Name resolution from within a jail?

[YONETANI Tomokazu <qhwt+dfly@xxxxxxxxxx>]

Hello.
After upgrading an SMP test box in my office from 1.4 to 1.6, I noticed
a rag in name resolution from within a jail.  Actually the machine has
two jails running, and another jail is on the same IP address as the jail
host (but services on that jail are using different ports than the
jail host) doesn't have this problem.

$ jls; ifconfig em0
   JID	IP Address	Hostname		      Path
     2	192.168.2.18	dell			      /home/jail/dell
     1	192.168.2.20	repos			      /home/jail/repos
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=3<RXCSUM,TXCSUM>
	inet6 fe80::209:6bff:fe09:9f58%em0 prefixlen 64 scopeid 0x1
	inet 192.168.2.18 netmask 0xffffff00 broadcast 192.168.2.255
	inet 192.168.2.20 netmask 0xffffffff broadcast 192.168.2.20
	ether 00:09:6b:09:9f:58
	media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active

the jail named `repos' is the one having name resolution problem.
this machine has been working as cvsup server/pserver for other
machines on LAN without changing the configuration for more than a month
(in fact it was working just before the reboot after installing the new
kernel).

I tried netcat (pkgsrc/net/netcat) and confirmed that sending/receiving UDP
packets in both direction without problems.  So apparently neither UDP
nor routing are the source of the problem.

Then I started tcpdump on another machine(192.168.2.175) running named,
and found that DNS queries from a jail on an IP alias are received but
not responded to by that machine:

A DNS query from the jail host(which is responded to by 192.168.2.175)
14:24:50.669966 192.168.2.18.1256 > 192.168.2.175.domain:  8711+ ANY? . (17)
0x0000   4500 002d e17a 0000 4011 1334 c0a8 0212        E..-.z..@..4....
0x0010   c0a8 02af 04e8 0035 0019 5184 2207 0100        .......5..Q."...
0x0020   0001 0000 0000 0000 0000 ff00 0100             ..............

A DNS query from `repos'(not responded to)
14:25:05.099087 192.168.2.20.1257 > 192.168.2.175.domain:  60734+ ANY? . (17)
0x0000   4500 002d e1eb 0000 4011 12c1 c0a8 0214        E..-....@.......
0x0010   c0a8 02af 04e9 0035 0019 8649 ed3e 0100        .......5...I.>..
0x0020   0001 0000 0000 0000 0000 ff00 0100             ..............

Does anyone have any idea why the second query is ignored?

I set up a similar jail on a machine running HEAD(with a different network
driver) and it still reproduced.

Cheers.