No reason it shouldn't work in R81.10.
We need to find out more about the configuration you've attempted with a simple network diagram.

Hi,

Network diagram is very easy.

There is an internal network that goes to internet vi a checkpoint firewall

This network has an internal DNS server and serveral other servers that go to internet by a NAT address configured on the checkpoint.

Customer also has some users on the internet that resolve on this internal DNS, for the internal hosts.

We used this sk but the dns lookup still returns the internal addresses.

Regards

In your described scenario, you do not need sk34295. You need your internal DNS server to be available on internet, which means simple host or port address translation rule, depending on whether or not you have a spare IP address. Then, your your users should define that external IP address as their primary DNS server. 

Hi,

The internal DNS is available from internet. It has a NAT address on the FW and the external users use this address. 

But that is not the question.

This DNS also resolves internal servers for internal addresses. This servers also have a NAT address on the FW.

The problem is that external users when resolving the names of this servers, receive the internal address which is useless.

What we need it that checkpoint understands that it must translate the response to the NAT addresses, so that external users could access this internal servers.

You may want to open TAC case for this.

The way I am reading this, and the way NAT rules are typically configured, the fw is looking for a public IP DNS response to translate to the internal IP address (original IP). You may be able to make this work with a "dummy" NAT rule configured in the other direction, but I am not saying that is a great idea. 

the NAT DNS payload requires static NAT rules in which the DNS response that needs to be translated is set as the original destination, and the requested translation for it is the translated destination.

Hi,

I already configured the static NAT rules as requested by the sk.

Does not work

The way I am reading that SK, it is describing a scenario where DNS resolves records to the public IP and the firewall changes DNS payload to the internal IP. So you have a different use case, wanting to NAT DNS payload from private to public IP. You could put a test DNS record in with the public IP to see if that DNS rewrite mechanism is working in the other direction. (rewriting original destination IP to xlate destination IP as opposed to xlated destination IP to original destination IP)

Hi,

Well on the sk there is writen:

The regular NAT rules used to translate the internal servers will suffice. There is no need to define special NAT rules in addition to the regular ones defined.

So I imagined this sk assumes the DNS is internal, and ouside users authorized to resolved on this DNS internal server, should have the dns payload changed to the ips of the NAT rules,

But I may be wrong.

This is how other manufactures do !!!

All valid points...