Watchguard XTM DNS Forwarding

Hello Experts,

we have a Watchguard XTM 22 with firmware version 11.4.1. Is it possible to use the device as DNS server which translate the DNS requests from the internal clients? We assign the internal IP address of the Watchguard as default gateway and as primary DNS Server on the clients. With this configuration the clients did not become any DNS responses. If we use another (public) DNS server all is fine and the translation work.

How can we configure the DNS forwarding service on the XTM appliance (if it is possible)?

Thanks in advance!
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You can do it, but you need to configure dns for the xtn. Under netwotk>external interface
systree-agAuthor Commented:
The external interface is configured for "DHCP" and (have to) become the DNS server from the cable-provider. We also add 2 public DNS server in the global configuration (Network->Interfaces: DNS Servers). This doesn't resolve the problem.

Any other suggestions?
I misunderstood, the watchguard itself can't be a DNS forwarder (AFAIK), but if you enable DHCP on the TRUSTED interface you can specify a DNS server to pass on to the clients (being your ISP's)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
OWASP Proactive Controls

Learn the most important control and control categories that every architect and developer should include in their projects.

systree-agAuthor Commented:
Damien KayCommented:
Actually you CAN use the XTM22 as a DNS Forwarder, but you have to enable it using the CLI. the option is not available in the Web GUI or in the WSM:,  (pg. 46)

Use "ip dns forwarding enable" to enable DNS forwarding.
Use "no ip dns forwarding enable" to disable DNS forwarding.

I have not tried it, but I am assuming it will use the DNS servers you define under the Network Interfaces.  You can then use the internal IP of the XTM as the DNS server you assign to your clients in the DHCP settings.
Damien KayCommented:
Another version of the answer:
Question: How can I enable DNS forwarding on my Fireware XTM device?
Answer: You can use the command line interface (CLI) to enable DNS forwarding on your Fireware XTM device. This configuration option is not available in Policy Manager or the Fireware XTM Web UI.

To enable DNS forwarding:

1. Make sure your device uses Fireware XTM v11.3.1 or later.
2. Connect to the CLI. For more information, see the WatchGuard Command Line Interface Reference available at
3. Log in with the admin user name and passphrase.
4. To start configuration command mode, type:
5. To enable DNS forwarding, type:
                  ip dns forwarding enable
6. To verify that DNS forwarding is enabled, type:
                  show ip dns
7. Verify that the DNS Properties show:
                  DNS forwarding: Enabled
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.