Your observations are correct. Checkpoint does not do any conversion of dns lookups like some of the competing product(s?) can do. The solution is normally to have one internal dns server, serving internal names/ips and another one for external lookups.
Lars -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Peter Olsson Sent: 15. februar 2008 12:41 To: [email protected] Subject: [FW-1] Can Checkpoint firewall handle DNS through NAT? Our tests indicate that Checkpoint firewall has no support whatsoever for DNS through NAT. Not for zone transfers and not even for A records. Is this true, or am I missing something? An internal DNS server, with a static adress translation in the firewall, gives its internal IP number in responses to AXFR and A queries from external hosts. I searched documentation and support but find nothing on the subject. Thanks! -- Peter Olsson [EMAIL PROTECTED] Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
