached, or even permitted for queries, considering https://tools.ietf.org/html/rfc1035 NULLs are used as placeholders in some experimental extensions of the DNS As far as I have read and understood the best protection against DNS Tunnelling is traffic analysis, e.g. firewall with deep packet inspection, and/or tools for payload analysis. On 22.11.2018 11:35,  Unbound-users wrote: Hello, First of all : great project and product, thanks a lot for that:) I would appreciate if you could give me some hint... Since I am observing a lot of DNS Tunnel “users” , the cache started to store totally useless records of type TXT and NULL.   Of course, never ending struggle called blocking DNS Tunnel domains helps, but from time to time appears sth new, that makes mess.   Can we configure unbound to not to store TXT & NULL records? Or if you think this idea is silly, please let me know😊 Thanks a lot Maciej