DNS resolution across two sites with Wireguard site-to-site tunnel
-
Two sites, one is a subdomain of the other. Each runs the DNS Forwarder, handling DHCP names and a handful of overrides then falling back to Quad9.
I'd like to have the forwarder look for bare names and reverse lookups at the other site. Ideally DNS would not be totally broken when the tunnel is down.
It seems like --server and --rev-server options could be added to each site for the other site, but those would be "upstream servers" and perhaps not be asked about bare names, which we wouldn't want to leak to Quad9.
What's the right approach? Is there any way to handle this automatically such as when BGP neighbors establish?
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.