Hello,
Just wondering what is considered the best practice for local DNS resolution when using Unbound and dnsmasq together: Unbound running as primary resolver on port 53 and forwarding to dnsmasq on some other port for the local domain? Or vice versa, i.e. dnsmasq on port 53 forwarding non-local queries to Unbound? I'm currently using the latter setup (dnsmasq 53 --> Unbound 5353) but am wondering if the other setup (Unbound 53 --> dnsmasq 5353) would be better in some way. The documentation includes both options as valid.
I recall having some issues when I initially tried Unbound --> dnsmasq, specifically Unbound sometimes randomly stopped forwarding local queries to dnsmasq, but that was in the early days of the transition away from ISC DHCP so it may have been a bug that was since fixed.
For the Unbound --> dnsmasq case, what happens for queries to local non-FQDN host names? For example, if my local domain is home.lan, I would configure Unbound to forward queries for home.lan to dnsmasq; so queries for my-pc.home.lan (for example) would be properly forwarded, no problem there. But what about non-FQDN queries to my-pc without a domain? How would Unbound know to forward those as well?
Thanks!
Read this section from start to finish, it answers all questions, with examples.
https://docs.opnsense.org/manual/dnsmasq.html#dhcpv4-with-dns-registration
Are you talking about local overrides created by DHCP? Or a real local zone?
For the latter, neither dnsmasq nor Unbound are good options. These aren't authoritative DNS servers. BIND is and it's available as a plugin for OPNsense.
Cheers
Maurice
Thanks. This is for local overrides only, not a real local zone.
I did previously read the guide linked by @monviech, but must have missed a few subleties. I read it again. Thanks, all good.
-cinergi