Unbound DNS

Started by haim9080, April 05, 2026, 10:32:02 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 05, 2026, 10:32:02 PM
Hello everyone, I have OPNSENSE at home running on a MINIPC with N100, and 16GB RAM, now I did UNBOUND DNS and I put a domain in the ALLOWLIST, and I do a cache refresh and everything, it doesn't work.
But if I make an exception for it, it will work. How can I fix this?


https://jumpshare.com/s/5M6HGv9aVYS48Vw0vbFb
Today at 03:45:17 AM #1
This is a frequent Unbound DNS issue on OPNsense where allowlists don't take effect immediately due to caching, CNAME redirects, or incomplete propagation after adding domains.

Check Reporting First
Go to Reporting > Unbound DNS > Overview or Details to spot the blocked domain (and any CNAME chain). Click it to whitelist directly—this auto-adds to Services > Unbound DNS > Blocklists > Allowlist Domains.

Use CLI on OPNsense: dig example.com @127.0.0.1 to trace resolutions and whitelist all linked domains.

Clear Cache Properly
In Services > Unbound DNS > General > Advanced, enable Flush DNS cache on restart. Apply changes, then Reload Unbound (full reload, not just cache refresh). Also restart the service via CLI: service unbound restart.

Flush client DNS too (e.g., ipconfig /flushdns on Windows). Test again—exceptions working confirms blocklist config is fine, just needs refresh.

Official Documentation
Full Unbound setup: [docs.opnsense.org/manual/unbound.html]

Reporting guide: [docs.opnsense.org/manual/reporting_unbound_dns.html]
Hardware: N5105 Intel Celeron  
                       OPNsense | Home Lab | Linux & Home Automation
                               "Secure the network, automate the rest."
Print
Go Up Pages1
User actions