unbound: tweak settings

machines/valkyrie/unbound/default.nix

@@ -18,6 +18,7 @@
 
           hide-identity = true;
           hide-version = true;
+          identity = "Server";
 
           # Trust glue only if it is within the server's authority
           harden-glue = true;
@@ -43,17 +44,30 @@
           # This attempts to reduce latency by serving the outdated record before
           # updating it instead of the other way around. Alternative is to increase
           # cache-min-ttl to e.g. 3600.
-          cache-min-ttl = 0;
+          cache-min-ttl = 300;
+          cache-max-ttl = 86400;
           serve-expired = true;
 
+          # Set cache size. rrset-cache-size should be twice what msg-cache-size is
           rrset-cache-size = "256m";
           msg-cache-size = "128m";
           msg-cache-slabs = 4;
-          # One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1.
+
+          # One thread should be sufficient, can be increased on beefy machines. In reality for most users running on
+          # small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1.
           num-threads = 2;
 
+          # Leave sections that are not requested out of the response message
+          # Reduces response message significantly and may prevent TCP fallback
+          # for some responses
+          minimal-response = true;
+
           # Ensure kernel buffer is large enough to not lose messages in traffic spikes
           so-rcvbuf = "8m";
+          so-sndbuf = "8m";
+
+          # Improve UDP performance with multithreading
+          so-reuseport = true;
 
           # Ensure privacy of local IP ranges
           private-address = [