Setting Unbound outgoing network interface to gateway group?
-
I am using Unbound as my DNS resolver, and I currently have the Outgoing Network Interface set to a Wireguard VPN interface. This allows me to send queries to the authoritative servers through a wireguard tunnel.
My problem is, if this tunnel goes down, I lose DNS. Is there any way to set the Outgoing Interface to a gateway group instead of an interface? I have a gateway group with two tunnels in it, one acting as a fallback solution, so this would be ideal to use in Unbound as well.
Thanks!
-
Never did figure this out, does anyone have a solution for this?
-
Make sure all the tunnels you want are included in Unbound outgoing interfaces. Assign higher priority to vpn tunnels in your gateway group but include your default wan at a lower priority. Create a firewall rule on your LAN interface filtering DNS and under advanced options select your VPN group (which also includes default WAN at a lower priority). If you want add a tag like "dns" and in your default_out_WAN rule (which should be below your dns rule) under advance options select the !dns tag.
I think that should work, you will send your dns traffic over vpn tunnels but if they ALL go down you won't lose dns.