1

Can I configure Unbound as forwarder but that it alway send a query to ALL upstream DNS servers that I configure and take as valid reply the first in arrive?

Such feature exist in nsmasq pfSense:

In pfSense 1.2.3 and later this behavior has been changed to query all DNS servers at once, and the only the first response received is used and cached. This results in much faster DNS service, and can help smooth over problems that stem from DNS servers which are intermittently slow or have high latency, especially in Multi-WAN environments.

Query DNS servers sequentially By default in pfSense 1.2.3 and later, pfSense queries all DNS servers simultaneously and uses the fastest result. This isn’t always desriable, especially if you use OpenDNS and have site restrictions that could by bypassed by using a faster but less strict DNS server, or it could get results from a public DNS server over a private DNS server on the other end of a VPN. Checking this option goes back to the old behavior where it queries each DNS server in sequence from the top down, and waits for a timeout before moving on to the next DNS server in the list.

  • Most recursive daemons that I know of will not do this. (and will probably never do this; 1:n amplification of client queries is highly undesirable for security reasons) – Andrew B Oct 31 '15 at 04:59
  • 2
    In places where security is not the main concern and you have a very secure upstream DNSs, what does **pfSense** *Services > DNS Forwarder* (nsmasq) is amazing for performance in places where exist a high rate of packets lost. That is what I'm looking for but in Unbound. –  Oct 31 '15 at 12:46
  • That sounds like a DoS attack. You shouldn't query DNS servers without actually wanting to use their reply. If you throw away by default most of the replies then you're (over)loading the DNS servers for nothing. Not an ethical thing to do. – Carlo Wood Aug 25 '18 at 14:44
  • No DoD attack at all. Statistically, each query-response have a huge impact on performance when existing a severe packet loss in the uplinks. –  Aug 27 '18 at 13:02

1 Answers1

0

That's a feature of dnsmasq that doesn't exist in unbound at this time. If you want to use that, you need to stick with DNS Forwarder.

Chris Buechler
  • 2,938
  • 14
  • 18
  • Do you know if I can use in pfSense DNS Forwarder (dnsmasq) and configure it as a cache DNS? Because from the doc, is not clear to me that dnsmasq could work as a DNS cache beside being a forwarder. –  Nov 02 '15 at 18:30
  • 1
    It caches by default, no difference between the two in that regard. – Chris Buechler Nov 04 '15 at 00:43
  • 1
    Thanks a lot for your time Chris and thanks for build so wonderful piece of software. –  Nov 04 '15 at 14:09