Getting started with DNS relay

In DNS relay, clients send DNS requests to a DNS resolver, which forwards the requests to a remote DNS server. In Forcepoint NGFW, the firewall can act as a local DNS resolver for clients in the internal network.

1: Clients in the internal network send DNS requests to the firewall.
2: The firewall forwards the DNS requests to remote DNS servers.
3: Remote DNS servers send DNS responses to the firewall.
4: The firewall provides the responses to the clients in the internal network.

The firewall temporarily stores the results of DNS requests in its cache until the time limit specified in the time to live (TTL) value for the DNS entry is reached. When a client makes a DNS request for a domain that has recently been requested, the firewall provides the IP address from the cache. Caching reduces the load on upstream DNS servers and improves performance.

In addition to providing DNS services for clients in the internal network, the firewall can also optionally do the following:

Return fixed DNS results for specific hosts or domains.
Forward DNS requests to different DNS servers depending on the domain in the DNS request.
Translate IPv4 addresses resolved by external DNS servers to IPv4 addresses in the internal network.

You can configure DNS relay on Single Firewalls, Firewall Clusters, and Virtual Firewalls.