unbound: tune timeouts for faster recovery after network outages

Lower infra-host-ttl (900s → 120s) and tcp-reuse-timeout (60s → 15s) so unbound recovers faster from upstream TLS forwarder failures instead of staying stuck after ISP outages. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-12 01:53:11 +01:00
parent d1516ddd66
commit 5c111c8d78
1 changed files with 6 additions and 0 deletions
--- a/services/ns/resolver.nix
+++ b/services/ns/resolver.nix
@@ -38,6 +38,12 @@
        do-udp = "yes";
        do-tcp = "yes";
        extended-statistics = true;
+
+        # Recover faster from upstream failures (e.g. ISP outage)
+        # Default 900s is too long - keeps marking servers as bad
+        infra-host-ttl = 120;
+        # Clean up stale TLS connections faster (default 60s)
+        tcp-reuse-timeout = 15;
      };
      remote-control = {
        control-enable = true;