bind and address rewriting
JLF> Maybe I'm missing the point here, but why do you think you need
JLF> to MASQ these packages? When a box from your internal network
JLF> do a lookup, it checks with BIND on your boundary/firewall box.
and exactly that's the point: There is no bind running on my firewall box.
Bind is running on some other machine, and so it needs to connect to the
Anyway, even if bind would run on the firewall box, the problem would
remain the same, i.e. bind would send a UDP packet which has to bring up
the line (forcing a new IP for the interface), and which therefore leaves
with the wrong source address.
JLF> Use something like dnscache,
JLF> (it's smaller, uses less memory, and is more secure).
Thank you for your hint, I actually appreciate alternatives. But this
makes me curious: Why should it be more secure, provided that bind is