Situation: A Linux box with two physical network interfaces (say eth0 for LAN and eth1 for WAN). Box acts as a router and IPTables firewall, too. Furthermore, an XFRM-Interface (say 'vpn') is there (VPN channel with strongSwan established via WAN interface). The DNS zones are set up in a way that a specific zone specifies forwarders dedicated for the vpn network interface. The routing is set up properly. Is it possible to configure the bind in a way that it ONLY sends traffic for forwarders of the vpn zone via the vpn-XFRM-interface? Background: I saw UDP packets transmitted via the WAN=eth1 interface dedicated for DNS forwarders of the VPN zone, which should have been sent out only via the vpn-XFRM-interface. Additional information: RPZ was also set up but did not really help.
Asked
Active
Viewed 30 times
