Hello,
I have been wondering about this for a while but can't find an answer.
I'm running Unbound DNS with OPNsense. OpNsense sits behind my internet providers modem/router and setup as a transparent filter bridge. I also have another PC running AdguardHome.
In System > Settings > General , what should I be using for the DNS servers? Should I use the PC running Adguard? If so, would Unbound be bypassed? I'd like to use both.
Thanks
Unbound will listen on port 53 by default unless you change it so it will capture incomming DNS requests on port 53. You could forward your DNS queries to your own DNS resolver in the Unbound Query forwarding. In the Query Forward, enter your DNS server IP and specify a port such as 5353 and set your DNS server to listen for requests on that port. The Unbound DNSBL should still work if you have enabled selections. (Don't select and apply all at once or it will probably timeout and not apply anything). Once you have it all configured you can verify by looking under Reporting > Unbound DNS and see if it still blocks and you should see traffic on the port/IP that you specified to your DNS server on the firewall > Log > Live View.
Some browsers will use DoH by default and they would show up under Intrusion Detection > Administration > Alerts > ET INFO Observed DNS Over HTTPS Domain. Since these are on port 443 it would bypass your DNS server so you need to turn that off in the browser or by policy if you don't want that.