Support for Domain Name System Messages
Security Appliance fully supports NAT and PAT Domain Name System (DNS) messages
originating from either a more secure interface or less secure interfaces. This means that if a
client on an inside network requests DNS resolution of an inside address from a DNS server
on an outside interface, the DNS record is translated correctly. To illustrate this point, Figure
6-2 shows a user from inside obtaining DNS resolution from the outside (maybe from an
Internet service provider) for a web server on the inside. This process is called DNS reply
modification or DNS doctoring.