unbound with AdGuard Home

[Patrick]

Good morning,

I run a small homelab with AdGuard Home DNS proxies, using Quad9 as 
upstream.

I would like to configure unbound as a fallback DNS in case Quad9 is 
down. Running unbound with AGH or Pi-hole seems to be a common 
configuration, but I am not sure how to do it properly, specifically 
with regard to cache management.
In my case, since AGH is properly configured (min ttl, max ttl, blocking 
lists…), I’d like to turn of caching in unbound at this time. My current 
config (on Alpine Linux) is:

root at dns ~ $  cat /etc/unbound/unbound.conf.d/pu.conf
server:
         port: 5335
         do-ip6: no
         verbosity: 0
         edns-buffer-size: 1232

         # recursive resolver
         root-hints: /usr/share/dns-root-hints/named.root

         # disable cache, is redundant with AdGuardHome
         msg-cache-size: 0
         rrset-cache-size: 0

and AGH uses 127.0.0.1:5335 as the fallback upstream.

But I still get the impression that there is caching in unbound:

root at dns ~ $  dig @127.0.0.1 -p 5335 www.thunderbird.net

; <<>> DiG 9.20.11 <<>> @127.0.0.1 -p 5335 www.thunderbird.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31368
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.thunderbird.net.           IN      A

;; ANSWER SECTION:
www.thunderbird.net.    300     IN      A       104.26.2.27
www.thunderbird.net.    300     IN      A       104.26.3.27
www.thunderbird.net.    300     IN      A       172.67.74.82

;; Query time: 189 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1) (UDP)
;; WHEN: Sun Jul 27 15:38:20 CEST 2025
;; MSG SIZE  rcvd: 96


root at dns ~ $  dig @127.0.0.1 -p 5335 www.thunderbird.net

; <<>> DiG 9.20.11 <<>> @127.0.0.1 -p 5335 www.thunderbird.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18346
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.thunderbird.net.           IN      A

;; ANSWER SECTION:
www.thunderbird.net.    296     IN      A       172.67.74.82
www.thunderbird.net.    296     IN      A       104.26.2.27
www.thunderbird.net.    296     IN      A       104.26.3.27

;; Query time: 0 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1) (UDP)
;; WHEN: Sun Jul 27 15:38:24 CEST 2025
;; MSG SIZE  rcvd: 96

What am I missing here?

Regards,
-Patrick