I have BIND and OpenVPN running inside a Docker container. The host IP is 192.168.1.2 and all clients in this LAN are using 192.168.1.2 as the DNS. All clients can properly resolve internal and external hostnames.

Clients connecting via OpenVPN cannot resolve hostnames, when I set the DNS to 192.168.1.2. Everything is fine at the IP level, because when I telnet to 192.168.1.2 (port 53) the client connects without a problem.

I do something weird when I run the following command from inside my OpenVPN container:

dig rpi.example.com @192.168.1.2
;; reply from unexpected source: 10.1.0.1#53, expected 192.168.1.2#53

IP 10.1.0.1 is the default gateway for my docker network that hosts the OpenVPN container. Anyone knows what is going on? It seems that it does some excessive IP masquerading...