@VMlabman said in Unable to resolve acb.netgate.com:
would allow any DNS server provided by DHCP from my ISP to be used.
Not exactly, it would allow pfsense to use it for its own lookups. Which wouldn't be via tls.. Sure any of those could be used in forwarding, but if they do not support tls then forwarding to with tls enabled in unbound would fail. Only pfsense non tls queries would work.. If your having some issue with unbound being able to resolve acb.netgate as specific times.
Vs putting in your isp dns, or allow for dhcp to add.. You should be able to just allow pfsense to fall back vs just pointing to unbound on loopback.. I believe that is the default setting anyway.
The only way pfsense own queries for anything are via tls, is when it asks unbound to do the lookup, if it directly looks up something from quad9 since its in your list, it would just be a standard dns query over 53.
dnssetup.jpg
What is that setting in your general setup?