Ups, sorry. I forgot to disable S/MIME for the list-mail. But the question remains: What is "best practice" to limit the resources used and to be a good citizen when using unbound as public DNSSEC aware resolver, or is it no recommended at all? Many Thanks Andreas