diff --git a/etc/unbound/unbound.conf.d/min-ttl-hour.conf b/etc/unbound/unbound.conf.d/min-ttl-hour.conf index 559db07d..852447c1 100644 --- a/etc/unbound/unbound.conf.d/min-ttl-hour.conf +++ b/etc/unbound/unbound.conf.d/min-ttl-hour.conf @@ -1,9 +1,14 @@ server: # Increases TTL of all queries to 3600 seconds (1 hour) if upstream has - # a lower one. I have been using this since August 2019 without issues. + # a lower one. # https://blog.apnic.net/2019/11/12/stop-using-ridiculously-low-dns-ttls/ - # dares setting the minimum cache to something between 40 minute and 60, - # however it predates RFC 8767. + # dares setting the minimum cache on clients to something between 40 + # minutes and 60, however it predates RFC 8767 which again only hits in + # when the authoritative nameserver won't answer in time. + # I wouldn't dare anything over an hour and I think my hour will work due + # to web browsers using their own DNS over HTTPS for Encrypted + # Client-Hello that no one has implemented for system resolver (in April + # 2024) that I know of. cache-min-ttl: 3600 # vim: filetype=unbound.conf