When I configured Unbound for the first time the other day, there was a load of gibberish in the Custom Options box, like this:
(https://xec.net/share/unbound.png)
(This is not the actual gibberish, just a reasonable approximation.)
What is that? It looks like an SSL key or something. I removed it before activating Unbound and it doesn't seem to have made any difference.
Looks like your browser auto-filled this. The field is empty in the factory defaults.
It's not even valid Unbound configuration... ;)
Cheers,
Franco
Mystery solved, kind of. I migrated to OPNsense from pfSense in 2018, by loading a pfSense backup into OPNsense, and as it happens I still have the pfSense backup file I used. The aforementioned gibberish is in that pfSense file, so it must be a pfSense thing that I accidentally brought over.
Still don't know what it was for, but at least I know there was no reason to retain it.
Aha, shortly after we forked pfSense wrapped Unbound custom options in base64 encoding:
https://github.com/pfsense/pfsense/commit/cfb5073f83f#diff-5bf78c81501a59415da0efb3637dc4b05b112046792f5c2a1559412eab2f58eeR3539
to fix an issue that we have never seen apparently. :)
So in this encoded string were your original Unbound custom options.
Cheers,
Franco
That explains why it was not present in earlier pfSense backup files.
I had never actually used Unbound in pfSense, so the contents of the encoded field should have been empty; but I retrieved the actual encoded string from the pfSense backup file and it decoded to this:
server:
forward-zone:
name: "."
forward-ssl-upstream: yes
forward-addr: 1.1.1.1@853
forward-addr: 1.0.0.1@853
forward-addr: 9.9.9.9@853
forward-addr: 149.112.112.112@853
I have no idea why. I never inserted those values. But at least now I know what it was.
...maybe you played around with this here
https://www.netgate.com/blog/dns-over-tls-with-pfsense.html
I don't think I did; I've been using Dnsmasq until now. But I suppose it's possible I did it and forgot. Wouldn't be the first time.