Unbound and Multi-WAN forwarder explanation
-
I just upgraded from 2.1.5 to 2.2.1 and would like to switch over to Unbound in the near future.
I understand from the documentation that the recommended setting for Unbound in a Multi-WAN environment is to enable the forwarding function. I'm wondering if someone would help me understand why this is needed?
I have a simple Dual WAN setup where there are two ISPs connecting me to the Internet, WAN1 is set as the default gateway for the OS and I have gateway failover groups and default gateway failover enabled. When the primary WAN connection is down, all routes successfully fail over to the secondary WAN. Why would unbound be different and not work with Multi-WAN when not in forwarding mode ? Or is it just certain types of Multi-WAN scenarios that require forwarding enabled?
-
Never seen such documentation.
-
I should have been more specific:
https://doc.pfsense.org/index.php/Unbound_DNS_Resolver
"Enable Forwarding Mode: Controls whether Unbound will query root servers directly (unchecked, disabled) or if queries will be forwarded to the upstream DNS servers defined …... Forwarding mode is necessary for Multi-WAN Configurations."
-
No idea. You'd need to wait for feedback from someone who wrote the wiki article. Meanwhile, I'd ignore it, does not make sense for failover at all.
-
Default gateway switching is still considered an "experimental" feature. It will work fine in your scenario, but it may not work for others.
We recommend forwarding mode for unbound [only when used with Multi-WAN] because then it could respect a static route for specific forwarders for each WAN. Otherwise it would always send requests to the roots via the default WAN even if it was down.
One could also locate the IP addresses for half the roots and send them across a second WAN, but that's a bit more tedious.
If default gateway switching works for you, there's no problem in keeping forwarding off and letting that do the heavy lifting.
-
That makes a lot of sense! Thanks, I appreciate you taking the time to explain it to me.
As you predicted, it did indeed work with my config. I tested out switching to unbound, leaving forwarding unchecked, choosing both WAN and WAN2 for outgoing network interfaces. I unplugged WAN and the DNS resolution did pause a slight moment while the link was noticed as down and the gateways/routes failed over, then everything continued working solely on WAN2.