DNS Resolver Outgoing Interfaces should be able to use Gateway Groups
If I use the default Outgoing Interface setting for Unbound (ALL), the DNS Resolver does not really use all interfaces but follows the IPV4/6 default routes for queries. So if the deafult route switches, Unbound uses the new one.
If I select WAN1 and WAN2 as outgoing interfaces, Unbound uses both simultaneously. If one of those interfaces gateways goes down, Unbound does still use that interface for queries and they fail.
So it would be great if Unbound were able to use a loadbalancing Gateway Group (all interfaces in that group as outgoing) and in case of one gateway going down, remove that interface from unbound.conf.
Updated by → luckman212 over 5 years ago
Don't think this is viable at this point because of a larger issue that prevents traffic originating from the firewall itself from using Gateway Groups.
That ticket has stalled out because I didn't have the bandwidth to build a FreeBSD-11-CURRENT system from scratch and set up the firewall in such a way as to replicate the floating rules issue and file a bugreport upstream. I posted to the forum about it as JimP suggested but it didn't take off.
Updated by Jim Pingle almost 2 years ago
That would still only do failover, and wouldn't have the behavior suggested by OP. It should be possible to populate the selected interfaces based on a gateway group so it uses only the active interfaces. It may not be very simple, however, and would require a restart of unbound any time a gateway changed status, which could be disruptive.