@m80s said in Unbound issue when set in resolving mode (pfSense Plus - crashing?):
pfSense is plus version
25.07.1 ?
That means that you and me use the same binaries, our programs, libraries, kernel drivers etc are all identical.
To make live easier : let's presume your CPU, RAM etc are ok.
What's left to check ?
I see two points :
You've added a layer of abstraction for your own convenience : a VM, which is a system that is, by itself, way bigger as 'pfSense'. Bigger system = more chances something goes wrong. A solution to exclude the VM as an issue : exclude de VM.
The difference between a work DNS (unbound) and a not working DNS is most often : the settings. Not only the DNS settings, but also, for example, what interfaces are used.
Btw :
@m80s said in Unbound issue when set in resolving mode (pfSense Plus - crashing?):
If I set unbound in forwarding mode
Forward : instead of sending the DNS requests to one of the official DNS Root name servers - this is called resolving, you send DNS request to another resolver.
Both modes do more or less the same : sending requests to a remote server.
I'm very sure that this works very well, as millions of copies of unbound do this a thousand time per second for many years now ^^
If you want that unbound tells you more about what it is doing, you can ask it to do so.
For example :
[image: 1759919398864-0946cc8a-043f-4e0d-ba36-93e6fa3e836b-image.png]
Be ware : this new log should be a temporary settings as higher log levels produce more logs lines. For example, the query level produces log line for every incoming (from pfSense, or one of your LANs) DNS request.
@m80s said in Unbound issue when set in resolving mode (pfSense Plus - crashing?):
ignore local DNS resolution
Can't happen ^^
Resolving : Example : www.facebook.com :
First : unbound contacts one of the big 13 (the root name servers), probably the closest or fastest one, and ask it if it has an IP of the Top Level Domain server (TLD) that handles the dot com's (.com). Of course it has one nearby for you, and thousands exist.
Now it has the TLD server IP that handles the com top level domain, it will ask this server if it can give all de domain name servers IPs (at least 2) of "facebook.com". The TLD hands over the list of all these facebook domain name servers.
Now unbound picks one of the domain name servers, and asks it : what is the IP of "www.facebook.com". The answer comes back, and unbound sends this answer to the device that request "www.facebook.com".
As you can see, you can not resolve locally. A contact with at least 3 different remote servers is needed.
Also : the list with the 13 root servers is build into unbound. their IPs never change.
All other answers are cached !! So a fist resolve might take some time (many ms) but subsequent requests will be served out of the local cache right away, as long as the answer is TTL permitted.