From 30a27f980da3cd14993f80406c6cb955582ab350 Mon Sep 17 00:00:00 2001
From: Aminda Suomalainen <suomalainen+git@mikaela.info>
Date: Sat, 27 Apr 2024 15:00:12 +0300
Subject: [PATCH] unbound/cache.conf: RFC 8767ish configuration

---
 etc/unbound/unbound.conf.d/cache.conf | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/etc/unbound/unbound.conf.d/cache.conf b/etc/unbound/unbound.conf.d/cache.conf
index 36b7b98a..c698d244 100644
--- a/etc/unbound/unbound.conf.d/cache.conf
+++ b/etc/unbound/unbound.conf.d/cache.conf
@@ -23,6 +23,14 @@ server:
 	# Allow expired results to be served if they are in cache. The cache will
 	# get updated the next time.
 	serve-expired: yes
+	# Serve expired data up to one day (RFC 8767)
+	serve-expired-ttl: 86400
+	# Serve expired data to client if there is no answer in 1.8 seconds as per
+	# common timeout 2 seconds according to the RFC 8767
+	#serve-expired-client-timeout: 1800
+	# However my /etc/resolv.conf timeout is 1 second since all my nameservers
+	# are localhost, so let's wait 0.8 seconds instead.
+	serve-expired-client-timeout: 800
 	# DNSSEC errors for valid and expired records
 	ede: yes
 	ede-serve-expired: yes