I agree that it could be the NAT firewall: some firewalls have features to network-address-translate the answer portion of DNS responses. Or with bind “views" (or “RRL") you could deliberately make it give differing answers, but you’d know.
The firewall documentation might help. Or you can test whether it’s the firewall by doing a norecursion dig from outside the firewall from a known IP while doing a tcpdump on port 53 to/from the client IP on the server. Then you can prove bind is producing what you expect. But if the FW is set to address-translate in both directions, its more of a challenge to focus such a packet capture. If the server also has a FW configuration including NAT, that could be doing it as well. John Wobus Cornell University IT _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
