DNS Doctoring

Introduction

DNS Doctoring allows the firewall to change the embedded IP addresses in Domain Name System (DNS) responses so that clients can connect to the correct IP address of servers. Specifically, DNS Doctoring performs two functions:

• Translates a public address in a DNS reply to a private address when the DNS client is on a private interface.
• Translates a private address to a public address when the DNS client is on the public interface.

Configuring DNS Doctoring

There are two kinds of situations that in which we need to use the DNS Doctoring feature.

The first one is shown in the Client Internal graphic. In this scenario, the local client and the local application server are both located on the inside interface of our appliance, while the DNS server that the client uses is located on another public network. When the client wants to access the server with its URL, the DNS server would return the public address of the application server to the client. So the client can’t access the local server with its public address.

Client Internal

Client External shows the second situation. The DNS server and application server are located on the inside interface of our appliance. When the external client tries to access the application server, the DNS server that the client uses would hand out the private address. But the external cannot access to the server with its private address.

Client External