Cannot override tcp-upstream and tls-upstream with forward-tcp-upstream and forward-tls-upstream #1128
Description
Hello,
I am not sure if this is a bug or intentional, but thought I would report it here anyways.
I currently use unbound with an upstream DoT server. I use forward-tls-upstream to ensure that all of the upstream requests use implicitly use TLS (in case of bugs like #676)
However, I would also like to use forward-tls-upstream to implicitly set some domains to be resolved via an upstream server over normal DNS over UDP. As such, I have the following configuration:
server:
tcp-upstream: yes
tls-upstream: yes
tls-cert-bundle: "/usr/local/share/certs/ca-root-nss.crt"
forward-zone:
name: .
forward-addr: 194.242.2.3@853#adblock.dns.mullvad.net
forward-zone:
name: "wlan.schiphol.nl"
forward-addr: 192.168.127.97
forward-tls-upstream: no
forward-tcp-upstream: no
My expectation is that when wlan.schiphol.nl is resolved, the 192.168.127.97 server is used via standard DNS over UDP, without encryption. Unfortunately it seems that neither forward-tls-upstream nor forward-tcp-upstream (either together or separately) take preference over the server: setting.
Unbound Version 1.21.0 on FreeBSD13.