Unbound vs DNS Forwarder



  • What is the difference between using the Unbound DNS resolver and the built in DNS Forwarder? Is one better than the other? I've been using the built-in DNS Forwarder in pfSense ever since I started using pfSense, but I was wondering if there's a reason to use Unbound instead.


  • Banned



  • Thanks for the link!

    So pfSense 2.1/2.1.1 has BIND9 as the DNS Forwarder (since it's based on FreeBSD 9) and pfSense 2.2 will have Unbound (since it's based on FreeBSD 10)? I assume that the Unbound package is just the independent Unbound package.


  • Banned

    Nope, 2.1.x uses dnsmasq, 2.2 uses unbound.



  • Gotcha! Is there a reason to use Unbound versus leaving the current DNS Forwarder? I've read a lot of discussions about people switching over, but I can't really find any advantages of doing so. I have pfSense installed in my home network.


  • Banned

    Well, I've already linked to the comparison table, so… not really sure what other information you need.



  • I guess my actual question is: "Is it actually worth it to switch to Unbound for a home network?"

    The link you gave is great, but I would like to get an experienced opinion (which sounds like you might have one :) ).


  • Banned

    Do you actually need the additional features? Like, recursive DNS server with DNSSEC validation?


  • LAYER 8 Global Moderator

    "but I was wondering if there's a reason to use Unbound instead."

    Do you have need of some feature of unbound vs the feature set of dnsmasq (built in dns forwarder)?

    If not then NO there is no reason to use it..  For home setup I would think that pretty anything you would want your local dns to do can be done with dnsmasq - there would be no reason to complicate your setup by using unbound.

    Might as well ask the questions - should I run bind, or should I run ms dns or should I run xyz..  Unless there is some feature that dnsmasq does not provide that you need/want why are needing to run something else when you have been running and I would guess happy with the pfsense default dns forwarder for years?


Log in to reply