Use case 1 illustrates the DNS client on the public side of the
firewall, while the DNS server and the ultimate destination server
are both on the internal side. This case requires DNS rewrite in
the reverse direction. The DNS client queries for the IP address
of red.com. Based on the NAT rule, the firewall translates the query
(originally going to public address 1.1.2.1) to internal address
192.168.2.1. The DNS server responds that red.com has IP address
192.168.2.10. The rule includes
Enable DNS Rewrite - reverse
and
the DNS response of 192.168.2.10 matches the destination Translated
Address of 192.168.2.0/24 in the rule, so the firewall translates
the DNS response using the
reverse
translation
that the rule uses. The rule says translate 1.1.2.0/24 to 192.168.2.0/24,
so the firewall rewrites the DNS response of 192.168.2.10 to 1.1.2.10. The
DNS client receives the response and sends to 1.1.2.10, which the
rule translates to 192.168.2.10 to reach server red.com.