bind 9.1.0, transfers and udp ports

[John Wittkoski]

I recently upgraded to 9.1.0 from 8.2.2_P7.

I noticed that one of my slave machines was not able to contact it's
master (due to a time out). 

This slave machine is behind a fairly restrictive firewall, so that
ALL DNS traffic must either be destined for port 53 of the slave
machine or be sent from port 53 of the slave machine. 

Because of this, my named.conf file has had this line in it:

query-source address 1.2.3.4 port 53;

This worked without trouble with BIND 8. With BIND 9, this works only
for queries.

With BIND 9, when the slave tries to contact the master (presumably to
check the serial number), it originates a UDP request using a random
port (i.e. NOT 53), which of course breaks in my setup.

Surprisingly, I found that adding the following line to the options
causes BIND 9 to use UDP port 53 for this query:

transfer-source 1.2.3.4;

Which is strange because "transfer-source" seemingly only applies to
the TCP part of the zone transfers, according to the Bv9ARM.

So what I'm wondering is:

 - What's going on here? Is this a bug?

Or more specifically:

 - Are the serial number checks of the master by the slave considered
"queries" or "transfers"? If they are queries, they should be honoring
the query-source option, which they don't seem to be doing. If they
are part of the transfer process, should the "transfer-source"
explicitly include a port option (instead of just an IP), and apply to
the serial number checks as well as the TCP part of the transfer?

Any insight would be appreciated.

	--John Wittkoski
	  jpw at netscape.com