Unbound DNS Query Forwarding not working as expected

[BShoppy]

I've got Unbound DNS set up with queries going out with DNS over TLS. Those all work fine. I've now got a VPN connection enabled on OPNSense and I'm trying to forward queries for that domain over that connection to the DNS server on that end.

I have Query Forwarding setup as in the attachment.

When I do a normal query for a host on that domain, I get the following:

Code Select Expand

root@OPNsense:~ # host -vv HOST_NAME.DOMAIN_NAME
Trying "HOST_NAME.DOMAIN_NAME"
;; connection timed out; no servers could be reached

When I tell the query to use the upstream DNS server explicity it works

Code Select Expand

root@OPNsense:~ # host -vv HOST_NAME.DOMAIN_NAME 10.30.50.50
Trying "HOST_NAME.DOMAIN_NAME"
Using domain server:
Name: 10.30.50.50
Address: 10.30.50.50#53
Aliases:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38670
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;HOST_NAME.DOMAIN_NAME.   IN      A

;; ANSWER SECTION:
HOST_NAME.DOMAIN_NAME. 1200 IN    A       10.30.50.119

Received 61 bytes from 10.30.50.50#53 in 32 ms
Trying "HOST_NAME.DOMAIN_NAME"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26674
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;HOST_NAME.DOMAIN_NAME.   IN      AAAA

;; AUTHORITY SECTION:
DOMAIN_NAME.      3600    IN      SOA     DNS_SERVER.DOMAIN_NAME. hostmaster.DOMAIN_NAME. 13379 900 600 86400 3600

Received 102 bytes from 10.30.50.50#53 in 30 ms
Trying "HOST_NAME.DOMAIN_NAME"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 530
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;HOST_NAME.DOMAIN_NAME.   IN      MX

;; AUTHORITY SECTION:
DOMAIN_NAME.      3600    IN      SOA     DNS_SERVER.DOMAIN_NAME. hostmaster.DOMAIN_NAME. 13379 900 600 86400 3600

Received 102 bytes from 10.30.50.50#53 in 30 ms

Anyone have any idea why this is happening?