topology : client---sw---USG5300---internet---DNS(220.127.116.11)
Customer found that when he visit his email server with URL and DNS reply with the private ip address of his email server, but he didn't register his private ip address to DNS(18.104.22.168)
1. Checked configuration and found that he enabled "dns detect' between zone untrust and trust.
2.USG will transfer the public ip address to private address when enabled "dns detect".
DNS detect will transfer the public ip address to private address.