topic Re: DNS NAT in Firewall and Security Management

DNS NAT

Robert_Mueller — Tue, 20 Mar 2018 07:34:46 GMT

Hi,

I've a problem. We have a device which sends the dns requests to the external Zone. The problem is that for establishing a cluster it wants to revolve it's own hostname and expects the local interface IP as response... but because it requests the external zone it gets a public IP.. so my quetion is: Is there a way to rewrite the DNS answer from the public IP to the internal IP?

I've seen the DNS NAT feature but to be honest - I've no glue what this thing does after I've changes the global setting in tha database..

Robert

Re: DNS NAT

PhoneBoy — Tue, 20 Mar 2018 17:27:51 GMT

I assume you're referring to this: How to configure DNS NAT

What this basically does is utilizes the existing NAT rules to also translate DNS requests.

Specifically: DNS traffic (DNS Requests) will be translated based on the Destination address in the NAT rules without considering the Source of the traffic

That means:

There must be a NAT rule where the public IP address is the original destination
The translated destination for this rule would be the internal IP

Re: DNS NAT

Robert_Mueller — Wed, 21 Mar 2018 07:59:22 GMT

Hi,

Thx - I've found that SK but what happens with existing NAT Rules - will there also a "NAT Translation" performed?

Re: DNS NAT

G_W_Albrecht — Wed, 21 Mar 2018 11:19:41 GMT

As Dameon wrote, this feature will use the existing NAT rules, but " without considering the Source of the traffic", so the given config example should work. Apart from DNS, NAT should work as before.

Re: DNS NAT

Louis_Poulin — Thu, 23 May 2019 12:57:57 GMT

I understand this config is global to all gateways managed by the same management server, right?

Is there a way to enable DNS NAT for only one gateway?

Or for a subset of NAT rules?