@Jesper-1 said in Caching of NXDOMAIN:
When I compare that to the GUI-Top Reply DST IP it says 71% is NXDOMAIN
A break down of what answers were found for what is asked has little to do with that answer was actually resolved or from cache.
You could have 0 or 100% cache hits. That really wouldn't have anything to do with they all had answers or all were NX.
The info there like you provided direct from unbound, is the info you would want to look at to know how much was answered from cache by unbound, and how much was not.
How to interpret what pfblocker might be saying I am not sure - I don't use pfblocker to block any dns, I use it to create aliases that I use in my rules. Sorry. Unbound is the resolver - to know your cache hit or miss rate, you should look to the stats directly from unbound.
Keep mind any sort of stats on NX can be skewed, depending even in your settings to response. For example I block some stuff directly in unbound to respond with NX. Even if said thing might resolve to something, unbound returns NX.