On Sat, 22 Mar 2025, Jeremy Beker via Unbound-users wrote:
I have successfully set up a forward-zone for my `ts.net` domain to tailscale’s DNS and it works great. I want to do the same for reverse lookups. All tailscale addresses are in the 100.0.0.0/8 range. So I added the following to my config (via the GUI, but verified in the config file):
While not addressing your question, whoever is squatting on 100/8 has picked a pretty bad range. This is in production all over the internet, with the first chunk going to Verisign Business and AWS. Perhaps what was/is intended is to re-use the range 100.64.0.0/10 which is reserved by RFC6598 for CGNAT and should not appear in the public internet?
# Forward zones forward-zone: name: "100.in-addr.arpa" forward-addr: 100.100.100.100
As 100.100.100.100 is part of 100.64.0.0/10.
This does not seem to work. Any request to look up an address (like 100.94.184.34) returns:
Who is 100.94.184.34 ? That must be one of your own or part of the tailscale re-use of 100.64.0.0/10 ? Perhaps limiting your range to 100.64.0.0/10 will prevent you mixing up this tailscale universe with the public DNS universe? Paul
