Update unbound.conf

Data/unbound.conf

@@ -1,5 +1,5 @@
-# Configuration file for Unbound DNS server, which usually resides at: /etc/unbound/unbound.conf
+# Configuration file for Unbound DNS server (usually resides at: /etc/unbound/unbound.conf)
-# ----------------------------------------------------------------------------------------------
+# =========================================================================================
 remote-control:
         control-enable: yes               # allows control using "unbound-control"
 
@@ -16,17 +16,22 @@ server:
 	num-threads: 1
 	aggressive-nsec: yes
 	prefetch: yes                     # refresh expiring cache entries, if less than 10% of their TTL remains
+	prefetch-key: yes
 	hide-identity: yes                # less verbose responses
 	hide-version: yes                 # less verbose responses
 	rrset-cache-size: 100m
 	msg-cache-size: 50m
-	cache-min-ttl: 3600               # 1 hour minimum caching time
+	cache-min-ttl: 3600               # cache positive responses for 1 hour minimum
-	cache-max-ttl: 86400              # 1 day maximum caching time
+	cache-max-ttl: 172800             # cache positive responses for 2 days maximum 
-	cache-max-negative-ttl: 3600      # 1 hour maximum caching time for negative responses
+	cache-max-negative-ttl: 3600      # cache negative responses for 1 hour maximum 
 	so-reuseport: yes                 # faster UDP with multithreading (only on Linux)
 	tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt # for encrypted DNS over TLS
 	verbosity: 0                      # log nothing
 
+forward-zone:
+	name: "fritz.box."
+	forward-addr: 192.168.178.1@53 	  # forward "<hostname>.fritz.box" to local Fritz!Box
+
 forward-zone:
 	name: "."
 	forward-tls-upstream: yes