server: # Update cache for popular items before they expire. ~10 % traffic # increase according to `man unbound.conf` prefetch: yes # Fetch keys when DS is encountered, lower latency for a bit higher CPU use prefetch-key: yes # Allow expired results to be served if they are in cache. The cache will # get updated the next time. serve-expired: yes # Serve expired data up to one day (RFC 8767) serve-expired-ttl: 86400 # If serving expired data to client, explicitly give it TTL 30 seconds serve-expired-reply-ttl: 30 # Serve expired data to client if there is no answer in 1.8 seconds as per # common timeout 2 seconds according to the RFC 8767 #serve-expired-client-timeout: 1800 # However my /etc/resolv.conf timeout is 1 second since all my nameservers # are localhost, so let's wait 0.8 seconds instead. serve-expired-client-timeout: 800 # Human readable DNSSEC errors for expired records ede-serve-expired: yes # vim: filetype=unbound.conf