> Nothing at all is allowed on WAN by default, hence there is no open DNS > resolver by default. dnsmasq binds to *:53 by default, so if you do open > up your WAN rules excessively, you'll have an open resolver open to the > Internet. You can control interface bindings in its configuration. In > 2.2, we switched to Unbound by default (for new configurations only, > dnsmasq still used if you upgraded), which is better in that regard > since it has ACLs limiting recursion, which we automatically populate > with your internal subnets.
if one enables wan, perhaps it might not enable 53 inbound. if i upgraded, can i cause it to switch to unbound? randy _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
