How to get gateways to resolve external dns

[terri8369]

I have such a basic question I am embarrassed, but I have been googling the heck out of it and since I'm not sure how to phrase it I am not getting the answers I need.

I have an 80.20 cluster. I have workstations behind it. Currently all the workstations go through a proxy server, and that is resolving their dns requests. Now we are moving away from proxy and want traffic to go through firewall. I have made my dns stack on the PC point to the firewall. I have a rule above the stealth rule allowing dns traffic from my workstation to the gateways. I see the traffic in the logs and it is being accepted, but how do I tell the gateways to look it up and resolve it? I just keep getting page not found on my PC. I found the DNS setting in the global properties (Accept Domain Name over UDP) but from what I read that is not a good thing to enable, you need should use explicit rules to do this. So, I have ....

Workstation with DNS pointing to Gateway
Rule allowing my workstation to get to gateway on port 53 (I see the traffic going there and being accepted)
Rule allowing Gateways to go out to get DNS lookups (I see traffic in the logs of them going out and it is in the DNS settings in the GAIA portal (hosts and Management, DNS))

But don't know how to tie the two together. My gateways get out but how do I tell them to do my lookup?

Any help is appreciated.

[Jejerod]

So, I have ....

Workstation with DNS pointing to Gateway
Rule allowing my workstation to get to gateway on port 53 (I see the traffic going there and being accepted)
Rule allowing Gateways to go out to get DNS lookups (I see traffic in the logs of them going out and it is in the DNS settings in the GAIA portal (hosts and Management, DNS))

But don't know how to tie the two together. My gateways get out but how do I tell them to do my lookup?

You don't. Your Gateways are not DNS resolvers. Either use local DNS resolver (usually Windows domain controller act as DNS) or configure your gateway policy to allow DNS through the firewall to specific or any server. Look at the proxy to see which way it was able to resolve names (/etc/resolv.conf if this is something unixoid). Or try it with a public DNS like 8.8.8.8, 8.8.4.4 or 1.1.1.1.

[terri8369]

You don't. Your Gateways are not DNS resolvers. Either use local DNS resolver (usually Windows domain controller act as DNS) or configure your gateway policy to allow DNS through the firewall to specific or any server. Look at the proxy to see which way it was able to resolve names (/etc/resolv.conf if this is something unixoid). Or try it with a public DNS like 8.8.8.8, 8.8.4.4 or 1.1.1.1.

Thank you for the response, I was wondering why I could not find anything no matter how much I googled it. You have saved me a lot of time.

Thanks again,
terri