Domain forward for /8 in-addr.arpa not working
Paul Wouters
paul at nohats.ca
Sun Mar 23 05:59:56 UTC 2025
On Sat, 22 Mar 2025, Jeremy Beker via Unbound-users wrote:
> I have successfully set up a forward-zone for my `ts.net` domain to tailscale’s DNS and it works great. I
> want to do the same for reverse lookups. All tailscale addresses are in the 100.0.0.0/8 range. So I added
> the following to my config (via the GUI, but verified in the config file):
While not addressing your question, whoever is squatting on 100/8 has
picked a pretty bad range. This is in production all over the internet,
with the first chunk going to Verisign Business and AWS. Perhaps what
was/is intended is to re-use the range 100.64.0.0/10 which is reserved
by RFC6598 for CGNAT and should not appear in the public internet?
> # Forward zones
> forward-zone:
> name: "100.in-addr.arpa"
> forward-addr: 100.100.100.100
As 100.100.100.100 is part of 100.64.0.0/10.
> This does not seem to work. Any request to look up an address (like 100.94.184.34) returns:
Who is 100.94.184.34 ? That must be one of your own or part of the
tailscale re-use of 100.64.0.0/10 ?
Perhaps limiting your range to 100.64.0.0/10 will prevent you mixing up
this tailscale universe with the public DNS universe?
Paul
More information about the Unbound-users
mailing list