Okay so I am able to use Unbound with clients. All clients point back to the router and are successfully using unbound. However, the router himself is not resolving out. example,
root@OpenWrt:~# opkg update
Downloading https://downloads.openwrt.org/releases/21.02.3/targets/x86/64/packages/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.3/targets/x86/64/packages/Packages.gz
Downloading https://downloads.openwrt.org/releases/21.02.3/packages/x86_64/base/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.3/packages/x86_64/base/Packages.gz
Downloading https://downloads.openwrt.org/releases/21.02.3/packages/x86_64/luci/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.3/packages/x86_64/luci/Packages.gz
Downloading https://downloads.openwrt.org/releases/21.02.3/packages/x86_64/packages/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.3/packages/x86_64/packages/Packages.gz
Downloading https://downloads.openwrt.org/releases/21.02.3/packages/x86_64/routing/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.3/packages/x86_64/routing/Packages.gz
Downloading https://downloads.openwrt.org/releases/21.02.3/packages/x86_64/telephony/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.3/packages/x86_64/telephony/Packages.gz
Collected errors:
* opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.3/targets/x86/64/packages/Packages.gz, wget returned 4.
* opkg_download: Check your network settings and connectivity.
* opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.3/packages/x86_64/base/Packages.gz, wget returned 4.
* opkg_download: Check your network settings and connectivity.
* opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.3/packages/x86_64/luci/Packages.gz, wget returned 4.
* opkg_download: Check your network settings and connectivity.
* opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.3/packages/x86_64/packages/Packages.gz, wget returned 4.
* opkg_download: Check your network settings and connectivity.
* opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.3/packages/x86_64/routing/Packages.gz, wget returned 4.
* opkg_download: Check your network settings and connectivity.
* opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.3/packages/x86_64/telephony/Packages.gz, wget returned 4.
* opkg_download: Check your network settings and connectivity.
Can you point me in the direction of where to read to do such. I followed the Unbound/dnsmasq parallel method line by line and now use of opkg is broken.
With that error symptom, a typical error is that you have not provided a DNS server and gateway address in the router's LAN interface config. (That can easily happen e.g. with dumb APs as the clients gets the info via DHCP, but the router itself has a fixed IP in LAN and needs the DNS and gateway to be set.)
No clear advice for you, but my first guess is that the 'modem' interface with an IP may confuses router's routing: Possibly the traffic originating from the router itself sets the originating IP as '192.168.100.2' and that is unroutable for the actual wan (that has got a proper IP via ISP dhcp).
What does your route table and metrics look like?
You might try removing that "modem" ot at least disable its autostart. (That interface is likely just needed for managing the docsis modem at 192.168.100.1, but is not needed continuously)
set the routers DNS up. OpenWrt uses defaults for dnsmasq and assumes things at times. I ran into issues when i did similar to your config replacing dnsmasq with AdGuardHome.
As i dont require the router to be filtered. i explicitly set the router to have its own upstream that uses regular UDP dns which also avoids the NTP issue. (router doesnt have correct time and cannot update via secure DNS as the time is wrong)
The issue in reference happen to me when i installed unbound to run on port 53. In theory it should have worked since unbound was listening on universal 0.0.0.0:53. sounds to me like some consideration may be over looked with the firewall particularly with "lo" traffic or an issue with unbound default security configurations since it was returning NXdomain for only "some" traffic.