Hello folks !

I spent a lot with this ... hopefully somebody could help me ...

Remote office server (SV-AGT099 = nw6sp3, bm37sp3) is connected with site to
site vpn to our main department.

The remote office has it's own dns subdomain (agt0.aeat.allianz.at) where
that server is authoritative for it. All other dns requests should be
forwarded to a dns server in the main department. That one is authoritative
all the ůther domains in our company.

The remote office server itself is configured to ask it's own dns server and
that one should forward if required.

NAMESERVER = private interface SV-AGT099

When I ping a host at the remote office server in a foreign dns domain that
should be forwarded to the main dns server, I can see a message "forwarded a
query ..." can also see the packet and the answer with pktscan at the
forwarder. That packet comes back to the remote office server but there it
isn't recognized.
A view seconds later I'll get the message "gave up retry ..." at the remote
office named log screen and the ping shows "could not understand ...". When
I set tcp ip debug to 1, I can even see the reply packet from the forwarder
at the remote office server.

But why doesn't the dns server recognize it ?

Something interesting is that because of the bordermanager vpn installation
the remote office dns server sends all packets with the tunnel ip address as
the source address. When I check which ip addresses the dns server is
listening (tcpcon) I can see the private and public but not the tunnel
Also in the dns/dhcp console is only the private and public ip addresses
Normaly I would say this is the problem but then it looks like that dns
isn't usable if you use bm
vpn and work with dns forwarder.

Can somebody help me with this ?