DNS best practice for local resolution: Unbound to dnsmasq, or vice versa?

[cinergi]

Hello,

Just wondering what is considered the best practice for local DNS resolution when using Unbound and dnsmasq together: Unbound running as primary resolver on port 53 and forwarding to dnsmasq on some other port for the local domain?  Or vice versa, i.e. dnsmasq on port 53 forwarding non-local queries to Unbound?  I'm currently using the latter setup (dnsmasq 53 --> Unbound 5353) but am wondering if the other setup (Unbound 53 --> dnsmasq 5353) would be better in some way.  The documentation includes both options as valid.

I recall having some issues when I initially tried Unbound --> dnsmasq, specifically Unbound sometimes randomly stopped forwarding local queries to dnsmasq, but that was in the early days of the transition away from ISC DHCP so it may have been a bug that was since fixed.

For the Unbound --> dnsmasq case, what happens for queries to local non-FQDN host names?  For example, if my local domain is home.lan, I would configure Unbound to forward queries for home.lan to dnsmasq; so queries for my-pc.home.lan (for example) would be properly forwarded, no problem there.  But what about non-FQDN queries to my-pc without a domain?  How would Unbound know to forward those as well?

Thanks!

[Monviech (Cedrik)]

Read this section from start to finish, it answers all questions, with examples.

https://docs.opnsense.org/manual/dnsmasq.html#dhcpv4-with-dns-registration

[Maurice]

Are you talking about local overrides created by DHCP? Or a real local zone?
For the latter, neither dnsmasq nor Unbound are good options. These aren't authoritative DNS servers. BIND is and it's available as a plugin for OPNsense.

Cheers
Maurice

[cinergi]

Thanks.  This is for local overrides only, not a real local zone.

I did previously read the guide linked by @monviech, but must have missed a few subleties.  I read it again.  Thanks, all good.

-cinergi