SonicOS 7.1 Rules and Policies for Policy Mode
- SonicOS 7.1 Rules and Policies
- Overview
- Settings
- Security Policy
- NAT Policy
- About NAT in SonicOS
- About NAT Load Balancing
- About NAT64
- About FQDN-based NAT
- About Source MAC Address Override
- Viewing NAT Policy Entries
- Adding or Editing NAT or NAT64 Rule Policies
- Deleting NAT Policies
- Creating NAT Rule Policies: Examples
- Creating a One-to-One NAT Policy for Inbound Traffic
- Creating a One-to-One NAT Policy for Outbound Traffic
- Inbound Port Address Translation via One-to-One NAT Policy
- Inbound Port Address Translation via WAN IP Address
- Creating a Many-to-One NAT Policy
- Creating a Many-to-Many NAT Policy
- Creating a NAT Load Balancing Policy for Two Web Servers
- Routing
- Decryption Policy
- DoS Policy
- DNS Policy
- Endpoint Policy
- Shadow
- SonicWall Support
DNS Doctoring
Introduction
DNS Doctoring allows the firewall to change the embedded IP addresses in Domain Name System (DNS) responses so that clients can connect to the correct IP address of servers. Specifically, DNS Doctoring performs two functions:
- Translates a public address in a DNS reply to a private address when the DNS client is on a private interface.
- Translates a private address to a public address when the DNS client is on the public interface.
Configuring DNS Doctoring
There are two kinds of situations that in which we need to use the DNS Doctoring feature.
The first one is shown in the Client Internal graphic. In this scenario, the local client and the local application server are both located on the inside interface of our appliance, while the DNS server that the client uses is located on another public network. When the client wants to access the server with its URL, the DNS server would return the public address of the application server to the client. So the client can’t access the local server with its public address.
Client External shows the second situation. The DNS server and application server are located on the inside interface of our appliance. When the external client tries to access the application server, the DNS server that the client uses would hand out the private address. But the external cannot access to the server with its private address.
Was This Article Helpful?
Help us to improve our support portal