DNS Proxy over Site-to-Site VPN
We have a remote site (TZ300) setup via an IKEv2 Site-to-Site VPN tunnel to a hub location (NSa2600). Lets say the TZ300 is 10.0.2.1 and is the gateway for the LAN network 10.0.2.0/24. The TZ300 is set to be a DNS proxy and all computers at the remote site are set with 10.0.2.1 as their DNS server. The TZ300 is then setup under the DNS settings to have the DNS IP be our DNS server (Win2016, lets say that is 10.0.1.2, the NSa2600 network is 10.0.1.0/24) at our hub location.
When a computer at the remote site (lets say 10.0.2.2) attempts a DNS query against the TZ300 (10.0.2.1), doing a Packet Monitor Capture on port 53, I can see that the remote computer does send the DNS query to the TZ300 and it has a status of "Received". But it appears the TZ300 is never forwarding the query on to the DNS server (10.0.1.2). The computer then eventually just times out on the DNS request since it never receives a reply from the TZ300.
That being said, I do see DNS traffic traversing just fine from the TZ300 itself to the DNS server for other needs (such as, several sonicwall.com DNS reqeusts which I assume are some services running on TZ300...such as Gateway Anti-Virus, etc.) These requests are being sent from the TZ300 to the DNS server, and receiving a reply without any problems. It just appears to be that the TZ300 is not recognizing what to do with the DNS proxy requests when the DNS server is on the other side of the VPN connection.
That being said, If I setup the DNS proxy to use a "public" DNS (Such as 126.96.36.199), then it immediately works without any issue and the remote computer receives a DNS response immediately.
What am I doing wrong?