ShreyasZare
commented
1 month ago Thanks for the post. On Linux, UDP packets get routed out using the default gateway irrespective of the interface the request came or that the destination IP address being accessible on a local interface. In case of notify, the request is being generated by the DNS server and it thus gets routed using the default gateway.
In such a setup, its best to configure your DNS server on just one IP address and let all of the network subnets use it instead of having the DNS listen on each interface you have on the server. Let routing take care of it.
The other option is to just configure your secondary zone with all IP addresses on the primary server so that it will accept notify requests that comes from any of the listed addresses.
malmeloo
I am running Technitium DNS on Docker, attached to multiple macvlan interfaces. This allows me to 'drop' the server into multiple LANs and serve DHCP to both my private and guest network, for example. I also have another DNS server running at another site behind a VPN, and set up a secondary zone. So far so good.
Currently I am facing a problem where zone notifications don't work properly. As it turns out, Technitium DNS is using the interface attached to my guest LAN for outgoing zone notifications, probably due to Docker setting a random one as default gateway. However, my guest LAN cannot reach the other server across the VPN connection, for security reasons. This causes notifications to fail.
I'm wondering if there is a setting to set the source IP for zone notifications (/ transfers) specifically? I believe this would fix my issue. Or perhaps you know of another way to fix this?