DNS-Spoofing with multiple interfaces

Gareth Williams gareth at garethwilliams.me.uk
Wed Jul 10 19:33:25 UTC 2019


I'm running Unbound (for the very first time - so please bear with me)
on a router with three interfaces.

The 1st interface is PPP to my ADSL modem and has an Internet IP
address 51.x.y.z.  I have global DNS pointing 'nimbus.my.domain.uk' to
this address.

The 2nd interfac is WiFi with a private IP address of

The 3rd interface is an Ethernet connection to my office and has
another private IP address of  Routing is configured to
send through this interface, and have a few services in
this network, including a service which I want to be accessible from
both internal and the Internet.

I'm trying to get the Unbound to provide a private IP address to a
global Internet DNS name with:

  local-data: "nimbus.my.domain.uk. IN A"

When I use 'dig', I get confusing results.

For all interfaces other than the 3rd:

  dig @<interface IP> -p 1053 nimbus.my.domain.uk


However, for the 3rd interface, it returns the Internet IP 51.x.y.z
which is being resolved by the global Internet DNS.  Why?  I can't see
any configuration option that would cause this.  I can't see this being
an RFC1918 issue as works, while the other RFC1918 address
fails.  At the same time the 51.x.y.z Internet address also works -
there doesn't seem to be a pattern!

Note that I'm using a port of 1053 only while I'm testing.

While I'm sure I couls point all resolvers at as a
workaround, the fact that I can't figure this out means I'm missing
something.  I'd rather get to the bottom of this before I continue.



More information about the Unbound-users mailing list