DNS-Spoofing with multiple interfaces
Gareth Williams
gareth at garethwilliams.me.uk
Wed Jul 10 19:33:25 UTC 2019
Hi,
I'm running Unbound (for the very first time - so please bear with me)
on a router with three interfaces.
The 1st interface is PPP to my ADSL modem and has an Internet IP
address 51.x.y.z. I have global DNS pointing 'nimbus.my.domain.uk' to
this address.
The 2nd interfac is WiFi with a private IP address of 192.168.1.1
The 3rd interface is an Ethernet connection to my office and has
another private IP address of 172.28.1.1. Routing is configured to
send 172.28.0.0/16 through this interface, and have a few services in
this network, including a service which I want to be accessible from
both internal and the Internet.
I'm trying to get the Unbound to provide a private IP address to a
global Internet DNS name with:
local-data: "nimbus.my.domain.uk. IN A 172.28.4.30"
When I use 'dig', I get confusing results.
For all interfaces other than the 3rd:
dig @<interface IP> -p 1053 nimbus.my.domain.uk
returns 172.28.4.30
However, for the 3rd interface, it returns the Internet IP 51.x.y.z
which is being resolved by the global Internet DNS. Why? I can't see
any configuration option that would cause this. I can't see this being
an RFC1918 issue as 192.168.1.1 works, while the other RFC1918 address
fails. At the same time the 51.x.y.z Internet address also works -
there doesn't seem to be a pattern!
Note that I'm using a port of 1053 only while I'm testing.
While I'm sure I couls point all resolvers at 192.168.1.1 as a
workaround, the fact that I can't figure this out means I'm missing
something. I'd rather get to the bottom of this before I continue.
Thanks,
Gareth
More information about the Unbound-users
mailing list