Hi,
The internal DNS is available from internet. It has a NAT address on the FW and the external users use this address.
But that is not the question.
This DNS also resolves internal servers for internal addresses. This servers also have a NAT address on the FW.
The problem is that external users when resolving the names of this servers, receive the internal address which is useless.
What we need it that checkpoint understands that it must translate the response to the NAT addresses, so that external users could access this internal servers.