-
Products
-
Gen 7 Firewalls
SonicWall's Gen 7 platform-ready firewalls offer performance with stability and superior threat protection — all at an industry-leading TCO.
Read More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
How to enable DNS Doctoring?
09/20/2024 
0 People found this article helpful
19,978 Views
Description
DNS Doctoring allows the firewall to change the embedded IP addresses in Domain Name System (DNS) responses so that clients can connect to the correct IP address of servers.
DNS Doctoring performs two functions:
- Translates a public address in a DNS reply to a private address when the DNS client is on a private interface.
- Translates a private address to a public address when the DNS client is on the public interface.
In this KB article, we will translate the public address to a private address for external web server like www.yahoo.com.
From your pc client run nslookup to check the current dns resolution like:
cmd > nslookup www.yahoo.com
Resolution
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
- Create the necessary Address Objects:
Public_Server_IP: The public IP of the internal resource (e.g., web server, email server). For our example will be www.yahoo.com
Private_Server_IP: The private IP of the internal resource.
Navigate to Object | Match Objects | Addresses
- Create the Nat policy rule
Navigate to Policy | Rule and policies | NAT policies
- Enable option Enable DNS Doctoring
Navigate to Policy | Rule and policies | NAT policies | Advanced/Actions
How to test it?
From your Windows pc client run a flushdns and wait few seconds. Then you should see the new internal private IP resolution for www.yahoo.com.
cmd > ipconfig /flushdns
How It Works:
When internal clients query an external DNS server for the public IP of an internal resource (e.g., a web server), the DNS response containing the public IP is intercepted by the SonicWall firewall. DNS Doctoring will then replace the public IP in the DNS response with the private IP of the internal server. The internal clients will use the private IP to connect to the server, avoiding routing traffic through the public IP interface.This allows internal users to resolve internal resources using the correct private IP addresses without needing to change their DNS settings.
Related Articles
- How to access a more specific network over VPN tunnel while having another Route All VPN policy
- How to limit bandwidth usage when playing YouTube videos using App Rules
- SonicWall TZ80 In-Product settings migration
YES
NO