Forward all internal UDP 53 to Firewall Proxy
ArminF
Newbie ✭
Hello,
can you please help me archiving the following scenario.
tz270 is setup as DNS Proxy so i wanted to route all Port UDP 53 request to the firewall proxy.
Not quite sure how the NAT should look like.
LAN -> Port UDP 53 -> Firewall IP
thank you very much.
best regards armin
Best Answers
-
CORRECT ANSWER
BWC
Cybersecurity Overlord ✭✭✭
@ArminF to my understanding having this option enabled does not need any additional NAT rules. But as mentioned, the limitation is UDP only for whatever reason, even when the DNS Proxy is set to TCP+UDP, which is/was IMHO not the default and has to be enabled on the Internal Settings Page (that might answer your question).
DNS should be always TCP+UDP or it'll break stuff, IMHO your NAT Rule covering both should do the trick, but don't forget to check that DNS Proxy is really working in TCP+UDP Mode.
https://your-appliance//sonicui/7/m/mgmt/settings/diag
--Michael@BWC
0
Answers
@ArminF did you tried the Option "Enforce DNS Proxy For All DNS Requests" on the DNS Proxy Settings first? I never used it and the balloon help showed it's limited to UDP requests only, but it might do the same you're looking for.
--Michael@BWC
@BWC - thanks Michael!
Indeed i enabled the option on the DNS tab.
With the NAT i forward TCP and UDP now to the poxy.
But from what i read it looks like the DNS proxy only handles UDP not TCP.
Do i understand this right? But what would happen to DNS via TCP then?
Would i need to change the NAT to be translated to UDP only instead of keeping Oriiginal?
Michael,
again thank you very much for your support!
Option is enabled on the DIAG page as well.
OK, i keep the NAT as it then routes both protocols.
thanks Michael and have a sunny sunday!
cheers armin