A robust, reliable plugin to run CoreDNS natively on Unraid without Docker. Starts early on boot, stores config on flash, writes logs to RAM, and exposes a native Unraid WebUI with full service control.
Designed specifically for Tailscale split DNS β CoreDNS answers queries for your internal zone before the Unraid array is mounted.
- No Docker required β runs directly alongside
emhttpd - Boot-early DNS β starts before the array mounts; essential for Tailscale split DNS
- Zero flash wear β all runtime files (PID, logs) live in RAM (
/var/run,/var/log) - Config on flash β Corefile and
hosts.internalpersist safely at/boot/config/plugins/coredns/config/ - Native WebGUI β Settings β CoreDNS with service controls, Corefile editor, log viewer
- Upgrade-safe β Corefile,
hosts.internal, andsettings.jsonare never overwritten on upgrade - Port conflict detection β warns if port 53 is already claimed (e.g., by dnsmasq)
- Watchdog β automatically restarts CoreDNS if it crashes, with boot-loop protection
Install through the Unraid WebGUI:
- Navigate to Plugins β Install Plugin
- Paste the following URL:
https://github.com/atnplex/coredns-unraid/releases/latest/download/coredns-unraid.plg
- Click Install
To update, re-paste the URL and click Install. All your settings, Corefile, and host overrides are preserved.
| Path | Purpose |
|---|---|
/boot/config/plugins/coredns/config/Corefile |
CoreDNS configuration (source of truth) |
/boot/config/plugins/coredns/config/hosts.internal |
Static host overrides |
/boot/config/plugins/coredns/config/settings.json |
Plugin settings (port, bind, autostart) |
/var/run/coredns/coredns.pid |
PID file (RAM β recreated on boot) |
/var/log/coredns/coredns.log |
Service log (RAM β not on flash) |
/usr/local/bin/coredns |
CoreDNS binary |
/usr/local/emhttp/plugins/coredns/ |
WebUI and scripts |
- Open Settings β CoreDNS in the Unraid WebGUI
- Set Bind Address and Port (default:
0.0.0.0:5353β safe for first install) - Edit the Corefile in the textarea editor; click Validate to check syntax
- Click Save Corefile
- Enable Autostart on boot if desired
- Click βΆ Start
Unraid may run dnsmasq on port 53 for DHCP/DNS. The plugin:
- Defaults to port 5353 to avoid conflicts on fresh install
- Shows a warning banner in the WebUI if port 53 or the configured port is in use
- Will not start if the configured port is already taken
To use port 53 (required for most DNS clients):
- Identify what is listening on port 53:
ss -tlunp | grep ':53 ' - Stop or reconfigure the conflicting service (e.g., disable dnsmasq DNS resolver)
- Change the port to 53 in Settings β CoreDNS
CoreDNS is ideal for Tailscale split DNS. Example setup:
In Settings β CoreDNS, edit the Corefile to add an internal zone block:
. {
bind 0.0.0.0
log
errors
cache 300
forward . 1.1.1.1 1.0.0.1
}
home.arpa {
bind 0.0.0.0
log
errors
cache 60
hosts /boot/config/plugins/coredns/config/hosts.internal {
fallthrough
}
forward . 1.1.1.1
}
In the WebUI hosts editor (or directly on the flash drive):
# /boot/config/plugins/coredns/config/hosts.internal
100.64.0.10 unraid.home.arpa
100.64.0.11 vps1.home.arpa
100.64.0.12 vps2.home.arpa
In the Tailscale admin console β DNS β Nameservers:
- Add a custom nameserver for the domain
home.arpa - Set the nameserver IP to your Unraid host's Tailscale IP (e.g.,
100.64.0.10) - Set the port to 53
Tailscale will now forward *.home.arpa queries to CoreDNS on your Unraid host.
- Tailscale DNS forwarding expects port 53 for this setup; do not rely on a custom DNS port in the Tailscale client flow.
- Ensure CoreDNS is listening on port 53 on the Tailscale-reachable interface before enabling split DNS.
- If your Unraid is behind a firewall, ensure UDP/TCP port 53 is accessible on the Tailscale interface.
home.arpais a reserved IANA suffix appropriate for home networks. You can use any domain.
Use the WebUI buttons or the command line:
# Commands (run as root on Unraid)
/usr/local/emhttp/plugins/coredns/scripts/corednsd start
/usr/local/emhttp/plugins/coredns/scripts/corednsd stop
/usr/local/emhttp/plugins/coredns/scripts/corednsd restart
/usr/local/emhttp/plugins/coredns/scripts/corednsd reload # validate + restart
/usr/local/emhttp/plugins/coredns/scripts/corednsd status
/usr/local/emhttp/plugins/coredns/scripts/corednsd version
/usr/local/emhttp/plugins/coredns/scripts/corednsd validate [/path/to/Corefile]
/usr/local/emhttp/plugins/coredns/scripts/corednsd enable # enable autostart
/usr/local/emhttp/plugins/coredns/scripts/corednsd disable # disable autostart
# Or via the RC script:
/etc/rc.d/rc.coredns {start|stop|restart|status}After install, verify:
- CoreDNS binary installed:
/usr/local/bin/coredns -version - Default Corefile created:
/boot/config/plugins/coredns/config/Corefile - Start works:
corednsd startβ exit 0, PID file created - Valid Corefile validation passes:
corednsd validate - Invalid Corefile validation fails cleanly (edit with bad syntax, test)
- DNS responds:
dig @127.0.0.1 -p 5353 google.com - Stop works:
corednsd stopβ PID file removed - Restart from WebUI button works
- Logs visible in WebUI (Settings β CoreDNS β log viewer)
- Logs are in RAM, not on flash: check
/var/log/coredns/vs/boot/ - Reinstall preserves your Corefile (test by editing and reinstalling .plg)
- Autostart works across reboot (enable in UI, reboot, check
ps | grep coredns) - Port conflict warning shows if port already in use
- WebUI status badge reflects real service state
- Port 53 conflicts β Unraid dnsmasq may own port 53. Default is port 5353.
- No custom plugin builds β v1 uses the stock CoreDNS binary only.
- Corefile validation β Uses a "start for 1.5s + kill" approach since CoreDNS has no
--dry-run. This can take ~2s and may generate brief process noise. - No DNSSEC, DoH, or DoT in v1.
- No zone editor UI β Corefile is a text editor; complex config is manual.
- Log rotation β Logs are bounded to 5000 lines in RAM only; no persistent log history.
MIT β see LICENSE
- CoreDNS: https://github.com/coredns/coredns
- Tailscale DNS docs: https://tailscale.com/docs/reference/dns-in-tailscale