Größtenteils habe ich die pihole-unbound Anleitung befolgt, wichtigster Unterschied ist wahrscheinlich, dass ich
serve-expired auf yes gesetzt habe
# If no logfile is specified, syslog is used
# May be set to yes if you have IPv6 connectivity
# You want to leave this to no unless you have *native* IPv6. With 6to4 and
# Terredo tunnels your web browser should favor IPv4 for the same reasons
# Use this only when you downloaded the list of primary root servers!
# Trust glue only if it is within the servers authority
# Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
# Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes
# see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details
# Reduce EDNS reassembly buffer size.
# Suggested by the unbound man page to reduce fragmentation reassembly problems
# TTL bounds for cache
# If enabled, unbound attempts to serve old responses from cache with a TTL of serve-expired-reply-ttl in the response without
# waiting for the actual resolution to finish. The actual resolu tion answer ends up in the cache later on. Default is "no"
# Limit serving of expired responses to configured seconds after expiration. 0 disables the limit. This option only applies when
# serve-expired is enabled. A suggested value per draft-ietf-dnsop-serve-stale-10 is between
# 86400 (1 day) and 259200 (3 days). The default is 0.
# Perform prefetching of close to expired message cache entries
# This only applies to domains that have been frequently queried
# If yes, fetch the DNSKEYs earlier in the validation process, when a DS record is encountered. This lowers the latency of
# requests. It does use a little more CPU. Also if the cache is
# set to 0, it is no use. Default is no
# One thread should be sufficient, can be increased on beefy machines
# UDP schneller mit Multithreading (Tux only).
# Ensure kernel buffer is large enough to not lose messages in traffic spikes
# Ensure privacy of local IP ranges
# If enabled, statistics are cumulative since starting unbound, without clearing the statistics counters
# after logging the statistics. Default is no
# If enabled, extended statistics are printed from unbound-control. Default is off, because keeping track
#of more statistics takes time. The counters are listed in unbound-control.
# Enable remote control with unbound-control(8) here.
# set up the keys and certificates with unbound-control-setup.