I only recently discovered, that cloudron uses a local unbound installation as DNS recursor and ignores DNS servers that were in /etc/resolv.conf before installing cloudron. Using unbound to include the local cloudron network, seems a good idea, but I am wondering whether using root DNS servers is necessary. (This is at least what happens on my machine, when resolving external hostnames: unbound queries its way down from the root DNS servers)
As an alternative to the root DNS servers I added a new config /etc/unbound/unbound.conf.d/forward.conf:
forward-zone: name: "." forward-addr: 22.214.171.124 forward-addr: 126.96.36.199
(Cloudflare and Google DNS servers just as an illustration, I used the ones from my VPS hoster)
Two questions/points for discussion on this:
Do you see any problems how this could interact with the local name resolution in an unintended way?
Would it be a good idea to generate such a config file as an optional step during the web-based Cloudron-setup?