Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How can I let specified hosts or networks bypass Unbound with custom-options?

    Scheduled Pinned Locked Moved DHCP and DNS
    5 Posts 2 Posters 613 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      burntoc
      last edited by

      I'm using split DNS, with Unbound handling local resolution and NextDNS as my upstream DNS servers. This is great for 90% of my traffic, but I have a test network I am trying to have NOT use Unbound so I can test other scenarios and in the event I need to troubleshooting upstream issues. My server assigns the 2 NextDNS servers to the DHCP hosts and has them specified in General Settings. I don't have forwarding enabled. Here are my Unbound custom options:

      server:
private-domain: "unraid.net"
private-domain: "plex.direct"
tls-cert-bundle: "/etc/ssl/cert.pem"
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 45.90.28.0#abcdef.dns1.nextdns.io
forward-addr: 2a07:a8c0::#abcdef.dns1.nextdns.io
forward-addr: 45.90.30.0#abcdef.dns2.nextdns.io
forward-addr: 2a07:a8c1::#abcdef.dns2.nextdns.io

      Even if I try to manually specify another DNS, say 1.1.1.1 or 8.8.8.8 on one of my testing devices on the test network, it can't resolve addresses. If I put it back to the normal settings it works fine. Is there a way to specify hosts to be able to pass other DNS resolvers?

      1 Reply Last reply Reply Quote 0
      • B
        burntoc
        last edited by

        All right. Good talk. 👍 👍

        1 Reply Last reply Reply Quote 0
        • viktor_gV
          viktor_g Netgate
          last edited by

          @burntoc said in How can I let specified hosts or networks bypass Unbound with custom-options?:

          Even if I try to manually specify another DNS, say 1.1.1.1 or 8.8.8.8 on one of my testing devices on the test network, it can't resolve addresses.

          Make sure your firewall rules allow DNS queries
          and you don't have DNS port forwarding rules for those hosts

          B 1 Reply Last reply Reply Quote 0
          • B
            burntoc @viktor_g
            last edited by

            @viktor_g Thanks for this. I’ll double-check both. Pretty sure I disable my rule for the latter weeks ago, and pretty sure the former is covered to but it wouldn’t be the first time I was wrong.

            1 Reply Last reply Reply Quote 0
            • B
              burntoc
              last edited by

              No joy. I already had a rule allowing DNS outbound for those addresses as well, and though my redirect floating rule was enabled, disabling it had no effect. If I comment out the fw-address lines it works fine, but then my other queries aren’t all being sent to NextDNS as intended. Right now it is an either/or, and I’m trying to figure out a way to explicitly exclude, or to be able to remove those specific custom options and still have the other use NextDNS.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.