@aGeekhere Okay, so the real trouble is actually because of the few clients that you want to bypass the DNS filtering done by 1.1.1.3/1.0.0.3
1: Unbound DNS in pfsense by default does caching of all DNS lookups as TTL records allows. This is the same caching as Lancache does unless you start configuring some out of spec extra caching (of invalid records). If that is your reason to keep lancache in the loop configure Unbound to do the same (out of spec) caching of stale records - it can be done in the advanced settings.
2: Configure Unbound in pfSense to use forwarding instead of the default root recursive resolution. Then Unbound will do all lookups by forwarding to the DNS servers in "SYSTEM -> GENERAL -> DNS Servers"
It will still cache all records, so just hand the clients your pfSense DNS and drop the lancache server.
Using forwarding mode prevents us from exempting specific clients from being DNS filtered pr. the forwarding servers filters. So to have a few clients NOT being filtered things become a little more troublesome. For this you could:
1: Keep the lancache servers for those clients - make a DHCP reservation with a DNS override to hand them the lancache server as the only DNS
2: Configure Lancache to use your preferred public DNS as forwarding servers (1.1.1.1/1.0.0.1).
3: Create a stubzone on Lancache for you internal domain name for clients (the domain name used for your overrides in pfSense), and point that stubzone to forward to pfSense instead of 1.1.1.1/1.0.0.1
This will create the scenario you are looking for.
