What is DNS Doctoring and how to enable it on SonicWall?
05/22/2020 2 2048
DNS Doctoring allows the firewall to change the embedded IP addresses in Domain Name System (DNS) responses so that clients can connect to the correct IP address of servers.
DNS Doctoring performs two functions:
- Translates a public address in a DNS reply to a private address when the DNS client is on a private interface.
- Translates a private address to a public address when the DNS client is on the public interface.
This Article explains the different scenarios to use the DNS Doctoring feature and how to enable the setting on SonicWall.
There are two kinds of scenarios in which we need to use the DNS Doctoring feature.
- Explains Client Internal graphic
In this scenario, the local client and the local application server are both located on the inside interface of our appliance, while the DNS server that the client uses is located on another public network. When the client wants to access the server with its URL, the DNS server would return the public address of the application server to the client. So the client can’t access the local server with its public address.
- Explains Client External graphic
In this scenario, the DNS server and application server are located on the inside interface of our appliance. When the external client tries to access the application server, the DNS server that the client uses would hand out the private address. But the external cannot access to the server with its private address.
Enable DNS Doctoring on the SonicWall
- In the MANAGE view, navigate to the Policies | Rules|NAT Polices.
- Select the Checkbox to Enable DNS Doctoring.