Internal DNS -> fuck it, just use whatever comes with your router / firewall. Not worth any more effort than that. If you want to use it for content blocking, just use ublock in a browser.
Upstream DNS from your ISP -> just use google's DNS servers.
Fuuu it I go with big G then.
I do not need an external DNS. So after reading
this, I will use this DNS in my pfSense box:
127.0.0.1 (Local Unbound)
8.8.8.8 (Upstream DNS Google #1)
8.8.4.4 (Upstream DNS Google #2)
Moreover:
- DNSSEC Support enabled.
- DNS over TLS for upstream forwarders to the DNS Resolver enabled.
- System Domain Local Zone Type:
Transparent: The DNS Resolver will answer the query from local data if there is a match. If there is no match in local data, the query will be passed to upstream DNS servers. If there is a match in the local data, but the type of data for which the query is being made doesn’t exist in the local data, the DNS Resolver will return a no error/no data message.
-
Redirecting all DNS Requests to pfSense enabled.
Interesting will be to see how the Local OpenVPN Server will play along this.
and here I am, I thought DNS was just converting a string to some numbers...