Re: different DNS servers for different gateways

Fri, 10 May 2024 07:36:56 -0700 

Hello Howard,
I do not think there is simple way to make it working. It should help if you configure forwarding per internal-only domains, which would always target internal VPN server. For general domains, it would forward everything to 9.9.9.9. 


We have made dnsconfd project [1] to configure unbound from Network 
Manager. One of things it should do is split tunelling, which I think 
you need here. I doubt pfSense would have UI for configuration of 
subdomain forwarders, but I do not know it. If you can configure your 
additional unbound snippets in console, then it might work.


if you could have config file with:

forward-zone:
  name: example.com
  forward-addr: 10.255.255.2


and repeated for all zones having special content in your VPN, then you 
could put just 9.9.9.9 into DNS general settings.


Hope this helps.
Petr

1. https://github.com/InfrastructureServices/dnsconfd

On 29/03/2024 22:22, Howard Spindel via Unbound-users wrote:

I have unbound configured under pfSense+ on a Netgate 8200.  I also 
have a Wireguard VPN configured under pfSense.



I have DNS forwarding configured under pfSense/DNS Resolver/General 
Settings.  That caused unbound to forward to the two DNS server 
configured under pfSense General Setup.  The two DNS servers I have 
configured there are 10.255.255.2 (the DNS server recommended by my 
VPN provider) and 9.9.9.9 (Quad 9 public server).



What I want is that when the VPN is up for unbound to forward solely 
to 10.255.255.2 and for unbound to fall back to using 9.9.9.9 only 
when the VPN is down.



What happens now, is that unbound is free to choose either DNS server, 
and therefore sometimes chooses 9.9.9.9 when the VPN is up. When the 
VPN is down now, I presume that unbound still tries to forward to 
10.255.255.2 but since that is not a routable address when the VPN is 
down the lookup will fail and unbound will use 9.9.9.9 instead.



Is there a way to tell unbound to use 10.255.255.2 if and only if the 
VPN is up?  I can't find it.


Thank you.

Howard




--
Petr Menšík
Software Engineer, RHEL
Red Hat, https://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB























					Reply via email to