diff --git a/internal/dns/conf.go b/internal/dns/conf.go
index 2156bc85..5abd441a 100644
--- a/internal/dns/conf.go
+++ b/internal/dns/conf.go
@@ -66,7 +66,7 @@ func generateUnboundConf(ctx context.Context, settings settings.DNS,
 		// Network
 		"do-ip4":    "yes",
 		"do-ip6":    doIPv6,
-		"interface": "127.0.0.1",
+		"interface": "0.0.0.0",
 		"port":      "53",
 		// Other
 		"username": "\"nonrootuser\"",
diff --git a/internal/dns/conf_test.go b/internal/dns/conf_test.go
index a1663005..c4f6582f 100644
--- a/internal/dns/conf_test.go
+++ b/internal/dns/conf_test.go
@@ -54,7 +54,7 @@ server:
   harden-referral-path: yes
   hide-identity: yes
   hide-version: yes
-  interface: 127.0.0.1
+  interface: 0.0.0.0
   key-cache-size: 16m
   key-cache-slabs: 4
   msg-cache-size: 4m
diff --git a/internal/routing/reader.go b/internal/routing/reader.go
index 6eb6d26e..f7422be4 100644
--- a/internal/routing/reader.go
+++ b/internal/routing/reader.go
@@ -128,7 +128,7 @@ func (r *routing) VPNDestinationIP() (ip net.IP, err error) {
 	for _, route := range routes {
 		if route.LinkIndex == defaultLinkIndex &&
 			route.Dst != nil &&
-			!ipIsPrivate(route.Dst.IP) &&
+			!IPIsPrivate(route.Dst.IP) &&
 			bytes.Equal(route.Dst.Mask, net.IPMask{255, 255, 255, 255}) {
 			return route.Dst.IP, nil
 		}
@@ -156,7 +156,7 @@ func (r *routing) VPNLocalGatewayIP() (ip net.IP, err error) {
 	return nil, fmt.Errorf("cannot find VPN local gateway IP address from ip routes")
 }
 
-func ipIsPrivate(ip net.IP) bool {
+func IPIsPrivate(ip net.IP) bool {
 	if ip.IsLoopback() || ip.IsLinkLocalUnicast() || ip.IsLinkLocalMulticast() {
 		return true
 	}