Author Topic: Preventing Unbound Reload on ISC DHCP Configuration Change in OPNsense (Read 545 times)

lucky4ever2 · « **on:** March 14, 2024, 03:39:51 pm »

I'm using ISC DHCP and Unbound DNS on an OPNsense server. Whenever I apply a configuration change in DHCP, Unbound also gets reloaded. Since I have a DNSBL with 3.7 million entries, this reload process takes about 5 seconds, causing timeouts for clients making DNS requests. How can I prevent Unbound from reloading every time there's a configuration change in ISC DHCP? Or does anyone have another idea on how to solve this problem?

Patrick M. Hausen · « **Reply #1 on:** March 14, 2024, 03:42:38 pm »

Use a service independent of Unbound for the blocklist. Like AdGuardHome. I found blocklists in Unbound do not scale very well. Just let it do its thing - recursive lookups, sync of local DHCP addresses and names - and leave the blocklists to a tool designed for that.

bestboy · « **Reply #2 on:** March 15, 2024, 08:53:37 am »

Some of the stuff in blocklists is typically not DNS-related and could/should be blocked in general (e.g. DROP, EDROP, etc). You could try to put all your non-DNS related blocking into firewall rules via the URL table alias[1] and only keep DNS-filtering to Unbound's DNSBLs.

[1] https://docs.opnsense.org/manual/how-tos/edrop.html

Author Topic: Preventing Unbound Reload on ISC DHCP Configuration Change in OPNsense (Read 545 times)

lucky4ever2

Preventing Unbound Reload on ISC DHCP Configuration Change in OPNsense

Patrick M. Hausen

Re: Preventing Unbound Reload on ISC DHCP Configuration Change in OPNsense

bestboy

Re: Preventing Unbound Reload on ISC DHCP Configuration Change in OPNsense