1

I have an unbound server that resolves VPN addresses as local data:

local-data: "host1.wireguard. A 10.10.100.10"
local-data: "host2.wireguard. A 10.100.100.11"

Polling it directly returns DNS records just fine. But added a stub zone, that points to the Unbound server, I do not get any results. This is part of configuration from my local unbound:

stub-zone:                                                                                                                                                                                                 
        name: "wireguard"                                                                                                                                                                                         
        stub-addr: 10.10.10.1  # DNS server's address
                                                                                                                                                                                                                                                                                                                                                                                                                                                                   
forward-zone:                                                                                                                                                                                              
        name: "."                                                                                                                                                                                          
        forward-addr: 1.1.1.1@853#cloudflare-dns.com
        forward-addr: 1.0.0.1@853#cloudflare-dns.com

I tried different variations of the config, but to no avail. Anything I am missing?

Emerick Whyte
  • 11
  • 2

1 Answers1

0

If I'm not mistaken, unbound stub-zones are meant to point at authoritative name servers and not other recursive name servers. An Unbound server with local-zones defined is not actually an authoritative name server. I think there's two options:

  1. point to your unbound server as a forward-zone, or

  2. use something like NSD or BIND as an authoritative name server instead of unbound.

imstucktoo
  • 1