qdm12
commented
2 years ago Yes sorry about this, you are completely right. Changed it to 0 in dd1008ba6c363e8552d3ed87d3c224bb806f16f4 so :latest should have it soon! Also you might want to use :v2.0.0-beta which respects this (coded the cache myself π), although it lacks DNSSEC validation for now compared to Unbound.
RIKIKU
The unbound config item cache-min-ttl is currently set to 3600 (1 hour).
Setting the minimum TTL to 3600 as is happening here, causes problems with DNS based load balancers like Azure Traffic Manager in the event of failover.
If a site goes down in one region, these systems dect the issue and start sending traffic to an alternate region by changing the endpoint the dns resolves to. Some TTLs are set to 10 seconds for this reason. Setting the minimum TTL as has been done in this config item, means that if a service/site was to go down, the people using this dns server would not benefit from the load balancer failing over until this ttl expired which might mean that a site/service would be down for up to an hour.
What I propose is that this config item be set to 0 so that the TTL configured by the domain owner is used. I have no problem with this being configurable by the container user. If people want to specifically set a longer TTL then that's up to them, but we shouldn't presume to know what's best for all sites.