PFSense - DNS - Forward a specific VLAN

Navigate to Services → DNS Resolver.

Add the following to the Custom Options.

server:
    access-control-view: 192.168.10.0/24 bypass
    access-control-view: 192.168.20.0/24 dnsbl
    access-control-view: 192.168.30.0/24 forward    
view:
    name: "bypass"
    view-first: yes
view:
    name: "dnsbl"
    view-first: yes
    include: /var/unbound/pfb_dnsbl.*conf
view:
    name: "forward"
    view-first: yes
    forward-addr: 1.1.1.1
    forward-addr: 8.8.8.8

NOTE: The forward view forwards requests to a couple of DNS servers on the Internet.

forward-addr: the list of nameservers to forward the queries to.

Unbound implements RFC2988 https://tools.ietf.org/html/rfc2988 for SRTT (smoothed round-trip time).
- Unbound keeps track of the round-trip time per address and uses this information in the server selection.
- All addresses with an RTT of not more than 400msec above the lowest RTT are used for the selection.
- From this list of suitable addresses one is randomly picked.

References

https://tools.ietf.org/html/rfc2988