I've got a multihomed portal running iptables/DHCP/DNS. I have 3 NICS, eth0 (to modem), eth1 to LAN1 (10.100.0.0/23) and eth2 to LAN2 (192.168.2.0/24).

How can these networks ping each other? Note I do have two DNS servers.
In named.conf, the listen-on is 127.0.0.1, 10.100.0.1, 192.168.2.1
the allow-query is the same.
But why are they allowed to talk to each other?
No static routes have been defined anywhere!
/etc/resolv.conf is the gateway only for the network for each machine

I don't see anything strange about this. And you do have a static route; the default route. The packets will flow like this:

• The host "shawn" has a 10.100.0.1 as its default gateway, and sends packets destined for any non-local network to 10.100.0.1. That includes packets to 192.168.2.2.
• 10.100.0.1/23 is bound to a NIC on a multihomed router, which also has the address 192.168.2.1/24 bound to another NIC. Hence, the router knows how to reach 192.168.2.2.
• The host with the IP address 192.168.2.2 is presumably using 192.168.2.1 as its default gateway, so that's where it sends the reply packet.

If you have a single multihomed router acting as a gateway for two networks, then hosts in those two networks will be able to communicate unless you specifically block that communication with a firewall rule.

Yes I JUST figured this out. At first, I did not have any forward rules to allow eth1 to talk to eth2 and vice versa like:
-A FORWARD -i eth2 -o eth1 -j ACCEPT
-A FORWARD -i eth1 -o eth2 -j ACCEPT

I originally had 2 NICS, eth0 (modem) and eth1 (10.100.0.0/23)
So I only had this:

-A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth1 -o eth0 -j ACCEPT
-A FORWARD -j DROP

When adding my 3rd NIC, I could not ping between networks. Prior to adding the additional forward rules. I was able to ping the gateways of both networks from each other, meaning on a host in the 10.100.0.0/23 network, I could ping the gateway 192.168.2.1, and vice versa

Anyway, I realized I can block or allow specific hosts in iptables. I was just messing around with that right now.
In fact, I do see that this is normal behavior for everyone to communicate since the gateway is a multihomed system with 3 NICS, I figured that it would NOT be this way until I experimented and noticed it is.

In what situtation is it NOT like this where subnets cannot speak to each other? I am asking because I plan to become an admin and this was just the simple create static route objective I wanted to do. I went out and bought a usb to ethernet NIC for the 3rd NIC. I like to go well above and beyond the objectives to have a thorough understanding of what is happening but I have no clue what switches out there can do let alone any cisco related stuff. I am wondering if it is normal that multiple subnets communicate with each other in the enterprise world? If so, I do know how to block or allow access in iptables like so:

(I would delete the original:

-A FORWARD -i eth1 -o eth2 -j ACCEPT
and replace it with:

-A FORWARD -i eth1 -o eth2 -s 10.100.0.8 -d 192.168.2.0/24 -j ACCEPT

To allow only 1 host to communicate with the entire other network
Thanks