Use case 4 illustrates the DNS client and the ultimate destination
server both on the public side of the firewall, while the DNS server
is on the internal side. This case requires DNS Rewrite in the forward
direction. The DNS client queries for the IP address of red.com.
Based on Rule 2, the firewall translates the query (originally going
to public destination 1.1.2.1) to 192.168.2.1. The DNS server responds
that red.com has IP address 192.168.2.10. Rule 1 includes
Enable
DNS Rewrite - forward
and the DNS response of 192.168.2.10
matches the original destination address of 192.168.2.0/24 in Rule
1, so the firewall translates the DNS response using the
same
translation
the rule uses. Rule 1 says translate 192.168.2.0/24 to 1.1.2.0/24,
so the firewall rewrites DNS response 192.168.2.10 to 1.1.2.10.
The DNS client receives the response and sends to 1.1.2.10 to reach
server red.com.