Unbound DNS -- A few questions

mokaz · November 28, 2024, 06:30:25 AM

Hi there all,

I'm here using Unbound DNS on OPNSense and I'd have a few questions about it.

what is the difference(s) between Domain Overrides AND Query Forwarding?
if using one or the other (Overrides OR Query Forwarding) is there a possibility to log where each queries are sent?

My goal is simple, forward a few domains onto internal servers while carrying the rest over DoT although I'd want to assess that internally geared resolutions aren't attempted toward the DoT setup. And well, tcpdump'ing DoT give some info's but obviously no queries details, which is the DoT purpose ain't it =)

Let me know,
Thanks,
m.

dseven · November 28, 2024, 10:42:52 AM

Some past discussion: https://forum.opnsense.org/index.php?topic=29813.0

mokaz · November 28, 2024, 02:28:02 PM

Thanks a lot -- I'll take that as my best practice around that:

----
Domain Overrides are now considered deprecated, you should only use Query Forwarding / DNS over TLS for new setups. That's actually documented, but I agree that a hint in the UI wouldn't hurt. Changing the name to "Domain Overrides (legacy)" might be sufficient. Thoughts?
----

Cheers,
m.

Unbound DNS -- A few questions

mokaz

November 28, 2024, 06:30:25 AM

dseven

November 28, 2024, 10:42:52 AM #1

mokaz

November 28, 2024, 02:28:02 PM #2