For a desktop, you don't need to write a config file yourself. The script local-unbound-setup
will do that for you automatically. The automatically generated setup looks like this:
# Generated by local-unbound-setup
server:
username: unbound
directory: /var/unbound
chroot: /var/unbound
pidfile: /var/run/local_unbound.pid
auto-trust-anchor-file: /var/unbound/root.key
(The nameservers that you have in resolv.conf
will be added to /var/unbound/forward.conf
. See /usr/sbin/local-unbound-setup
.)
This means that cache-min-ttl
is kept at its default value which, according to the unbound.conf(5) manual page, is zero;
cache-min-ttl: <seconds>
Time to live minimum for RRsets and messages in the cache.
Default is 0. If the the minimum kicks in, the data is cached
for longer than the domain owner intended, and thus less queries
are made to look up the data. Zero makes sure the data in the
cache is as the domain owner intended, higher values, especially
more than an hour or so, can lead to trouble as the data in the
cache does not match up with the actual data any more.