different DNS servers for different gateways

Howard Spindel howard at sci1.com
Sat May 11 00:58:47 UTC 2024 

Thank you for the reply, but I doubt if that suggestion would do what I 
was looking for.

The problem with creating forwards specific to certain local zones is 
that the desired forward changes depending on whether the VPN is up or not.

But I appreciate the reply.

Howard

On 5/10/2024 7:30 AM, Petr Menšík via Unbound-users wrote:
> Hello Howard,
>
> I do not think there is simple way to make it working. It should help 
> if you configure forwarding per internal-only domains, which would 
> always target internal VPN server. For general domains, it would 
> forward everything to 9.9.9.9.
>
> We have made dnsconfd project [1] to configure unbound from Network 
> Manager. One of things it should do is split tunelling, which I think 
> you need here. I doubt pfSense would have UI for configuration of 
> subdomain forwarders, but I do not know it. If you can configure your 
> additional unbound snippets in console, then it might work.
>
> if you could have config file with:
>
> forward-zone:
>   name: example.com
>   forward-addr: 10.255.255.2
>
> and repeated for all zones having special content in your VPN, then 
> you could put just 9.9.9.9 into DNS general settings.
>
> Hope this helps.
> Petr
>
> 1. https://github.com/InfrastructureServices/dnsconfd
>
> On 29/03/2024 22:22, Howard Spindel via Unbound-users wrote:
>> I have unbound configured under pfSense+ on a Netgate 8200.  I also 
>> have a Wireguard VPN configured under pfSense.
>>
>> I have DNS forwarding configured under pfSense/DNS Resolver/General 
>> Settings.  That caused unbound to forward to the two DNS server 
>> configured under pfSense General Setup.  The two DNS servers I have 
>> configured there are 10.255.255.2 (the DNS server recommended by my 
>> VPN provider) and 9.9.9.9 (Quad 9 public server).
>>
>> What I want is that when the VPN is up for unbound to forward solely 
>> to 10.255.255.2 and for unbound to fall back to using 9.9.9.9 only 
>> when the VPN is down.
>>
>> What happens now, is that unbound is free to choose either DNS 
>> server, and therefore sometimes chooses 9.9.9.9 when the VPN is up. 
>> When the VPN is down now, I presume that unbound still tries to 
>> forward to 10.255.255.2 but since that is not a routable address when 
>> the VPN is down the lookup will fail and unbound will use 9.9.9.9 
>> instead.
>>
>> Is there a way to tell unbound to use 10.255.255.2 if and only if the 
>> VPN is up?  I can't find it.
>>
>> Thank you.
>>
>> Howard
>>
>>
>>

More information about the Unbound-users mailing list