I’m running Unbound on a VPS (Alpine Linux) with both Tailscale (/dev/tailscale0) and a WireGuard client to a commercial VPN (/dev/wg0). In short, it accepts connections from Tailscale and routes them over the VPN.
I have Unbound configured on the VPS responsible for sending DNS queries over TLS DNS. It queries through the VPN using outgoing-interface: with the client 172. IP from WireGuard.
The problem is I’d very much like to forward queries for a zone to my router at home. I’ve got it to work but only if I completely remove outgoing-interface. This is obviously not ideal.
It looks like Unbound isn’t in a hurry to support this — do any workarounds come to mind?
In what way is it not working?
I suppose you could create a stub zone in unbound with the NS record set to the home DNS server. As long as routing is working correctly, you shouldn’t need to specify an interface.
If that doesn’t work, maybe try a different DNS server with more powerful configuration.
The problem is I need Unbound to send queries via one network interface (the VPN) while the specific zone needs to be routed through another.