I have a Windows (2022) DNS Server configured as a Twingate resource with public forwarders (undefined zones get resolved and returned, so “nslookup twingate.com my.dns.server” succeeds, for example).
I can ping the DNS Server from Twingate-connected clients by IP or Twingate alias, and Test-NetConnection can connect on TCP port 53. Nslookup returns a Twingate address (10.x.x.x).
Attempts to query the DNS Server with nslookup time out.
Windows Firewall logging on the DNS server shows no dropped packets. Wireshark shows no incoming packets on TCP 53 or UDP 53.
How do I allow DNS requests across the Twingate connection?
You are trying to send DNS queries against your private DNS Server and get resolution of actual private IPs from it, correct? If so, you are connect by declaring your DNS server as a Twingate Resource, the only thing to be aware of in this case is that the Twingate Client does manipulate DNS on your device (basically, the Twingate Client inserts itself as a first resolver on your device and responds to DNS queries that match Twingate Resources with CGNAT IPs so as to intercept traffic via the Twingate Network Interface. Full detail of how DNS works in Twingate can be found here: How DNS Works with Twingate | Docs).
In order for DNS Queries to be passed to your private DNS Server and return the actual private IP of resources, take a look at the following page: How Twingate forwards DNS | Docs