diff --git a/unbound.conf b/unbound.conf
index dfbd635..ae3fcf5 100644
--- a/unbound.conf
+++ b/unbound.conf
@@ -182,6 +182,9 @@ server:
 	# msec to wait before close of port on timeout UDP. 0 disables.
 	# delay-close: 0
 
+	# perform connect for UDP sockets to mitigate ICMP side channel.
+	# udp-connect: yes
+
 	# msec for waiting for an unknown server to reply.  Increase if you
 	# are behind a slow satellite link, to eg. 1128.
 	# unknown-server-time-limit: 376
@@ -213,6 +216,9 @@ server:
 	# minimum wait time for responses, increase if uplink is long. In msec.
 	# infra-cache-min-rtt: 50
 
+	# enable to make server probe down hosts more frequently.
+	# infra-keep-probing: no
+
 	# the number of slabs to use for the Infrastructure cache.
 	# the number of slabs must be a power of 2.
 	# more slabs reduce lock contention, but fragment memory usage.
@@ -835,6 +841,9 @@ server:
 	# service.
 	# http-nodelay: yes
 
+	# Disable TLS for DNS-over-HTTP downstream service.
+	# http-notls-downstream: no
+
 	# DNS64 prefix. Must be specified when DNS64 is use.
 	# Enable dns64 in module-config.  Used to synthesize IPv6 from IPv4.
 	# dns64-prefix: 64:ff9b::0/96