I expect query-source to apply to forwarded queries as well as
hint+cache driven recursive queries, but it does not on my system
running 9.4-ESV-R2.
Is this a known bug?
Has anyone else experienced this issue?
--
Gordon A. Lang
----- Original Message -----
From: "Gordon A. Lang" <gl...@goalex.com>
To: <bind-us...@isc.org>
Sent: Tuesday, August 24, 2010 10:29 AM
Subject: query-source does not work for forwarded queries
The "query-source" option does not work for forwarded queries per
wireshark
with BIND 9.4-ESV-R2 on Solaris 10 as well as AIX 5.3.
If I remove the "forward only" option from named.conf, then the
query-source
does take effect for the recursive queries (but of course the queries fail
because I need them to be forwarded to the target that is accessible
through
the firewall).
With the forward only option, the forwarded queries pick up their source
ip
address as if there were a secret hidden setting of "forward-source * "
option.
Is this a known bug?
Is there a work around?
Right now I need to open up the firewall to permit a long changing list of
source addresses to reach the forwarding target, but it would be more
appropriate to allow only the short stable list of service addresses for
the
inside resolvers (made portable by use of host routing rather than ARP).
Thanks in advance.
--
Gordon Lang
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
