DNS Unbound Questions
-
First the router is running Pfsense 2.3. I noted that the DNS Resolver (unbound) default install does not have the dns forwarder option checked. Does this imply that the dns root servers will not be checked if a name is not found in the unbound cache? Additionally, I read calomel.org discussion of unbound it indicated that if a name was not found in the cache the dns root was checked, then referred to the tld servers, on the the authoritative server and back to unbound. Is this how unbound works in Pfsense 2.3?
I though potentially if a name was not found in the unbound cache it might go to the upstream ISP dns first and then to the root dns. Unbound sounds great. I am trying to understand its operation. It seems checking with the root dns makes a lot of sense.
-
It works just like the standard Unbound would in non-forwarding mode (in fact all non-forwarding resolution works the same). As an example a query for "www.example.tld" would first consult the root servers for NS records of top level domain ".tld", then query those nameservers for NS records of "example.tld" and finally query those nameservers for "www.example.tld". If any of the records are still in unbound's cache they will be used, otherwise the standard queries will be used to fetch them again.