Unbound Domain Override for just one Interface

[Com_DAC]

Does anyone know if there is a way to setup a domain override in Unbound for just a single interface? What I'm trying to do is setup a vpn tunnel for a single VLAN and have only clients on that vlan have dns entries forwarded to the dns on the other side where clients on all other vlan's will have their dns requests go to the standard public resolvers.

I'm just hoping there is a way without having to setup another dns server.

Thank you,

[zan]

Can you just create a firewall rule on that interface to route traffic destined to DNS ports through the tunnel?

[Patrick M. Hausen]

Install and activate BIND. Have it listen to e.g. 127.0.0.1:53053 or some such.

Create a master zone for each individual override with just an NS and an A record. Yes, you can have the full FQDN as the domain name and you can have an A record for "@".

Configure BIND to forward all other requests to Unbound, possibly 127.0.0.1:53.

Create a NAT port forward rule for that interface directing TCP and UDP 53 to 127.0.0.1:53053.

Done.

[Com_DAC]

Thank you all for the suggestions. I've come up with one more and that is to just use dnsmasq for the vlan that has access to the tunnel and then use unbound for all other vlan's.

Thank you,