From: bert hubert <bert.hubert@netherlabs.nl>
Date: Thu, 21 Jul 2016 10:06:39 +0000 (+0200)
Subject: turn on root-nx-trust by default, and document that
X-Git-Tag: auth-4.0.1~26^2~2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=605038a744a9d1ac37099dca108e40d458ba254b;p=pdns

turn on root-nx-trust by default, and document that
---

diff --git a/docs/markdown/recursor/settings.md b/docs/markdown/recursor/settings.md
index 8f3c40bf9..792c376d5 100644
--- a/docs/markdown/recursor/settings.md
+++ b/docs/markdown/recursor/settings.md
@@ -665,8 +665,7 @@ Don't log queries.
 
 ## `root-nx-trust`
 * Boolean
-* Default: no
-* Available since: 3.7.0
+* Default: no (<= 4.0.0), yes
 
 If set, an NXDOMAIN from the root-servers will serve as a blanket NXDOMAIN for the entire TLD
 the query belonged to. The effect of this is far fewer queries to the root-servers.
diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index bdbee9abf..a4a66d9f8 100644
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -2944,7 +2944,7 @@ int main(int argc, char **argv)
     ::arg().setSwitch( "disable-packetcache", "Disable packetcache" )= "no";
     ::arg().set("edns-subnet-whitelist", "List of netmasks and domains that we should enable EDNS subnet for")="";
     ::arg().setSwitch( "pdns-distributes-queries", "If PowerDNS itself should distribute queries over threads")="";
-    ::arg().setSwitch( "root-nx-trust", "If set, believe that an NXDOMAIN from the root means the TLD does not exist")="no";
+    ::arg().setSwitch( "root-nx-trust", "If set, believe that an NXDOMAIN from the root means the TLD does not exist")="";
     ::arg().setSwitch( "any-to-tcp","Answer ANY queries with tc=1, shunting to TCP" )="no";
     ::arg().setSwitch( "lowercase-outgoing","Force outgoing questions to lowercase")="no";
     ::arg().set("udp-truncation-threshold", "Maximum UDP response size before we truncate")="1680";