Features like "serve expired " on unbound DNS can make a very noticeable impact on browser responsiveness, every page access requires at least one DNS lookup, the majority require multiple, and now days low TTL is common on mainstream services.
OPNSense and pfSense both support this feature as an example but your typical ISP hub, Zyxel or whatever wont have that thing in mind. So what Alex observes I dont think is snake oil.
serve-expired: <yes or no>
If enabled, Unbound attempts to serve old responses from cache with a TTL of serve-expired-reply-ttl: in the response without waiting for the actual resolution to finish. The actual resolution answer ends up in the cache later on.
But yeah pfSense can be ran as a switch, it just isnt designed to be run that way and it will be a software emulated switch.
My opinion is all in one box solutions are just not the way to go for an optimal setup, I use OpenWRT for managed switches and AP's and I use pfSense for firewall, DHCP and routing. When on xDSL I also deliberately kept the modem separate as well so its uptime was independent of the rest of the setup.
Heavyrain yep both the sense's qre behind on shaping, its because the underlying FreeBSD doesnt have them implemented. I have played with Cake and I have the opinion it is superior for home broadband connections. FQ_Codel can be improved with some tinkering though, its defaults are more suited for very fat pipes than things like DSL.