Examice

Exam PCNSE All QuestionsBrowse all questions from this exam

Question 555

A firewall engineer creates a NAT rule to translate IP address 1.1.1.10 to 192.168.1.10. The engineer also plans to enable DNS rewrite so that the firewall rewrites the IPv4 address in a DNS response based on the original destination IP address and translated destination IP address configured for the rule. The engineer wants the firewall to rewrite a DNS response of 1.1.1.10 to 192.168.1.10.

What should the engineer do to complete the configuration?

Enable DNS rewrite under the destination address translation in the Translated Packet section of the NAT rule with the direction Forward.

Create a U-Turn NAT to translate the destination IP address 1.1.1.10 to 192.168.1.10 with the destination port equal to UDP/53.

Enable DNS rewrite under the destination address translation in the Translated Packet section of the NAT rule with the direction Reverse.

Create a U-Turn NAT to translate the destination IP address 192.168.1.10 to 1.1.1.10 with the destination port equal to UDP/53.

Correct Answer: A

To complete the configuration, the engineer should enable DNS rewrite under the destination address translation in the Translated Packet section of the NAT rule with the direction Forward. This ensures that the firewall rewrites the DNS response based on the original and translated destination IP addresses configured for the rule, translating the DNS response from 1.1.1.10 to 192.168.1.10.

Discussion

MHy2kOption: A

A: forward—If the DNS response matches the Original Destination Address in the rule, translate the DNS response using the same translation the rule uses. For example, if the rule translates IP address 1.1.1.10 to 192.168.1.10, the firewall rewrites a DNS response of 1.1.1.10 to 192.168.1.10. https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-networking-admin/nat/source-nat-and-destination-nat/destination-nat-dns-rewrite-use-cases

pavtoorOption: A

A is correct. Tested in Lab

MarshpillowzOption: A

A is correct

Andromeda1800Option: A

One more vote for A

homersimpsonOption: A

Agree with dgonz and pavtoor.

dorf05Option: C

https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-networking-admin/nat/source-nat-and-destination-nat/destination-nat-dns-rewrite-use-cases/dest-nat-dns-rewrite-reverse-use#:~:text=The%20following%20use,DNS%20Rewrite.

dgonzOption: A

forward—If the DNS response matches the Original Destination Address in the rule, translate the DNS response using the same translation the rule uses. For example, if the rule translates IP address 1.1.1.10 to 192.168.1.10, the firewall rewrites a DNS response of 1.1.1.10 to 192.168.1.10. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/networking/nat/source-nat-and-destination-nat/destination-nat-dns-rewrite-use-cases#id0d85db1b-05b9-4956-a467-f71d558263bb