Thread: Setting up DNS Proxy
View Single Post
  #8 (permalink)  
Old 2007-07-31
mcnallym mcnallym is offline
Senior Member
  
Join Date: 2007-06-04
Posts: 1,027
Rep Power: 3
mcnallym has an average reputation (10+)
Default Re: Setting up DNS Proxy
I will try and spell this out real clear as there seems to be some confusion here still.

THE CHECK POINT FIREWALL IS NOT A DNS SERVER AND SHOULD NOT BE TREATED AS IF IT IS A DNS SERVER.

You should configure your DMZ based DNS Server as if the Check Point DNS Proxy is not there. The DMZ based DNS Server will need to be the authoritative DNS Server still for your domain and sub domains. As such you will not need any NS Records in the public DNS Server as it will be the authoritative DNS Server for your domain, and any subdomains

What you configure in the DNS Proxy settings are the equivalent of A Records. Check Point DNS Proxy will intercept the DNS lookups heading to your DMZ based DNS Server and then if there is a matching entry then the DNS Proxy will respond. If there is no matching entry or it is a non A Record lookup then the request is passed through to the DMZ DNS Server.

As far as the Public DNS system is concerned then the Firewall is not involved and you should not send DNS requests to the Firewall.
Reply With Quote