DNS and VLAN Issues

[vicnunes]

I have two VLANS (2,10) and Technitium is working fine for vlan2 service as authoritative server for hosts on 192.168.2.0/24 on myrealdomain.com but using recursive lookups to Cloudflare servers for hosts on 192.168.10.0/24 for the same myrealdomain.com. I only use a single primary zone for myrealdomain.com (not the actual domain name)

Cloudflare is the external authoritave dns for my public domain, and Technitum is the authoritative dns for same server on same domain that I self host. All works as expected on VLAN2 but not on VLAN10

I've configured the Technitium to Use Specified Network Access Control List (ACL)
Select this option to specify networks that must be allowed or denied recursion.
Network Access Control List (ACL)
192.168.2.0/24
192.168.10.0/24

I've confimed that network routing, firewall, TCP/UDP traffic appears to wirk fine, yet tecnitium fails to log any dns querries from VLAN10 hosts.

Technitium is running as Proxmox LXC on VLAN2 and have tried from several hosts from VLAN10 both baremetal (latpop) and LXCs

What am I doing wrong or missing?

[ShreyasZare]

Thanks for asking. The ACL change in Settings > Recursion is not required since all private network are by default allow to do recursion.

The issue is not fully clear. Does DNS queries from VLAN10 not reach the DNS server? Or is it that the queries are reaching but the response is not what is expected?

Since you have a primary zone here, it will answer the same way to all clients. If you need it to work differently for one VLAN and let it forward to upstream for the other VLAN, you need to setup Split Horizon app and have the zone converted to a Conditional Forwarder zone. You will need to configure APP records in the zone that use Split Horizon app and then answer authoritatively to your 192.168.2.0/24 client and do nothing for the rest so that their queries get forwarded to upstream.

Let me know how you need to proceed so that I can help with more details on the config.

[vicnunes]

Thanks for your response. This led me to deeper troubleshooting. After lots of iterations with assistance from Claude, here it it's
summary of What Was Wrong

The UniFi "Base" Content Filter was applied to your Lab (VLAN 10) network, causing the Unifi UCG-Ultra to intercept all DNS queries and forward them to Cloudflare — completely bypassing Technitium regardless of what DNS servers were configured on the clients.
If you still want content filtering on VLAN 10, you'll need to create a separate Content Filter for Lab that excludes DNS interception, or add myrealdomain.com to the Allowlist.

It's not a Technitium DNS issue. Hope this helps someone else.

Cheers!

[ShreyasZare]

You're welcome. Good to know you found the issue.