firewall as dns proxy

Sometimes

Many vendors include a caching only nameserver in their units, regardless of the class of device (SOHO, SMB, enterprise). The feature you want to look for, however, has several different names depending on the manufacturer. I've heard it called DNS rewrite, DNS loopback, and DNS proxy. What this allows you to do is to not have to run an internal only nameserver for mapping host names to private IPs.

For example, I may have

resolving externally to 42.0.0.1 but behind the firewall it's really 10.0.0.1. I want to be able to config my internal PCs to use either external nameservers or the firewall plus external nameservers. When I do an address lookup for the firewall will send back 10.0.0.1. With Cisco and NetScreen SOHO units, it will rewrite your DNS request. In something like a D-Link DFL-80, you actually set up a table of FQDNs and IPs. Last I knew of the SonicWall SOHO 3, they didn't provide any DNS rewriting at all. That may have changed in later products or more current firmware revs but if so, it's taken them several years to implement.

If you're running Active Directory behind your firewall, it's not such a big deal since you'll already have an internal nameserver. I have seen Windows nameservers flake out in heavy traffic environments and sometimes need their service restarted.

-Gary