Unbound with split VPN and local domain

Paul Wouters paul at nohats.ca
Mon Apr 15 10:40:24 UTC 2019

>>  Am 14.04.19 um 12:43 schrieb Herbert Meier via Unbound-users:
>>>  Dear experts,
>>>  I would like to configure unbound for my setup but I am totally lost with
>>>  the terminology and the settings. Here is my setup:
>>>     * I have a split VPN client runnging that forwards certain subnets to
>>>     the VPN server and forwards *all* DNS request to the VPN server side
>>>     (I guess all subdomains of myvpn.org <http://myvpn.org> should be
>>>     answered by the DNS on the VPN server side)
>>>     * I have a local router with domain "lan"
>>>     * I would like to use my ISPs DNS but do caching myself (not sure if
>>>     the router does it)
>>>  How could I make all this work, i.e.,
>>>     * Forward all DNS request for *.myvpn.org <http://myvpn.org> through
>>>     VPN

Depending on the vpn software, you can redirect DNS automatically if
running unbound locally. eg libreswan will automatically run
unbound-control to forward the DNS zone(s) obtained from the IKE/IPsec
VPN server, clear cache and do the reverse on disconnect.

I used to have a patch to openvpn to do the same.

but these depend on running unbound on the device that starts the vpn

>>>     * Query the route for for request *.lan

That could be a permanent override as people explained already. You add
it to the unbound config.

>>>     * And use my ISPs DNS (via the router for all other
>>>     queries?

That can be a simple: unbound-forward forward_add "." IpOfISPNameserver
or you can add it statically in the unbound.conf file.


More information about the Unbound-users mailing list