diff --git a/etc/unbound/unbound.conf.d/cache.conf b/etc/unbound/unbound.conf.d/cache.conf
index 36b7b98a..c698d244 100644
--- a/etc/unbound/unbound.conf.d/cache.conf
+++ b/etc/unbound/unbound.conf.d/cache.conf
@@ -23,6 +23,14 @@ server:
 	# Allow expired results to be served if they are in cache. The cache will
 	# get updated the next time.
 	serve-expired: yes
+	# Serve expired data up to one day (RFC 8767)
+	serve-expired-ttl: 86400
+	# Serve expired data to client if there is no answer in 1.8 seconds as per
+	# common timeout 2 seconds according to the RFC 8767
+	#serve-expired-client-timeout: 1800
+	# However my /etc/resolv.conf timeout is 1 second since all my nameservers
+	# are localhost, so let's wait 0.8 seconds instead.
+	serve-expired-client-timeout: 800
 	# DNSSEC errors for valid and expired records
 	ede: yes
 	ede-serve-expired: yes