topic Re: DNS Forwarding only for specific domain in Spark Firewall (SMB)

DNS Forwarding only for specific domain

Ale_G — Fri, 17 Apr 2026 08:01:58 GMT

Hello everyone,
Hardware: Spark 1535
Version: R82

I plan to use this firewall as the DNS server for the entire managed network.
I need to configure DNS forwarding only for one specific domain: file.core.windows.net.

google.com -> resolved by the DNS servers configured on the firewall
a.file.core.windows.net → forwarded for resolution to a different DNS server

For this type of appliance I have seen that there isn't way to configure DNS forwarding.

Is there another way to do that?

I tried to follow the article below, but it didn’t work in my case. Am I missing something?

Solved: DNS forwarding for internal domain - Check Point CheckMates

Many thanks,

Alessandro

Re: DNS Forwarding only for specific domain

PhoneBoy — Fri, 17 Apr 2026 18:44:25 GMT

Considering the platform includes dnsmasq, which can absolutely perform this task, it should be possible.
That said I don't have access to an R82-based unit to confirm if the process in that thread will work.
It might be possible with some manual configuration applied to /pfrm2.0/etc/dnsmasq.conf.

Re: DNS Forwarding only for specific domain

Ale_G — Mon, 20 Apr 2026 08:55:41 GMT

I tried using the script from the article, but it didn’t work.

#!/bin/sh kill -9 $(cat /var/run/dnsmasq.pid) DOMAIN=$(cat /etc/resolv.conf | grep search | awk {'print $2'}) if [ -z "$DOMAIN" ]; then /pfrm2.0/bin/dnsmasq -y -x /var/run/dnsmasq.pid -h -H /var/hosts -c 0\ --server=/file.core.windows.net/172.10.11.12 else /pfrm2.0/bin/dnsmasq -y -x /var/run/dnsmasq.pid -h -H /var/hosts -c 0 -E --domain=#\ --server=/file.core.windows.net/172.10.11.12 fi unset DOMAIN

Regarding the dnsmasq.conf file, could we try adding the following line?

server=/file.core.windows.net/172.10.11.12

Re: DNS Forwarding only for specific domain

PhoneBoy — Mon, 20 Apr 2026 17:41:35 GMT

That looks about right.
Not sure if dnsmasq.conf is preserved with firmware upgrades or not (or even a reboot).

Re: DNS Forwarding only for specific domain

Ale_G — Tue, 21 Apr 2026 06:45:53 GMT

From what I understand, the userScript file is executed at every appliance boot, so even if the dnsmasq.conf file is not preserved, the script should take care of fixing it. However, it still doesn’t work. I tried both from a client and from the tool integrated in the Gaia GUI, and it keeps going to the DNS servers configured on the appliance instead of the one configured in the configuration file

When executing the script manually, no errors are reported, which suggests that the root cause is likely elsewhere. I will continue with further testing and analysis.