How can I let specified hosts or networks bypass Unbound with custom-options?
-
I'm using split DNS, with Unbound handling local resolution and NextDNS as my upstream DNS servers. This is great for 90% of my traffic, but I have a test network I am trying to have NOT use Unbound so I can test other scenarios and in the event I need to troubleshooting upstream issues. My server assigns the 2 NextDNS servers to the DHCP hosts and has them specified in General Settings. I don't have forwarding enabled. Here are my Unbound custom options:
server: private-domain: "unraid.net" private-domain: "plex.direct" tls-cert-bundle: "/etc/ssl/cert.pem" forward-zone: name: "." forward-tls-upstream: yes forward-addr: 45.90.28.0#abcdef.dns1.nextdns.io forward-addr: 2a07:a8c0::#abcdef.dns1.nextdns.io forward-addr: 45.90.30.0#abcdef.dns2.nextdns.io forward-addr: 2a07:a8c1::#abcdef.dns2.nextdns.io
Even if I try to manually specify another DNS, say 1.1.1.1 or 8.8.8.8 on one of my testing devices on the test network, it can't resolve addresses. If I put it back to the normal settings it works fine. Is there a way to specify hosts to be able to pass other DNS resolvers?
-
All right. Good talk.
-
@burntoc said in How can I let specified hosts or networks bypass Unbound with custom-options?:
Even if I try to manually specify another DNS, say 1.1.1.1 or 8.8.8.8 on one of my testing devices on the test network, it can't resolve addresses.
Make sure your firewall rules allow DNS queries
and you don't have DNS port forwarding rules for those hosts -
@viktor_g Thanks for this. I’ll double-check both. Pretty sure I disable my rule for the latter weeks ago, and pretty sure the former is covered to but it wouldn’t be the first time I was wrong.
-
No joy. I already had a rule allowing DNS outbound for those addresses as well, and though my redirect floating rule was enabled, disabling it had no effect. If I comment out the fw-address lines it works fine, but then my other queries aren’t all being sent to NextDNS as intended. Right now it is an either/or, and I’m trying to figure out a way to explicitly exclude, or to be able to remove those specific custom options and still have the other use NextDNS.