diff --git a/net/unbound/files/dnsmasq.sh b/net/unbound/files/dnsmasq.sh
index f9eec7d8a..7da19e4b3 100644
--- a/net/unbound/files/dnsmasq.sh
+++ b/net/unbound/files/dnsmasq.sh
@@ -164,7 +164,7 @@ dnsmasq_link() {
   ####################
 
 
-  if [ "$UNBOUND_B_DNSMASQ" -gt 0 ] ; then
+  if [ "$UNBOUND_D_DHCP_LINK" = "dnsmasq" ] ; then
     # Forward to dnsmasq on same host for DHCP lease hosts
     echo "  do-not-query-localhost: no" >> $UNBOUND_CONFFILE
     # Look at dnsmasq settings
diff --git a/net/unbound/files/unbound.sh b/net/unbound/files/unbound.sh
index fce36967e..7b7575aed 100644
--- a/net/unbound/files/unbound.sh
+++ b/net/unbound/files/unbound.sh
@@ -21,7 +21,6 @@
 ##############################################################################
 
 UNBOUND_B_CONTROL=0
-UNBOUND_B_DNSMASQ=0
 UNBOUND_B_DNSSEC=0
 UNBOUND_B_DNS64=0
 UNBOUND_B_GATE_NAME=0
@@ -35,35 +34,40 @@ UNBOUND_B_PRIV_BLCK=1
 UNBOUND_B_QUERY_MIN=0
 UNBOUND_B_QRY_MINST=0
 
-UNBOUND_IP_DNS64="64:ff9b::/96"
-
+UNBOUND_D_DHCP_LINK=none
+UNBOUND_D_PROTOCOL=mixed
 UNBOUND_D_RESOURCE=small
 UNBOUND_D_RECURSION=passive
-UNBOUND_D_PROTOCOL=mixed
 
-UNBOUND_TXT_FWD_ZONE=""
-UNBOUND_TTL_MIN=120
+UNBOUND_IP_DNS64="64:ff9b::/96"
 
 UNBOUND_N_EDNS_SIZE=1280
 UNBOUND_N_FWD_PORTS=""
 UNBOUND_N_RX_PORT=53
 UNBOUND_N_ROOT_AGE=28
 
-##############################################################################
+UNBOUND_TTL_MIN=120
 
-UNBOUND_ANCHOR=/usr/bin/unbound-anchor
-UNBOUND_CONTROL=/usr/bin/unbound-control
+UNBOUND_TXT_DOMAIN=lan
+UNBOUND_TXT_FWD_ZONE=""
+
+##############################################################################
 
 UNBOUND_LIBDIR=/usr/lib/unbound
+UNBOUND_VARDIR=/var/lib/unbound
 
 UNBOUND_PIDFILE=/var/run/unbound.pid
 
-UNBOUND_VARDIR=/var/lib/unbound
 UNBOUND_CONFFILE=$UNBOUND_VARDIR/unbound.conf
 UNBOUND_KEYFILE=$UNBOUND_VARDIR/root.key
 UNBOUND_HINTFILE=$UNBOUND_VARDIR/root.hints
 UNBOUND_TIMEFILE=$UNBOUND_VARDIR/unbound.time
-UNBOUND_CHECKFILE=$UNBOUND_VARDIR/unbound.check
+
+##############################################################################
+
+UNBOUND_ANCHOR=/usr/sbin/unbound-anchor
+UNBOUND_CONTROL=/usr/sbin/unbound-control
+UNBOUND_CONTROL_CFG="$UNBOUND_CONTROL -c $UNBOUND_CONFFILE"
 
 ##############################################################################
 
@@ -109,8 +113,33 @@ create_domain_insecure() {
 ##############################################################################
 
 unbound_mkdir() {
+  local resolvsym=0
+  local dhcp_origin=$( uci get dhcp.@odhcpd[0].leasefile )
+  local dhcp_dir=$( dirname "$dhcp_origin" )
+
+
+  if [ ! -x /usr/sbin/dnsmasq -o ! -x /etc/init.d/dnsmasq ] ; then
+    resolvsym=1
+  else
+    /etc/init.d/dnsmasq enabled || resolvsym=1
+  fi
+
+
+  if [ "$resolvsym" -gt 0 ] ; then
+    rm -f /tmp/resolv.conf
+
+
+    {
+      # Set resolver file to local but not if /etc/init.d/dnsmasq will do it.
+      echo "nameserver 127.0.0.1"
+      echo "nameserver ::1"
+    } > /tmp/resolv.conf
+  fi
+
+
   mkdir -p $UNBOUND_VARDIR
   touch $UNBOUND_CONFFILE
+  rm -f $UNBOUND_VARDIR/dhcp_*
 
 
   if [ -f /etc/unbound/root.hints ] ; then
@@ -148,6 +177,7 @@ unbound_conf() {
   local cfg=$1
   local rt_mem rt_conn modulestring
 
+
   {
     # Make fresh conf file
     echo "# $UNBOUND_CONFFILE generated by UCI $( date )"
@@ -165,15 +195,6 @@ unbound_conf() {
       echo "  control-interface: ::1"
       echo
     } >> $UNBOUND_CONFFILE
-
-  else
-    {
-      # "control:" clause is seperate before "server:" so we can append
-      # dnsmasq "server:" parts and "forward:" cluases towards the end.
-      echo "remote-control:"
-      echo "  control-enable: no"
-      echo
-    } >> $UNBOUND_CONFFILE
   fi
 
 
@@ -496,10 +517,8 @@ unbound_uci() {
   ####################
 
   config_get_bool UNBOUND_B_DNS64     "$cfg" dns64 0
-  config_get_bool UNBOUND_B_GATE_NAME "$cfg" dnsmasq_gate_name 0
-  config_get_bool UNBOUND_B_DNSMASQ   "$cfg" dnsmasq_link_dns 0
+
   config_get_bool UNBOUND_B_HIDE_BIND "$cfg" hide_binddata 1
-  config_get_bool UNBOUND_B_LOCL_NAME "$cfg" dnsmasq_only_local 0
   config_get_bool UNBOUND_B_LOCL_SERV "$cfg" localservice 1
   config_get_bool UNBOUND_B_MAN_CONF  "$cfg" manual_conf 0
   config_get_bool UNBOUND_B_QUERY_MIN "$cfg" query_minimize 0
@@ -516,6 +535,7 @@ unbound_uci() {
   config_get UNBOUND_N_RX_PORT   "$cfg" listen_port 53
   config_get UNBOUND_N_ROOT_AGE  "$cfg" root_age 7
 
+  config_get UNBOUND_D_DHCP_LINK "$cfg" dhcp_link none
   config_get UNBOUND_D_PROTOCOL  "$cfg" protocol mixed
   config_get UNBOUND_D_RECURSION "$cfg" recursion passive
   config_get UNBOUND_D_RESOURCE  "$cfg" resource small
@@ -523,13 +543,42 @@ unbound_uci() {
   config_get UNBOUND_TTL_MIN     "$cfg" ttl_min 120
 
 
-  if [ "$UNBOUND_B_DNSMASQ" -gt 0 ] ; then
-    dnsmasqpath=$( which dnsmasq )
+  if [ "$UNBOUND_D_DHCP_LINK" = "none" ] ; then
+    config_get_bool UNBOUND_B_GATE_NAME "$cfg" dnsmasq_gate_name 0
+    config_get_bool UNBOUND_B_DNSMASQ   "$cfg" dnsmasq_link_dns 0
+
+
+    if [ "$UNBOUND_B_DNSMASQ" -gt 0 ] ; then
+      UNBOUND_D_DHCP_LINK=dnsmasq
+      logger -t unbound -s "Please use 'dhcp_link' selector instead"
+    fi
+  fi
+
+
+  if [ "$UNBOUND_D_DHCP_LINK" = "dnsmasq" ] ; then
+    if [ ! -x /usr/sbin/dnsmasq -o ! -x /etc/init.d/dnsmasq ] ; then
+      UNBOUND_D_DHCP_LINK=none
+    else
+      /etc/init.d/dnsmasq enabled || UNBOUND_D_DHCP_LINK=none
+    fi
 
 
-    if [ ! -x "$dnsmasqpath" ] ; then
+    if [ "$UNBOUND_D_DHCP_LINK" = "none" ] ; then
       logger -t unbound -s "cannot forward to dnsmasq"
-      UNBOUND_B_DNSMASQ=0
+    fi
+  fi
+
+
+  if [ "$UNBOUND_D_DHCP_LINK" = "odhcpd" ] ; then
+    if [ ! -x /usr/sbin/odhcpd -o ! -x /etc/init.d/odhcpd ] ; then
+      UNBOUND_D_DHCP_LINK=none
+    else
+      /etc/init.d/odhcpd enabled || UNBOUND_D_DHCP_LINK=none
+    fi
+
+
+    if [ "$UNBOUND_D_DHCP_LINK" = "none" ] ; then
+      logger -t unbound -s "cannot receive records from odhcpd"
     fi
   fi
 
@@ -557,7 +606,7 @@ unbound_uci() {
   if [ "$UNBOUND_B_MAN_CONF" -gt 0 ] ; then
     # Don't want this being triggered. Maybe we could, but then the
     # base conf you provide would need to be just right.
-    UNBOUND_B_DNSMASQ=0
+    UNBOUND_D_DHCP_LINK=none
 
   else
     unbound_conf $cfg
@@ -567,13 +616,7 @@ unbound_uci() {
 ##############################################################################
 
 unbound_own () {
-  # Debug UCI
-  {
-    echo "# $UNBOUND_CHECKFILE generated by UCI $( date )"
-    echo
-    set | grep ^UNBOUND_
-  } > $UNBOUND_CHECKFILE
-
+  local dhcp_origin=$( uci get dhcp.@odhcpd[0].leasefile )
 
   if [ "$UNBOUND_B_MAN_CONF" -gt 0 ] ; then
     # You are doing your own thing, so just copy /etc/ to /var/
@@ -581,6 +624,12 @@ unbound_own () {
   fi
 
 
+  if [ "$UNBOUND_D_DHCP_LINK" = "odhcpd" -a ! -f "$dhcp_origin" ] ; then
+    # odhcpd will not (yet) create its own lease file home
+    mkdir -p $( dirname "$dhcp_origin" )
+  fi
+
+
   # Ensure access and prepare to jail
   chown -R unbound:unbound $UNBOUND_VARDIR
   chmod 775 $UNBOUND_VARDIR
@@ -606,3 +655,25 @@ unbound_prepare() {
 
 ##############################################################################
 
+unbound_cleanup() {
+  local resolvsym=0
+
+  rootzone_update
+
+
+  if [ ! -x /usr/sbin/dnsmasq -o ! -x /etc/init.d/dnsmasq ] ; then
+    resolvsym=1
+  else
+    /etc/init.d/dnsmasq enabled || resolvsym=1
+  fi
+
+
+  if [ "$resolvsym" -gt 0 ] ; then
+    # set resolver file to normal, but don't stomp on dnsmasq
+    rm -f /tmp/resolv.conf
+    ln -s /tmp/resolv.conf.auto /tmp/resolv.conf
+  fi
+}
+
+##############################################################################
+