pfSense

This is both a feature request and a regression. In just a few days I've experienced an issue and seen multiple forum posts where, after upgrading to 23.01, DNS has recurring failures, and disabling the "Enable DNSSEC" option fixes it. It was working without issue in 22.05 and earlier versions.

I suggest always disabling DNSSEC when forwarding is enabled in Resolver.

In my case I happened to notice some domains including linkedin.com were suddenly failing to resolve, a couple hours after upgrading. I did try re-enabling DNSSEC but was unable to immediately duplicate the problem, though I didn't wait any amount of time. With DNSSEC off I haven't had any more issues in several days.

A few of the recent forum threads:
https://forum.netgate.com/topic/178042/23-01-upgrade-unbound-issue
https://forum.netgate.com/topic/177217/pfblocker-blocking-all-dns/
https://forum.netgate.com/topic/178050/solved-intermittent-dns-problem-23-01/15

There are multiple recommendations to turn it off dating back years including:
https://forum.netgate.com/topic/120105/enable-dnssec-support-and-opendns/3
https://docs.netgate.com/pfsense/en/latest/troubleshooting/dns.html#check-dns-service
https://support.quad9.net/hc/en-us/articles/4433380601229-Setup-pfSense-and-DNS-over-TLS ("enabling DNSSEC at the forwarder level can cause false DNSSEC failures")