Hello Helmut, hi again Michael, Thank you for taking this matter into consideration.
> Do you agree with this characterization? Yes, the disagreement is solely about the default behavior. The functionality to disable forwarding exists and works. > What made you install the resolvconf package? I did not consciously install it. In this case it was likely pulled as a dependency or pre-installed in the server provider's OS install image. I suspect this is the case for many users who are unaware of its interaction with unbound. > Do you also concur here? Yes, removing resolvconf is another workaround I didn't think of. However, users who installed unbound for recursive resolution are unlikely to know that an unrelated package silently changes unbound's behavior. > Would you want to further investigate the consistency aspect? Michael's latest analysis covers this well and I fully agree with it. - bind9: no forwarding by default - knot: no forwarding by default - dnsmasq: forwards by default (but dnsmasq is primarily a forwarder) - systemd-resolved: forwards (but it's not marketed as recursive) Unbound's documentation and purpose align with bind9/knot (recursive resolution), not with dnsmasq/systemd-resolved (forwarding/caching). I note that Michael has now reconsidered his initial position: unbound belongs to the "full recursive resolver" category alongside bind9 and knot, and therefore should not enable the resolvconf hook by default. This aligns with my original argument. I'm glad we reached consensus. What are the next steps to implement this change? Thank you both, LRob
