Does DNS-Doctoring support IPv6 ?
is a functionality where the firewall will look at DNS responses from your DNS servers for addresses that have a static NAT rule defined and will then change the IP in the DNS response to the NAT address. This behavior is wrong in so many ways. There is very little documentation about this - as far as I know this behavior gets triggered when both the DNS server and the response have a static NAT rule, but I may be wrong. If you think you need functionality like this, you should rethink your DNS infrastructure. Other than it being an extremely ugly kludge, it doesn't always work and will fail in the future if you decide to use DNSSEC.
When this feature was first introduced, it couldn't even be disabled. But in more recent JunOS releases it can be disabled using the following command:
set security alg dns doctoring sanity-check
The only documentation I am able to see is https://pathfinder.juniper.net/feature-explorer/feature-info.html?fKey=166&fn=DNS+ALG+and+Doctoring+support
There is actually a lot of information vlear explanation of the functionality and use case,
set security alg dns doctoring none
The article requires login.