Force bind dns server to use ipsec tunnel to forward queries
-
Hello,
as I have to configure the DNS server as a resolver, forwader and slave at same time. I needed to install bind server.
The netgate device has connected an ipsec tunnel ikev1. I don't have VTI interfaces and for this reason I had to create static routes to itself to reach the LAN2 servers from netgate device.
This way, I am able to ping LAN2 devices from Netgate without specifying the source interface. Otherwise, from netgate I had to ping LAN2 devicies specifying the source interface LAN1.Netgate ============================== ASA | | LAN1 LAN2 (192.168.8.8/22) (10.2.255.11/16)
However, bind dns server is not able to resolve addresses that has to be forwarded through the ipsec tunnel. Instead, bind dns server sends the request through the internet. I do not know how to tell to bind dns server to use ipsec tunnel to reach 10.2.255.11. As I mentioned, I already have static routes for this purpose configured in Netgate side:
Routing tables Internet: Destination Gateway Flags Netif Expire default 192.168.144.1 UGS pppoe0 10.2.255.11/32 192.168.8.7 UGS ix0.8 10.2.255.12/32 192.168.8.7 UGS ix0.8
How can I force bind dns server to reach 10.2.255.11 via tunnel ipsec instead internet?