Being a newbie with OPNsense I am trying to determine what comes with the default install. I noticed that Unbound DNS is enabled by default, whereas DNSMasq is not. Is there a rationale to use one vs the other, and if you do not use the other one should you uninstall it?
In the default modes Unbound is safer and leaks less of your privacy or at least makes it harder to be meddled with by your ISP. Some ISPs meddle so much that Unbound breaks where you have to set it to forwarder mode to keep working using your ISPs server instead of root servers.
Dnsmasq does the same thing as the Unbound forward mode, but it doesn't cache your results.
The reason we still have both in the base install is because Dnsmasq used to be the default but now it's Unbound and we don't want to break older setups by moving Dnsmasq to a plugin prematurely.
Cheers,
Franco
So I do not enable Dnsmaq and I am good...thanks!
Basically yes. If you want super light footprint forwarding Dnsmasq might do the trick. Otherwise Unbound is the way to go these days.
Cheers,
Franco
Ahhh so what is really the difference is that Unbound is an authoritative DNS, whereas Dnsmasq will forward to an authoritative source. Now that makes sense. Staying with Unbound then.
Yes, well, almost, I think Unbound has issues with CNAME...
Cheers,
Franco