@JKnott the advantage of using non-default servers on guest Wifi is that you're hiding the internal endpoints. That's fine.
But even internal endpoints need access to outside DNS, so it's necessary to have a single DNS address that resolves both.
The extreme case is our email server:
Up to 20 incoming email attempts per second at the extreme, most of which are blocked by RBL lists (accessed through DNS, and with a big cache to keep it efficient.)
AND it must recognize internal names of course ;)
This is why I don't want to reload Unbound on every registration.
Yes, good that static IP's don't cause a reload. Yet we have DHCP for a reason ;) ...
I suppose it's quite logical to rethink that part of the situation as follows:
Endpoints we actually care about ought to receive static IP's. This will not harm Unbound.
Guest endpoints don't need to be registered anyway. They need a (DHCP) IP address, that's all.
Assuming this simple logic is correct, a best practice is to simply disable DHCP registration of new endpoints in DNS and not worry about it ;)
That DOES sit well with me. THANKS!
All I have left to resolve then is the multi-subnet-static-IP strangeness.