DNS Server goofiness
jw354 at cornell.edu
Fri Feb 5 14:57:03 UTC 2016
I agree that it could be the NAT firewall: some firewalls have features to
network-address-translate the answer portion of DNS responses.
Or with bind “views" (or “RRL") you could deliberately make it give
differing answers, but you’d know.
The firewall documentation might help.
Or you can test whether it’s the firewall by doing a norecursion dig from outside the
firewall from a known IP while doing a tcpdump on port 53
to/from the client IP on the server. Then you can prove bind is producing what
you expect. But if the FW is set to address-translate in both directions,
its more of a challenge to focus such a packet capture. If the server also has
a FW configuration including NAT, that could be doing it as well.
Cornell University IT
More information about the bind-users