I've never used OpenWrt. Skimming through the docs it looks like it may do what I want. I currently a separate name server and dhcp server on my network running on Linux. I'm very comfortable with Linux and the configuration of DHCP and BIND.
Will OpenWrt give me the same level of access to configure DNS and DHCP as I do now with Linux?
Is it advisable to use my ISP's router for the internet connection and a separate WiFi router for OpenWrt or can I have one device?
If there is any docs for a new comer please let me know.
BIND has been compiled and packaged to run on OpenWrt as an optional package. OpenWrt uses dnsmasq for DHCP(v4) and a custom program called odhcpd for V6; I'm not sure what other DHCP packages are available.
IC DHCPD is EOL, OpenWRT setup is quite elegant that dnsmasq automatically fills local DNS zone for DHCP clients, if you want it you can front dnsmasq for local domains with BIND.
Get bind "rndc status" and count dhcp leases, if it is > 10k cache entries, public soa records, or more than one dhcp subnet you need some detailed setup, otherwise just save leases and zone content and try to figure out how to load them into openwrt dnsmasq.
The simple answer is: "it depends"... because there are many contextual things we don't know about your environment.
That said, generally, if you can remove the ISP router from the equation entirely and use OpenWrt, that's often the best situation. But if your ISP requires their device and/or it is a combo unit that has a modem (cable/DSL/cellular/fiber ONT), you may not have an option to eliminate that hardware. The next best thing is to put that ISP device into bridge mode so that it simply acts as a modem/media converter and doesn't do any routing.
The above assumes that you want a more secure/flexible router. And it also assumes that the hardware you have for OpenWrt is sufficiently powerful for your ISP connection speed. If your OpenWrt device is older or lower-spec than your ISP router (and the ISP speeds you expect), the equation might be different. Also, if you have VOIP or IPTV services that run through the ISP device, that also plays into the requirements.
Also Unbound, is a full DNS resolver which can talk directly to the DNS root servers.
Dnsmasq is only a forwarder, it will ask your nearest DNS (mostly the ISP's servers or Google).
Thus, a forwarders answers are an implicit trust in the DNS server chain that you are using. It's in that sense less secure that it may not return what the root servers would return.
Furthermore, a resolver can use hardening / cryptography techniques to avoid plaintext and verify communication through e.g. DNSSEC. Also better than its forwarder counterpart.
On the flip side, it will use more resources to run.