Forwarding to another resolver

RayG rgsub1 at btinternet.com
Fri May 24 15:01:40 UTC 2024 

I am trying to use TailScale and I wanted Unbound to resolve TailScale DNS
names.

TailScale has its own mini DNS server which when queried directly works just
fine:

dig ds1.ratmouse.ts.net. @100.100.100.100

; <<>> DiG 9.17.14 <<>> ds1.ratmouse.ts.net. @100.100.100.100 ;; global
options: +cmd ;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57681 ;; flags: qr aa rd
ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ds1.ratmouse.ts.net.          IN      A

;; ANSWER SECTION:
ds1.ratmouse.ts.net.   600     IN      A       100.102.208.83

;; Query time: 4 msec
;; SERVER: 100.100.100.100#53(100.100.100.100) (UDP) ;; WHEN: Wed May 22
14:13:34 GMT Summer Time 2024 ;; MSG SIZE  rcvd: 74

When I try to do that via Unbound I get NXDOMAIN

22/05/2024 14:15:07 C:\Program Files\Unbound\unbound.exe[5756:0] query:
127.0.0.1 ds1.ratmouse.ts.net. A IN
22/05/2024 14:15:07 C:\Program Files\Unbound\unbound.exe[5756:0] reply:
127.0.0.1 ds1.ratmouse.ts.net. A IN NXDOMAIN 0.000000 1 109

dig ds1.ratmouse.ts.net.

; <<>> DiG 9.17.14 <<>> ds1.ratmouse.ts.net.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55170 ;; flags: qr aa
rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;ds1.ratmouse.ts.net.          IN      A

;; AUTHORITY SECTION:
ratmouse.ts.net.       3600    IN      SOA     localhost. nobody1.invalid. 1
3600 1200 604800 10800

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Wed May 22 14:15:07 GMT
Summer Time 2024 ;; MSG SIZE  rcvd: 109

This is the configuration for the forwarding, is there anything I am doing
wrong or have forgotten to include?

server:
     private-domain: "ratmouse.ts.net."
     domain-insecure: "ratmouse.ts.net."

     local-zone: "ratmouse.ts.net." static
     local-data: "ratmouse.ts.net. IN NS localhost."
     local-data: "ratmouse.ts.net. IN SOA localhost. nobody1.invalid. 1 3600
1200 604800 10800"
     local-data: "ratmouse.ts.net. IN A 100.100.100.100"

forward-zone:
     name: "ratmouse.ts.net."
     forward-addr: 100.100.100.100 at 53
     forward-first: yes
     forward-tls-upstream: no
     forward-tcp-upstream: no

Thanks

More information about the Unbound-users mailing list