Forwarding to another resolver
RayG
rgsub1 at btinternet.com
Fri May 24 15:01:40 UTC 2024
I am trying to use TailScale and I wanted Unbound to resolve TailScale DNS
names.
TailScale has its own mini DNS server which when queried directly works just
fine:
dig ds1.ratmouse.ts.net. @100.100.100.100
; <<>> DiG 9.17.14 <<>> ds1.ratmouse.ts.net. @100.100.100.100 ;; global
options: +cmd ;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57681 ;; flags: qr aa rd
ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;ds1.ratmouse.ts.net. IN A
;; ANSWER SECTION:
ds1.ratmouse.ts.net. 600 IN A 100.102.208.83
;; Query time: 4 msec
;; SERVER: 100.100.100.100#53(100.100.100.100) (UDP) ;; WHEN: Wed May 22
14:13:34 GMT Summer Time 2024 ;; MSG SIZE rcvd: 74
When I try to do that via Unbound I get NXDOMAIN
22/05/2024 14:15:07 C:\Program Files\Unbound\unbound.exe[5756:0] query:
127.0.0.1 ds1.ratmouse.ts.net. A IN
22/05/2024 14:15:07 C:\Program Files\Unbound\unbound.exe[5756:0] reply:
127.0.0.1 ds1.ratmouse.ts.net. A IN NXDOMAIN 0.000000 1 109
dig ds1.ratmouse.ts.net.
; <<>> DiG 9.17.14 <<>> ds1.ratmouse.ts.net.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55170 ;; flags: qr aa
rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;ds1.ratmouse.ts.net. IN A
;; AUTHORITY SECTION:
ratmouse.ts.net. 3600 IN SOA localhost. nobody1.invalid. 1
3600 1200 604800 10800
;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Wed May 22 14:15:07 GMT
Summer Time 2024 ;; MSG SIZE rcvd: 109
This is the configuration for the forwarding, is there anything I am doing
wrong or have forgotten to include?
server:
private-domain: "ratmouse.ts.net."
domain-insecure: "ratmouse.ts.net."
local-zone: "ratmouse.ts.net." static
local-data: "ratmouse.ts.net. IN NS localhost."
local-data: "ratmouse.ts.net. IN SOA localhost. nobody1.invalid. 1 3600
1200 604800 10800"
local-data: "ratmouse.ts.net. IN A 100.100.100.100"
forward-zone:
name: "ratmouse.ts.net."
forward-addr: 100.100.100.100 at 53
forward-first: yes
forward-tls-upstream: no
forward-tcp-upstream: no
Thanks
More information about the Unbound-users
mailing list