General newbie OPNsense configuration questions

[ibrewster]

I've been working on setting up a new install of OPNsense, and I have a couple of questions about the config

1) One of the features I'm wanting to make use of in OPNsense is the content filtering. Looking at the various options provided, it looks like there are three "levels" of filtering available:
  - The filter results via OpenDNS option
  - DNSBL options for the unbound resolver
  - Web proxy blacklist filtering

Does it make sense to enable more than one of these options? That is, would using the DNSBL option in unbound make filtering queries via OpenDNS redundant? And if I am using the DNSBL, is there any point to using the web proxy filtering as well?

2) Pretty much every website these days is HTTPS. If I were to set up the web proxy, I would want to set it up in a transparent fashion that doesn't require changes on the client side (I don't want to have to re-configure my friends/families computers whenever they come to visit...), so while it could proxy SSL, it wouldn't be decrypting the traffic. As such, is there any point to running the web proxy if filtering is handled via unbound? For unencrypted traffic, the proxy can do caching, which provides a benefit there, but can it cache SSL traffic without decrypting it?

3) It looks like a lot of the performance options are disabled by default. For example, to my understanding turning on forwarding in the unbound DNS resolver can potentially speed up DNS queries noticeably, but it is off by default. Is there any reason I *wouldn't* want to enable the following options in unbound:
  - Query Forwarding
  - Prefetch DNS Key Support (there is a note that it will increase CPU usage, but I have a quad-core 3.4GHz i7, so I'm thinking that's plenty of CPU?)
  - Prefetch Support

4) Along the same lines as #3, are there any other options that are disabled by default that it would make sense to enable for best performance?

Thanks!