Correct config for multi-wan unbound
I'm wondering what happens if pfsense has multi-wan but no forwarders are configured:
From the documentation:
Enable DNSSEC Support: Uses DNSSEC to validate DNS queries. Be aware that it is recommended to disable forwarding and allow Unbound to handle all DNS resolution via root servers, which is the default behavior.
Enable Forwarding Mode: Controls whether Unbound will query root servers directly (unchecked, disabled) or if queries will be forwarded to the upstream DNS servers defined under System > General or those obtained by DHCP/PPPoE/etc (checked, enabled). Forwarding mode may be enabled if the upstream DNS servers are trusted and also provide DNSSEC support. Forwarding mode is necessary for Multi-WAN Configurations.
And why is forwarding mode necessary for Multi-WAN?
It's not strictly necessary, but that's the easiest way to accommodate the routing from the host itself in multi-WAN scenarios.