VPN/unbound dns leak

[crt333]

As I understand it when running unbound (recursive, not forwarding) and doing dns leak testing the address of the WAN connection is reported.

I route all devices through my VPN tunnel, so reporting the WAN (ISP) address when  doing DNS leak tests is undesirable (pretty much the definition of a dns leak).

Is there a way to fix this or is not using unbound the only solution?

[nzkiwi68]

What about just binding unbound to LAN interface (plus any other interfaces you need)

[crt333]

Thanks for the suggestion. Do you know that works or it is something to try?

[crt333]

That works, many thanks. I had tried the VPN tunnel rather than the LAN, which didn't work, but LAN does.

[crt333]

Sorry, that didn't work, unbound was forwarding when I set to LAN. When not forwarding unbound doesn't respond when I do this.

[nzkiwi68]

My unbound...

Check;
Outgoing Network Interfaces

I only bind unbound to interfaces I want unbound to answer queries on.
Then, I make unbound send out all it's queries from only the LAN interface

[crt333]

Thanks for the info and pic. You have forwarding turned on, which I also had working, but when I turned it off name resolution stopped.

Despite my earlier claim with forwarding disabled I tried again to use the VPN tunnel itself for outbound instead of LAN, and that works.

The logs show no more use of the system configured nameservers and all the traffic goes out through the VPN tunnel, so I guess I'm all set now.

Thanks again for your ideas!