Hello folks !

I spent a lot with this ... hopefully somebody could help me ...

Remote office server (SV-AGT099 = nw6sp3, bm37sp3) is connected with site to
site vpn to our main department.

The remote office has it's own dns subdomain (agt0.aeat.allianz.at) where
the local server is primary for it. All other dns requests should be
forwarded to a dns server in the main department. That one is primary for
all the óther domains in our company.

The remote office server itself is configured to ask it's own dns server and
that one should forward if required.

NAMESERVER = private interface SV-AGT099

When I ping a host at the remote office server in a foreign dns domain that
should be forwarded to the main dns server, I can see a message "forwarded a
query ..." can also see the packet and the answer with pktscan at the
forwarder. That packet comes back to the remote office server but there it
isn't recognized.
A view seconds later I'll get the message "gave up retry ..." at the remote
office named log screen and the ping shows "could not understand ...". When
I set tcp ip debug to 1, I can even see the reply packet from the forwarder
at the remote office server.

But why doesn't the server recognize it ?

Something interesting is that because of the bordermanager vpn installation
the remote office dns server sends all packets with the tunnel ip address as
the source address. When I check which ip addresses the dns server is
listening I can't see that tunnel address. Only the private and public ip
addresses are listed in the dns/dhcp mgmt console. Normaly I would say this
is the problem but then it looks like that dns isn't usable if you use bm
vpn and work with forwarder.

Can somebody help me with this ?