Hello everyone, I have OPNSENSE at home running on a MINIPC with N100, and 16GB RAM, now I did UNBOUND DNS and I put a domain in the ALLOWLIST, and I do a cache refresh and everything, it doesn't work.
But if I make an exception for it, it will work. How can I fix this?
https://jumpshare.com/s/5M6HGv9aVYS48Vw0vbFb
This is a frequent Unbound DNS issue on OPNsense where allowlists don't take effect immediately due to caching, CNAME redirects, or incomplete propagation after adding domains.
Check Reporting First
Go to Reporting > Unbound DNS > Overview or Details to spot the blocked domain (and any CNAME chain). Click it to whitelist directly—this auto-adds to Services > Unbound DNS > Blocklists > Allowlist Domains.
Use CLI on OPNsense: dig example.com @127.0.0.1 to trace resolutions and whitelist all linked domains.
Clear Cache Properly
In Services > Unbound DNS > General > Advanced, enable Flush DNS cache on restart. Apply changes, then Reload Unbound (full reload, not just cache refresh). Also restart the service via CLI: service unbound restart.
Flush client DNS too (e.g., ipconfig /flushdns on Windows). Test again—exceptions working confirms blocklist config is fine, just needs refresh.
Official Documentation
Full Unbound setup: [docs.opnsense.org/manual/unbound.html]
Reporting guide: [docs.opnsense.org/manual/reporting_unbound_dns.html]