diff --git a/library/roles/unbound-resolver/defaults/main.yml b/library/roles/unbound-resolver/defaults/main.yml
index 2ebb4d69..00eb531d 100644
--- a/library/roles/unbound-resolver/defaults/main.yml
+++ b/library/roles/unbound-resolver/defaults/main.yml
@@ -30,6 +30,8 @@ unbound_so_reuseport: 'yes'
 unbound_outgoing_range: 8192
 unbound_num_queries_per_thread: 4096
 
+unbound_max_negative_ttl: 3600
+
 # Stub zones
 # One of stub_host or stub_addr must be defined
 # stub_prime and stub_first are both optional, default 'yes'
diff --git a/library/roles/unbound-resolver/templates/unbound-server.conf b/library/roles/unbound-resolver/templates/unbound-server.conf
index 7216d8e7..251d4532 100644
--- a/library/roles/unbound-resolver/templates/unbound-server.conf
+++ b/library/roles/unbound-resolver/templates/unbound-server.conf
@@ -32,6 +32,9 @@ server:
         so-rcvbuf: {{ unbound_so_rcvbuf }}
         so-sndbuf: {{ unbound_so_sndbuf }}
 
+        # Negative TTL
+        cache-max-negative-ttl: {{ unbound_max_negative_ttl }}
+
         # Faster UDP with multithreading (only on Linux).
 	so-reuseport: {{ unbound_so_reuseport }}
         # with libevent
@@ -52,7 +55,7 @@ stub-zone:
 {% if zone.stub_addr is defined %}
         stub-addr: {{ zone.stub_addr }}
 {% endif %}
-        stub-prime: {{ zone.stub_prime | default('yes') }}
+        stub-prime: {{ zone.stub_prime | default('no') }}
         stub-first: {{ zone.stub_first | default('yes') }}
 
 {% endfor %}