Problem with NAT/RDR in PF

[Michael Smith]

Hello All:

I am trying to configure a round-robin group of Name Servers that  
respond on to and from a single address.

I want the following to occur:

1) DNS query from 10.211.128.1 to 10.212.1.1 is redirected to a pool  
of name servers
2) One of the name servers responds to the query
3) The response shows a source address of 10.212.1.1, not the actual  
name server

-- 
Here are the relevant configuration snippets.

vlan821_if="vlan821" # This is the physical interface of the Name  
Servers
vlan6_if="vlan_6" # This is the physical interface of the querying  
servers
nr_net="10.212.1.0/24" # Name Resolver network
mail_net="10.211.0.0/16" # Querying server network
nr_01_int="10.212.1.11"

#Define table for Name Resolvers
table <nr_roundrobin> persist { \
        $nr_01_int \
        }

nat on $vlan821_if from $nr_net to $mail_net -> 10.212.1.1
rdr on $vlan6_if proto { udp tcp } from any to 10.212.1.1 port 53 ->  
<nr_roundrobin> round-robin

pass in on $vlan821_if inet proto tcp from $nr_net to any
pass in on $vlan821_if inet proto udp from $nr_net to any
pass in on $vlan6_if inet proto udp from $mail_net to $nr_net
pass in on $vlan6_if inet proto tcp from $mail_net to $nr_net

--

With this configuration, when I do a host lookup with 10.212.1.1 as  
the server address, I get this:

;; reply from unexpected source: 10.212.1.11#53, expected 10.212.1.1#53

So, it's my assumption that the "rdr" statement is working, but the  
"nat" statement is not.

If anyone can help with this I would appreciate it greatly.

Regards and Thanks,

Mike
mksmith at adhost.com