Need to be able to specify source address for ODS (when communicating with master)

As discussed with Matthijs:

I need to run ODS on the master, i.e. the master will have both a hidden master nameserver and OpenDNSSEC, talking to each other.

To get this working I want to put ODS on a separate IP address, like 10.1.1.2, on the master box. But if I do that I've been completely unable to get the hidden master nameserver (on 10.1.1.1) and ODS (on 10.1.1.2) to play together because while I can get the nameserver to notify ODS with a

notify: 10.1.1.2 NOKEY

the resulting zone xfr request will originate FROM 10.1.1.1, because ODS shortcuts the source address, which will not work with the master, which excepts a transfer request from 10.1.1.2.

I am able to get this to work by playing tricks with the ports instead, e.g. configuring ODS to use port 5353 instead of 53.

The reason that I don't really like that though is that from a conceptual
POV I want to se "master", "signer" and "slave" as separate boxes
where the first two just happen to share h/w because of resource
constraints. I.e. the config should work if I just moved "signer" to
a separate box, hence IP-aliases is a better abstraction than ports.

The general observation is that the assumption that "servers only have one IP address and that address is where the service is provided simply does not hold true. In reality everything is often much more complicated, and then not being able to control addresses used (like source address in this case) leads to... problems.