diff --git a/src/etc/inc/plugins.inc.d/unbound.inc b/src/etc/inc/plugins.inc.d/unbound.inc
index 2b203e92f..34e93e6bb 100644
--- a/src/etc/inc/plugins.inc.d/unbound.inc
+++ b/src/etc/inc/plugins.inc.d/unbound.inc
@@ -163,16 +163,24 @@ EOF;
     $bindints = "";
     if (!empty($config['unbound']['active_interface'])) {
         $active_interfaces = explode(",", $config['unbound']['active_interface']);
+        $loopback = false;
         foreach ($active_interfaces as $ubif) {
             $intip = get_interface_ip($ubif);
             if (!empty($intip)) {
                 $bindints .= "interface: $intip\n";
+                if ($intip == '127.0.0.1') {
+                    $loopback = true;
+                }
             }
             $intip = get_interface_ipv6($ubif);
             if (!empty($intip)) {
                 $bindints .= "interface: $intip\n";
             }
         }
+        if (!$loopback) {
+            /* always bind to this loopback IP for system */
+            $bindints .= "interface: 127.0.0.1\n";
+        }
     } else {
         $bindints .= "interface: 0.0.0.0\n";
         $bindints .= "interface: ::0\n";
@@ -696,7 +704,7 @@ function unbound_acls_subnets()
     /* add our networks for active interfaces including localhost */
     $subnets = array('127.0.0.1/8', '::1/64');
 
-    foreach ($active_interfaces as $ubif => $ifdesc) {
+    foreach ($active_interfaces as $ubif => $unused) {
         foreach (legacy_getall_interface_addresses(get_real_interface($ubif)) as $subnet) {
             $subnets[] = $subnet;
         }
diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc
index 087b9f816..8d03abbbc 100644
--- a/src/etc/inc/system.inc
+++ b/src/etc/inc/system.inc
@@ -157,10 +157,7 @@ function system_resolvconf_generate($verbose = false)
         $resolvconf = "domain {$syscfg['domain']}\n";
     }
 
-    /* XXX Unbound should always bind to loopback like Dnsmasq */
-    if (!isset($config['system']['dnslocalhost']) && (isset($config['dnsmasq']['enable']) ||
-      (isset($config['unbound']['enable']) && (empty($config['unbound']['active_interface']) ||
-      in_array('lo0', explode(',', $config['unbound']['active_interface'])))))) {
+    if (!isset($config['system']['dnslocalhost']) && (isset($config['dnsmasq']['enable']) || isset($config['unbound']['enable']))) {
         $resolvconf .= "nameserver 127.0.0.1\n";
     }
 
diff --git a/src/www/services_dnsmasq.php b/src/www/services_dnsmasq.php
index c358a9e0c..da71a1e7e 100644
--- a/src/www/services_dnsmasq.php
+++ b/src/www/services_dnsmasq.php
@@ -349,7 +349,7 @@ $( document ).ready(function() {
                 <tr>
                   <td><a id="help_for_interfaces" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Interfaces"); ?></td>
                   <td>
-                    <select id="interface" name="interface[]" multiple="multiple" class="selectpicker" title="<?= html_safe(gettext('All')) ?>">
+                    <select id="interface" name="interface[]" multiple="multiple" class="selectpicker" title="<?= html_safe(gettext('All (recommended)')) ?>">
 <?php foreach (get_configured_interface_with_descr() as  $iface => $ifacename): ?>
                       <option value="<?= html_safe($iface) ?>" <?=in_array($iface, $pconfig['interface']) ? 'selected="selected"' : "" ?>>
                         <?= html_safe($ifacename) ?>
diff --git a/src/www/services_unbound.php b/src/www/services_unbound.php
index f514c5ff4..6dc738f91 100644
--- a/src/www/services_unbound.php
+++ b/src/www/services_unbound.php
@@ -1,32 +1,32 @@
 <?php
 
 /*
-    Copyright (C) 2018 Fabian Franz
-    Copyright (C) 2014-2016 Deciso B.V.
-    Copyright (C) 2014 Warren Baker <warren@decoy.co.za>
-    All rights reserved.
-
-    Redistribution and use in source and binary forms, with or without
-    modification, are permitted provided that the following conditions are met:
-
-    1. Redistributions of source code must retain the above copyright notice,
-       this list of conditions and the following disclaimer.
-
-    2. Redistributions in binary form must reproduce the above copyright
-       notice, this list of conditions and the following disclaimer in the
-       documentation and/or other materials provided with the distribution.
-
-    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-    POSSIBILITY OF SUCH DAMAGE.
-*/
+ * Copyright (C) 2018 Fabian Franz
+ * Copyright (C) 2014-2016 Deciso B.V.
+ * Copyright (C) 2014 Warren Baker <warren@decoy.co.za>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
 
 require_once("guiconfig.inc");
 require_once("services.inc");
@@ -75,12 +75,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
         if (!empty($pconfig['regdhcpdomain']) && !is_domain($pconfig['regdhcpdomain'])) {
             $input_errors[] = gettext("The domain may only contain the characters a-z, 0-9, '-' and '.'.");
         }
-        if (empty($pconfig['active_interface'])) {
-            $input_errors[] = gettext("A single network interface needs to be selected for the DNS Resolver to bind to.");
-        }
-        if (empty($pconfig['outgoing_interface'])) {
-            $input_errors[] = gettext("A single outgoing network interface needs to be selected for the DNS Resolver to use for outgoing DNS requests.");
-        }
         if (!empty($pconfig['port']) && !is_port($pconfig['port'])) {
             $input_errors[] = gettext("You must specify a valid port number.");
         }
@@ -119,8 +113,16 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
             $a_unboundcfg['txtsupport'] = !empty($pconfig['txtsupport']);
 
             // array types
-            $a_unboundcfg['active_interface'] = !empty( $pconfig['active_interface']) ? implode(",", $pconfig['active_interface']) : array();
-            $a_unboundcfg['outgoing_interface'] = !empty( $pconfig['outgoing_interface']) ? implode(",", $pconfig['outgoing_interface']) : array();
+            if (!empty($pconfig['active_interface'])) {
+                $a_unboundcfg['active_interface'] = implode(',', $pconfig['active_interface']);
+            } elseif (isset($a_unboundcfg['active_interface'])) {
+                unset($a_unboundcfg['active_interface']);
+            }
+            if (!empty($pconfig['outgoing_interface'])) {
+                $a_unboundcfg['outgoing_interface'] = implode(',', $pconfig['outgoing_interface']);
+            } elseif (isset($a_unboundcfg['outgoing_interface'])) {
+                unset($a_unboundcfg['outgoing_interface']);
+            }
 
             write_config("DNS Resolver configured.");
             mark_subsystem_dirty('unbound');
@@ -191,8 +193,7 @@ include_once("head.inc");
                       <tr>
                         <td><a id="help_for_active_interface" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Network Interfaces"); ?></td>
                         <td>
-                          <select name="active_interface[]" multiple="multiple" size="3" class="selectpicker" data-live-search="true">
-                            <option value="" <?=empty($pconfig['active_interface'][0]) ? 'selected="selected"' : ""; ?>><?=gettext("All");?></option>
+                          <select name="active_interface[]" multiple="multiple" class="selectpicker" title="<?= html_safe(gettext('All (recommended)')) ?>">
 <?php
                             foreach (get_possible_listen_ips(false) as $laddr):?>
                             <option value="<?=$laddr['value'];?>" <?=!empty($pconfig['active_interface'][0]) && in_array($laddr['value'], $pconfig['active_interface']) ? 'selected="selected"' : "";?>><?=htmlspecialchars($laddr['name']);?></option>
@@ -323,8 +324,7 @@ include_once("head.inc");
                       <tr class="showadv" style="display:none">
                         <td><a id="help_for_outgoing_interface" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Outgoing Network Interfaces"); ?></td>
                         <td>
-                          <select id="outgoing_interface" name="outgoing_interface[]" multiple="multiple" size="3" class="selectpicker" data-live-search="true">
-                            <option value="" <?=empty($pconfig['outgoing_interface'][0]) ? 'selected="selected"' : ""; ?>><?=gettext("All");?></option>
+                          <select id="outgoing_interface" name="outgoing_interface[]" multiple="multiple" class="selectpicker" title="<?= html_safe(gettext('All (recommended)')) ?>">
 <?php
                             foreach (get_possible_listen_ips(true) as $laddr):?>
                             <option value="<?=$laddr['value'];?>" <?=!empty($pconfig['outgoing_interface'][0]) && in_array($laddr['value'], $pconfig['outgoing_interface']) ? 'selected="selected"' : "";?>>