After upgrading to 25.7.8, I configured unbound's blocklist's source nets to include my LAN and IoT networks, excluding my GUEST network. The problem is as soon as someone on the guest network does a lookup of a blocked domain, that domain's IP lookup is cached. After this, that blocked domain's IPs are served to my LAN.
Is there a solution for this? I know I can use a different DNS server for my GUEST network. That is what I was doing before the source nets feature was added to 25.7.8.
Thanks in advance!