I’m running Unbound on a VPS (Alpine Linux) with both Tailscale (/dev/tailscale0) and a WireGuard client to a commercial VPN (/dev/wg0). In short, it accepts connections from Tailscale and routes them over the VPN.
I have Unbound configured on the VPS responsible for sending DNS queries over TLS DNS. It queries through the VPN using outgoing-interface: with the client 172. IP from WireGuard.
The problem is I’d very much like to forward queries for a zone to my router at home. I’ve got it to work but only if I completely remove outgoing-interface. This is obviously not ideal.
It looks like Unbound isn’t in a hurry to support this — do any workarounds come to mind?
I know what split tunneling is, but I have my routing set up exactly as I’d like.
The issue here is that Unbound seems unable to send queries to one forwarding zone using a specific interface/IP address and sending queries to a second forwarding zone using a completely different interface/IP address.
How would it know what to send? Why are you bothering if Unbound if you know how all the networking works?