Mini DNS on enforcement module

[philofish]

Hello all

as a relative newbie - just passed the CCSA today - pheww
I am not a newbie with regards to firewalls - just ceckpoint but i needed the following answered if possible? -
This is about ISP redundancy and the mini dns server
The enforcement module via GuiDBedit allows you to setup a mini DNS to answer queries for internal services, i.e. HTTP and FTP etc

the docs say register the enforcement point in your ISP's DNS

Quote
Register your domain (e.g. example.com) with
Inform the ISPs of the two addresses of the
queries about the domain example.com.

Does this mean i register the enforcement points as NS records? as they will answer for any A resource record requests for internal systems?

hope this makes sense - maybe i am reading it wrong - but we have a similar setup with our ALTEONS - they are authoritative for internal or sub domains within our LAN

[philofish]

please! someone must know

[kva.kva]

It seems that for use ISP redundancy for incoming connections, you should have your own DNS servers in LAN, or rather, all DNS queries should arrive your Firewall-1. So you should have two NS records with IP addresses your Firewall-1 (or some NAT addresses for your DNS servers).
So incoming DNS queries would intercepted by your Firewall-1 and Firewall-1 will return IP by first ISP or by another ISP.