Unbound Domain Override for just one Interface

Started by Com_DAC, February 06, 2023, 03:48:26 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 06, 2023, 03:48:26 PM
Does anyone know if there is a way to setup a domain override in Unbound for just a single interface? What I'm trying to do is setup a vpn tunnel for a single VLAN and have only clients on that vlan have dns entries forwarded to the dns on the other side where clients on all other vlan's will have their dns requests go to the standard public resolvers.

I'm just hoping there is a way without having to setup another dns server.

Thank you,
February 06, 2023, 05:43:19 PM #1
Can you just create a firewall rule on that interface to route traffic destined to DNS ports through the tunnel?
February 06, 2023, 06:03:54 PM #2
Install and activate BIND. Have it listen to e.g. 127.0.0.1:53053 or some such.

Create a master zone for each individual override with just an NS and an A record. Yes, you can have the full FQDN as the domain name and you can have an A record for "@".

Configure BIND to forward all other requests to Unbound, possibly 127.0.0.1:53.

Create a NAT port forward rule for that interface directing TCP and UDP 53 to 127.0.0.1:53053.

Done.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
February 06, 2023, 08:32:36 PM #3
Thank you all for the suggestions. I've come up with one more and that is to just use dnsmasq for the vlan that has access to the tunnel and then use unbound for all other vlan's.

Thank you,
Print
Go Up Pages1
User actions