Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unbound and Multi-WAN forwarder explanation

    Scheduled Pinned Locked Moved DHCP and DNS
    6 Posts 3 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cadince
      last edited by

      I just upgraded from 2.1.5 to 2.2.1 and would like to switch over to Unbound in the near future.

      I understand from the documentation that the recommended setting for Unbound in a Multi-WAN environment is to enable the forwarding function.  I'm wondering if someone would help me understand why this is needed?

      I have a simple Dual WAN setup where there are two ISPs connecting me to the Internet, WAN1 is set as the default gateway for the OS and I have gateway failover groups and default gateway failover enabled.  When the primary WAN connection is down, all routes successfully fail over to the secondary WAN.  Why would unbound be different and not work with Multi-WAN when not in forwarding mode ?  Or is it just certain types of Multi-WAN scenarios that require forwarding enabled?

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        Never seen such documentation.

        1 Reply Last reply Reply Quote 0
        • C
          cadince
          last edited by

          I should have been more specific:

          https://doc.pfsense.org/index.php/Unbound_DNS_Resolver

          "Enable Forwarding Mode: Controls whether Unbound will query root servers directly (unchecked, disabled) or if queries will be forwarded to the upstream DNS servers defined …... Forwarding mode is necessary for Multi-WAN Configurations."

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            No idea. You'd need to wait for feedback from someone who wrote the wiki article. Meanwhile, I'd ignore it, does not make sense for failover at all.

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              Default gateway switching is still considered an "experimental" feature. It will work fine in your scenario, but it may not work for others.

              We recommend forwarding mode for unbound [only when used with Multi-WAN] because then it could respect a static route for specific forwarders for each WAN. Otherwise it would always send requests to the roots via the default WAN even if it was down.

              One could also locate the IP addresses for half the roots and send them across a second WAN, but that's a bit more tedious.

              If default gateway switching works for you, there's no problem in keeping forwarding off and letting that do the heavy lifting.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • C
                cadince
                last edited by

                That makes a lot of sense!  Thanks, I appreciate you taking the time to explain it to me.

                As you predicted, it did indeed work with my config.  I tested out switching to unbound, leaving forwarding unchecked, choosing both WAN and WAN2 for outgoing network interfaces.  I unplugged WAN and the DNS resolution did pause a slight moment while the link was noticed as down and the gateways/routes failed over, then everything continued working solely on WAN2.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.