query-source does not work for forwarded queries
Gordon A. Lang
glang at goalex.com
Tue Aug 24 14:29:21 UTC 2010
The "query-source" option does not work for forwarded queries per wireshark
with BIND 9.4-ESV-R2 on Solaris 10 as well as AIX 5.3.
If I remove the "forward only" option from named.conf, then the query-source
does take effect for the recursive queries (but of course the queries fail
because I need them to be forwarded to the target that is accessible through
the firewall).
With the forward only option, the forwarded queries pick up their source ip
address as if there were a secret hidden setting of "forward-source * "
option.
Is this a known bug?
Is there a work around?
Right now I need to open up the firewall to permit a long changing list of
source addresses to reach the forwarding target, but it would be more
appropriate to allow only the short stable list of service addresses for the
inside resolvers (made portable by use of host routing rather than ARP).
Thanks in advance.
--
Gordon Lang
More information about the bind-users
mailing list