static {
rule-set static-nat {
from routing-instance default;
rule allow_mail {
match {
destination-address x.x.x.x/32;
}
then {
static-nat prefix y.y.y.y/32;
{
}
destination {
pool websrv{
address a.a.a.a/32;
}
rule-set servers {
from zone untrust;
rule DC2 {
match {
destination-address b.b.b.b/32;
}
then {
destination-nat pool DC2;
}
}
}
}
Our company is upgrading from 10.0R1.8 to the recommended version 10.2R3.10. The problem is when I upgraded the version, DNS query from the outside returns the private IP address of my servers instead of the public. I did some testing with my extra Juniper SRX 210 and found out that whenever I use static NAT, the DNS query from outside of our network resolves the private IP of the server. The Destination Nat resolves the public IP address from a DNS query from outside.
The authoritative DNS server for the domain name is behind my juniper.