```
### Unbound and odhcpd
-You may ask can Unbound replace dnsmasq? You can have DHCP-DNS records with Unbound and odhcpd only. The UCI scripts will allow Unbound to act like dnsmasq. When odhcpd configures each DHCP lease, it will call a script. The script provided with Unbound will read the lease file for DHCP-DNS records. You **must install** `unbound-control`, because the lease records are added and removed without starting, stopping, flushing cache, or re-writing conf files. (_restart overhead can be excessive with even a few mobile devices._)
+You may ask, "can Unbound replace dnsmasq?" You can have DHCP-DNS records with Unbound and odhcpd only. The UCI scripts will allow Unbound to act like dnsmasq. When odhcpd configures each DHCP lease, it will call a script. The script provided with Unbound will read the lease file for DHCP-DNS records. You **must install** `unbound-control`, because the lease records are added and removed without starting, stopping, flushing cache, or re-writing conf files. (_restart overhead can be excessive with even a few mobile devices._)
Don't forget to disable or uninstall dnsmasq when you don't intend to use it. Strange results may occur. If you want to use default dnsmasq+odhcpd and add Unbound on top, then use the dnsmasq-serial or dnsmasq-parallel methods above.
option leasetime '12h'
option ra 'server'
option ra_management '1'
- # issue your ULA and avoid default [fe80::]
- list dns 'fdxx:xxxx:xxxx::1'
+ # odhcpd should issue ULA [fd00::/8] by default
...
config odhcpd 'odhcpd'
config unbound
Currently only one instance is supported.
+ option add_extra_dns '0'
+ Level. Execute traditional DNS overrides found in `/etc/config/dhcp`.
+ Optional so you may use other Unbound conf or redirect to NSD instance.
+ 0 - Ignore `/etc/config/dhcp`
+ 1 - Use only 'domain' clause (host records)
+ 2 - Use 'domain', 'mxhost', and 'srvhost' clauses
+ 3 - Use all of 'domain', 'mxhost', 'srvhost', and 'cname' clauses
+
option add_local_fqdn '0'
Level. This puts your routers host name in the LAN (local) DNS.
Each level is more detailed and comprehensive.
Bytes. Extended DNS is necessary for DNSSEC. However, it can run
into MTU issues. Use this size in bytes to manage drop outs.
+ option extended_luci '0'
+ Boolean. Extends a tab hierarchy in LuCI for advanced congfiguration.
+
+ option extended_stats '0'
+ Boolean. extended statistics are printed from unbound-control.
+ Keeping track of more statistics takes time.
+
option hide_binddata '1'
Boolean. If enabled version.server, version.bind, id.server, and
hostname.bind queries are refused.
Typical to configure maybe 0~300, but 1800 is the maximum accepted.
option unbound_control '0'
- Boolean. Enables unbound-control application access ports. Enabling
- this without the unbound-control package installed is robust.
+ Level. Enables unbound-control application access ports.
+ 0 - No unbound-control Access, or add your own in 'unbound_ext.conf'
+ 1 - Unencrypted Local Host Access
+ 2 - SSL Local Host Access; auto unbound-control-setup if available
+ 3 - SSL Network Access; auto unbound-control-setup if available
+ 4 - SSL Network Access; static key/pem files must already exist
option validator '0'
Boolean. Enable DNSSEC. Unbound names this the "validator" module.
embedded devices don't have a real time power off clock. NTP needs
DNS to resolve servers. This works around the chicken-and-egg.
- list domain_insecure
- List. Domains or pointers that you wish to skip DNSSEC. Your DHCP
- domains and pointers in dnsmasq will get this automatically.
+ list domain_insecure 'www.example.com'
+ Domain. Domains that you wish to skip DNSSEC. Your DHCP
+ domains and pointers will get this automatically.
+
+ list trigger 'lan' 'wan'
+ Interface (logical). This option is a work around for netifd/procd
+ interaction with WAN DHCPv6. Minor RA or DHCP changes in IP6 can
+ cause netifd to execute procd interface reload. Limit Unbound procd
+ triggers to LAN and WAN (IP4 only) to prevent restart @2-3 minutes.
```