From 8e35d4f0c1e6436e0a6d4facb8c939dd150f4d79 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Tue, 17 Jun 2025 22:30:37 +0000
Subject: [PATCH] unwind: Fallback to UDP if cannot resolve servers

---
 roles/unwind/templates/unwind.conf.j2 | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/roles/unwind/templates/unwind.conf.j2 b/roles/unwind/templates/unwind.conf.j2
index 2a704ce..20af19f 100644
--- a/roles/unwind/templates/unwind.conf.j2
+++ b/roles/unwind/templates/unwind.conf.j2
@@ -1,10 +1,15 @@
 {% if network_dns_servers is defined %}
 forwarder {
 {%   for addr in network_dns_servers %}
-    {{ addr }} port 853 authentication name "{{ lookup('community.general.dig', addr + '/PTR')[:-1] }}" DoT
+{%     set reverse = lookup('community.general.dig', addr + '/PTR')[:-1] %}
+{%     if reverse != "NXDOMAI" %}
+    {{ addr }} port 853 authentication name "{{ reverse }}" DoT
+{%     else %}
+    {{ addr }} port 53
+{%     endif %}
 {%   endfor %}
 }
-preference { DoT }
+preference { DoT forwarder }
 {% else %}
 preference { oDoT-autoconf }
 {% endif %}