From 377446e920e9f8bc7e03e29589ca4be9fc954274 Mon Sep 17 00:00:00 2001
From: Henry <hp197@users.noreply.github.com>
Date: Wed, 28 Jun 2023 09:53:59 +0200
Subject: [PATCH] unbound: Added cache-max-negative-ttl setting (#6554)

See: https://forum.opnsense.org/index.php?topic=23747.0

Co-authored-by: Henry <henry@mixict.nl>
---
 .../controllers/OPNsense/Unbound/forms/advanced.xml   | 11 +++++++++++
 .../mvc/app/models/OPNsense/Unbound/Unbound.xml       |  2 ++
 .../templates/OPNsense/Unbound/core/advanced.conf     |  1 +
 3 files changed, 14 insertions(+)

diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Unbound/forms/advanced.xml b/src/opnsense/mvc/app/controllers/OPNsense/Unbound/forms/advanced.xml
index df9a9efd5..456af5040 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Unbound/forms/advanced.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Unbound/forms/advanced.xml
@@ -325,6 +325,17 @@
             not trust (very large) TTL values.
         </help>
     </field>
+    <field>
+        <id>unbound.advanced.cachemaxnegativettl</id>
+        <label>Maximum Negative TTL for RRsets and messages</label>
+        <type>text</type>
+        <help>
+            Configure a maximum Negative Time to live in seconds for RRsets and messages in the cache.
+            When the internal TTL expires the negative response cache item is expired.
+            This can be configured to force the resolver to query for data more often in case you wont
+            get a valid answer.
+        </help>
+    </field>
     <field>
         <id>unbound.advanced.cacheminttl</id>
         <label>Minimum TTL for RRsets and messages</label>
diff --git a/src/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.xml b/src/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.xml
index 77c5ede03..ba660b05a 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.xml
@@ -186,6 +186,8 @@
             </jostletimeout>
             <cachemaxttl type="NumericField">
             </cachemaxttl>
+            <cachemaxnegativettl type="NumericField">
+            </cachemaxnegativettl>
             <cacheminttl type="NumericField">
             </cacheminttl>
             <infrahostttl type="NumericField">
diff --git a/src/opnsense/service/templates/OPNsense/Unbound/core/advanced.conf b/src/opnsense/service/templates/OPNsense/Unbound/core/advanced.conf
index c3f784756..7de8cfafe 100644
--- a/src/opnsense/service/templates/OPNsense/Unbound/core/advanced.conf
+++ b/src/opnsense/service/templates/OPNsense/Unbound/core/advanced.conf
@@ -31,6 +31,7 @@ log-local-actions: {{ set_boolean(OPNsense.unboundplus.advanced.loglocalactions)
 {{ set_numeric_value('outgoing-range', OPNsense.unboundplus.advanced.outgoingrange) }}
 {{ set_numeric_value('jostle-timeout', OPNsense.unboundplus.advanced.jostletimeout) }}
 {{ set_numeric_value('cache-max-ttl', OPNsense.unboundplus.advanced.cachemaxttl) }}
+{{ set_numeric_value('cache-max-negative-ttl', OPNsense.unboundplus.advanced.cachemaxnegativettl) }}
 {{ set_numeric_value('cache-min-ttl', OPNsense.unboundplus.advanced.cacheminttl) }}
 {{ set_numeric_value('infra-host-ttl', OPNsense.unboundplus.advanced.infrahostttl) }}
 infra-keep-probing: {{ set_boolean(OPNsense.unboundplus.advanced.infrakeepprobing) }}