I keep running into the bug in #438 on the latest version of pfSense (CE 2.6.0 as of this writing). This pull request would let me resolve the issue myself. My only choice now is to use a different DNS resolver - other resolvers do not have this issue. I'm happy to replace unbound but I prefer to just tweak it to work with Microsoft logins.

Unbound users cannot control what Microsoft and CDNs do with CNAMEs. You've left us out in the cold with no solution. You need to allow this or create a real solution for #438. As it stands I cannot use Unbound with Microsoft services.

I have been running into this MAX_RESTART_COUNT issue for long. Silly enough, I have to create forward-zones for domains affected by this issue and forward the queries to external DNS resolver. This new option is very important and essential in my opinion, since I encounter this issue more and more frequently. Although not a scientific research, it seems a lot of CDNs are using longer and longer cname chain.

In the related issue #438, contributor of this project showed their reluctant to this change in Aug 2021. However, I would encourage the team to review this decision and hopefully merge this pull soon.

In the end we merged this. We have been seeing more demand for a configurable option both here and from other sources.
Thanks for this :)

Just catching up from vacation. Thanks for accepting the change!