Turn on minimal-reponses and refuse-any per default.

OK sthen

2 files changed, 4 insertions, 4 deletions

diff --git a/usr.sbin/nsd/nsd.conf.5.in b/usr.sbin/nsd/nsd.conf.5.in
index 78215a9c891..33044879f08 100644
--- a/usr.sbin/nsd/nsd.conf.5.in
+++ b/usr.sbin/nsd/nsd.conf.5.in
@@ -375,14 +375,14 @@ Extra data is only added for referrals, when it is really necessary.
 This is different from the \-\-enable-minimal-responses configure time option,
 that reduces packets, but exactly to the fragmentation length, the nsd.conf
 option reduces packets as small as possible.
-The default is no.
+The default is yes.
 .TP
 .B refuse\-any:\fR <yes or no>
 Refuse queries of type ANY.  This is useful to stop query floods trying
 to get large responses.  Note that rrl ratelimiting also has type ANY as
 a ratelimiting type.  It sends truncation in response to UDP type ANY queries,
 and it allows TCP type ANY queries like normal.
-The default is no.
+The default is yes.
 .TP
 .B zonefiles\-check:\fR <yes or no>
 Make NSD check the mtime of zone files on start and sighup.  If you
diff --git a/usr.sbin/nsd/options.c b/usr.sbin/nsd/options.c
index d0bed6a9b94..a74218b345c 100644
--- a/usr.sbin/nsd/options.c
+++ b/usr.sbin/nsd/options.c
@@ -64,8 +64,8 @@ nsd_options_create(region_type* region)
 	opt->logfile = 0;
 	opt->log_time_ascii = 1;
 	opt->round_robin = 0; /* also packet.h::round_robin */
-	opt->minimal_responses = 0; /* also packet.h::minimal_responses */
-	opt->refuse_any = 0;
+	opt->minimal_responses = 1; /* also packet.h::minimal_responses */
+	opt->refuse_any = 1;
 	opt->server_count = 1;
 	opt->tcp_count = 100;
 	opt->tcp_query_count = 0;