unbound/cache.conf: rename to cache.conf.SAMPLE and add scary warnings there

2025-01-23 18:54:28 +01:00 · 2024-04-29 20:46:00 +03:00 · 2024-04-29 20:46:00 +03:00 · 0d0be5f9bc
commit 0d0be5f9bc
parent c23cba37c3
1 changed files with 7 additions and 3 deletions
--- a/etc/unbound/unbound.conf.d/cache.conf.SAMPLE
+++ b/etc/unbound/unbound.conf.d/cache.conf.SAMPLE
@ -1,4 +1,7 @@
 # Increasing caching
+
+# NOTE AT LEAST CACHE-MIN-TTL IF NOTHING ELSE!
+
 # This has potential to increase memory usage to 110m under heavy usage, but
 # I find that unlikely as almost everything is using so short TTLs
 # See also MEMORY CONTROL EXAMPLE in man unbound.conf
@ -12,11 +15,13 @@ server:
 	neg-cache-size: 10m
 	# Increases TTL of all queries to 900 seconds (5 minutes) if upstream has
 	# a lower one. I have been using this since August 2019 without issues.
+	# TODO FIXME
 	#cache-min-ttl: 900
 	# https://blog.apnic.net/2019/11/12/stop-using-ridiculously-low-dns-ttls/
 	# dares setting the minimum cache to something between 40 minute and 60,
 	# so how about 50 minutes? However it predates RFC 8767.
-	#cache-min-ttl: 3000
+	# TODO FIXME
+	cache-min-ttl: 3000
 	# Why not just make it hour directly, while that is considered as a
 	# maximum reasonableish value?
 	cache-min-ttl: 3600
@ -38,8 +43,7 @@ server:
 	# However my /etc/resolv.conf timeout is 1 second since all my nameservers
 	# are localhost, so let's wait 0.8 seconds instead.
 	serve-expired-client-timeout: 800
-	# DNSSEC errors for valid and expired records
-	ede: yes
+	# DNSSEC errors for expired records
 	ede-serve-expired: yes

 # vim: filetype=unbound.conf