Force bind dns server to use ipsec tunnel to forward queries

galcorlo

Hello,
as I have to configure the DNS server as a resolver, forwader and slave at same time. I needed to install bind server.
The netgate device has connected an ipsec tunnel ikev1. I don't have VTI interfaces and for this reason I had to create static routes to itself to reach the LAN2 servers from netgate device.
This way, I am able to ping LAN2 devices from Netgate without specifying the source interface. Otherwise, from netgate I had to ping LAN2 devicies specifying the source interface LAN1.

    Netgate ============================== ASA
       |                                    |
      LAN1                                 LAN2
(192.168.8.8/22)                    (10.2.255.11/16)

However, bind dns server is not able to resolve addresses that has to be forwarded through the ipsec tunnel. Instead, bind dns server sends the request through the internet. I do not know how to tell to bind dns server to use ipsec tunnel to reach 10.2.255.11. As I mentioned, I already have static routes for this purpose configured in Netgate side:

Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            192.168.144.1      UGS      pppoe0
10.2.255.11/32     192.168.8.7        UGS       ix0.8
10.2.255.12/32     192.168.8.7        UGS       ix0.8

How can I force bind dns server to reach 10.2.255.11 via tunnel ipsec instead internet?