Preventing Unbound Reload on ISC DHCP Configuration Change in OPNsense

Started by lucky4ever2, March 14, 2024, 03:39:51 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 14, 2024, 03:39:51 PM
I'm using ISC DHCP and Unbound DNS on an OPNsense server. Whenever I apply a configuration change in DHCP, Unbound also gets reloaded. Since I have a DNSBL with 3.7 million entries, this reload process takes about 5 seconds, causing timeouts for clients making DNS requests. How can I prevent Unbound from reloading every time there's a configuration change in ISC DHCP? Or does anyone have another idea on how to solve this problem?
March 14, 2024, 03:42:38 PM #1
Use a service independent of Unbound for the blocklist. Like AdGuardHome. I found blocklists in Unbound do not scale very well. Just let it do its thing - recursive lookups, sync of local DHCP addresses and names - and leave the blocklists to a tool designed for that.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 15, 2024, 08:53:37 AM #2
Some of the stuff in blocklists is typically not DNS-related and could/should be blocked in general (e.g. DROP, EDROP, etc). You could try to put all your non-DNS related blocking into firewall rules via the URL table alias[1] and only keep DNS-filtering to Unbound's DNSBLs.


[1] https://docs.opnsense.org/manual/how-tos/edrop.html
Print
Go Up Pages1
User actions