Question is... why would an external host need to access/query your internal DNS?
Usually, any DNS records (that you want to publish) are already published on your ISP DNS servers and upward from there. If you are using the Internal DNS server to forward any DNS changes to the ISP then I suggest your internal domain to differ from your external domain...while one has the external IP address on the records while the other has the internal one. Myexternaldomain.com vs myinternaldomain.com If it is a VPN clients then, yes, it should reply with the internals IP address since you have a tunnel to your inside networks.. I am not aware of any other way to do this thru NAT... but I am sure someone will reply with a better method Regards -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Peter Olsson Sent: Friday, February 15, 2008 5:41 AM To: [email protected] Subject: [FW-1] Can Checkpoint firewall handle DNS through NAT? Our tests indicate that Checkpoint firewall has no support whatsoever for DNS through NAT. Not for zone transfers and not even for A records. Is this true, or am I missing something? An internal DNS server, with a static adress translation in the firewall, gives its internal IP number in responses to AXFR and A queries from external hosts. I searched documentation and support but find nothing on the subject. Thanks! -- Peter Olsson [EMAIL PROTECTED] Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
