+diff --git a/doc/example.conf.in b/doc/example.conf.in
+index 60ed5c8..abd85f9 100644
--- a/doc/example.conf.in
+++ b/doc/example.conf.in
@@ -38,6 +38,8 @@ server:
# the time to live (TTL) value lower bound, in seconds. Default 0.
# If more than an hour could easily give trouble due to stale data.
-@@ -143,9 +154,11 @@ server:
+@@ -146,9 +157,11 @@ server:
# the number of slabs must be a power of 2.
# more slabs reduce lock contention, but fragment memory usage.
# infra-cache-slabs: 4
# Enable IPv4, "yes" or "no".
# do-ip4: yes
-@@ -178,6 +191,8 @@ server:
+@@ -181,6 +194,8 @@ server:
# access-control: ::0/0 refuse
# access-control: ::1 allow
# access-control: ::ffff:127.0.0.1 allow
# if given, a chroot(2) is done to the given directory.
# i.e. you can chroot to the working directory, for example,
-@@ -208,6 +223,7 @@ server:
+@@ -211,6 +226,7 @@ server:
# and the given username is assumed. Default is user "unbound".
# If you give "" no privileges are dropped.
# username: "@UNBOUND_USERNAME@"
# the working directory. The relative files in this config are
# relative to this directory. If you give "" the working directory
-@@ -230,10 +246,12 @@ server:
+@@ -233,10 +249,12 @@ server:
# the pid file. Can be an absolute path outside of chroot/work dir.
# pidfile: "@UNBOUND_PIDFILE@"
# enable to not answer id.server and hostname.bind queries.
# hide-identity: no
-@@ -256,12 +274,15 @@ server:
+@@ -259,12 +277,15 @@ server:
# positive value: fetch that many targets opportunistically.
# Enclose the list of numbers between quotes ("").
# target-fetch-policy: "3 2 1 0 0"
# Harden against out of zone rrsets, to avoid spoofing attempts.
# harden-glue: yes
-@@ -342,7 +363,7 @@ server:
+@@ -345,7 +366,7 @@ server:
# you start unbound (i.e. in the system boot scripts). And enable:
# Please note usage of unbound-anchor root anchor is at your own risk
# and under the terms of our LICENSE (see that file in the source).
# File with DLV trusted keys. Same format as trust-anchor-file.
# There can be only one DLV configured, it is trusted from root down.
-@@ -428,15 +449,18 @@ server:
+@@ -431,15 +452,18 @@ server:
# the amount of memory to use for the key cache.
# plain value in bytes or you can append k, m or G. default is "4Mb".
# key-cache-size: 4m
# plain value in bytes or you can append k, m or G. default is "1Mb".
# neg-cache-size: 1m
+ neg-cache-size: 10k
-
+
# By default, for a number of zones a small default 'nothing here'
# reply is built-in. Query traffic is thus blocked. If you