Dropping the negative cache TTL as low as possible is really useful.
e.g., I try to resolve a host that's been offline for a while, then boot up the machine. It gets an IP from DHCP, sets its hostname, and now Unbound should know about it. But it doesn't return any results because there's a negative cache entry still there.
Interesting. I don't think that's situation I've typically come across.
My local hosts that don't have a DHCP record don't seem to get cached, despite my setting the default to 900s. Online records are respecting my min of 900s, though. Maybe it's using a different TTL for LAN vs WAN?