colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

net: unbound: remove negative caching for better stability

Browse Source 
else sometimes addresses are unresolvable at early boot, and never become reachable again
This commit is contained in:
Colin
2024-12-03 17:30:11 +00:00
parent a72bc90e90
commit c950d286d4
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/common/net/dns.nix
View File

@@ -53,7 +53,7 @@ lib.mkMerge [
# if you enable this, make sure to persist the stateful data. # if you enable this, make sure to persist the stateful data.
# alternatively, use services.unbound.settings.trust-anchor = ... (or trusted-keys-file) # alternatively, use services.unbound.settings.trust-anchor = ... (or trusted-keys-file)
services.unbound.enableRootTrustAnchor = false; services.unbound.enableRootTrustAnchor = false;
services.unbound.settings.server.cache-max-negative-ttl = 60; # services.unbound.settings.server.cache-max-negative-ttl = 60; #< intended to limit damage during networking flakes, but instead this seems to cause unbound to cache error responses it *wouldn't* otherwise cache
# services.unbound.settings.server.use-caps-for-id = true; #< TODO: randomizes casing to avoid spoofing # services.unbound.settings.server.use-caps-for-id = true; #< TODO: randomizes casing to avoid spoofing
services.unbound.settings.server.prefetch = true; # prefetch RRs which are about to expire from the cache, to keep them primed services.unbound.settings.server.prefetch = true; # prefetch RRs which are about to expire from the cache, to keep them primed
}) })