I have given a host an 10.0.x.x address in out public dns. (The reasons are irrellevant)
The host can be reached from our locations through vpn, however, one site behind a Tomato can not resolve the host.
I've tried from a client, pinging and tracerouting from router gui,but the internal.example.com is not resolved.
Could the dns in the router be intercepting dns-lookups which return RFC1918-answers? Could the ISP? But I'm queying 8.8.8.8, and the domain is, according to https://www.whatsmydns.net is resolvable from all over the world. (except a server in Turkey, which returns 195.175.254.2 for all hosts in our domain.)
EDIT Something fishy is going on. The tomato router have a window I can run commands in. Even if I make a nslookup on a non-existant server, Iget replies:
# nslookup microsoft.com 254.254.254.254
Server: 254.254.254.254
Address 1: 254.254.254.254
Name: microsoft.com
Address 1: 13.77.161.179
Address 2: 40.76.4.15
(...)
So something is definitely intercepting the dns lookups.
I'll have to ask my ISP
Public DNS names that resolve to private addresses can be used to trick a browser into attacking internal network devices, thinking they belong to the domain that is displayed in the browser. To prevent this, DNS servers can be configured to not return these private addresses if they are found in a DNS response.
Your second discovery is independent of the first. Most routers use busybox for many common tools. Busybox provides the commonly used functions of many Unix utilities but aims for small size at the expense of rarely used functionality. Some versions of busybox ignore the DNS server in the second argument and just query the default resolver.