https://community.checkpoint.com/t5/Firewall-and-Security-Management/DNS-trap-issue/m-p/275302#M104873 <P>The DNS Trap will only be effective if the Security Gateway is between the client and DNS server.</P> Sat, 11 Apr 2026 01:04:56 GMT Chris_Atkinson 2026-04-11T01:04:56Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/DNS-trap-issue/m-p/275301#M104872 <DIV class="">&nbsp;</DIV><DIV class=""><DIV class=""><P>We have enabled DNS Trap . When a laptop is configured to use a public DNS server (e.g., 8.8.8.8), DNS queries are sent directly to the internet. In this case, DNS Trap operates as expected, and nslookup&nbsp;a malious domain resolves to the DNS Trap IP address.</P><P>However, when the DNS setting is changed to use our internal DNS server, nslookup no longer resolves to the DNS Trap IP.</P><P>client-to-internal DNS traffic does not pass through the firewall, while only the traffic from the internal DNS server to external DNS servers traverses the firewall.</P><P>For DNS Trap to function with forwarded queries, the firewall must be positioned between the client and the internal DNS server?</P></DIV></DIV> Sat, 11 Apr 2026 00:31:40 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/DNS-trap-issue/m-p/275301#M104872 Cathy_Cheng 2026-04-11T00:31:40Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/DNS-trap-issue/m-p/275302#M104873 <P>The DNS Trap will only be effective if the Security Gateway is between the client and DNS server.</P> Sat, 11 Apr 2026 01:04:56 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/DNS-trap-issue/m-p/275302#M104873 Chris_Atkinson 2026-04-11T01:04:56Z