Sorry for the wait.
For example, the working configuration from the network laboratory:
set firewall group address-group DNS address '172.16.0.250'
set firewall group address-group DNS address '172.16.0.251'
set interfaces ethernet eth0 address 'dhcp'
set interfaces ethernet eth1 address '172.16.0.1/24'
set nat destination rule 100 destination port 'domain'
set nat destination rule 100 inbound-interface 'eth1'
set nat destination rule 100 log
set nat destination rule 100 protocol 'tcp_udp'
set nat destination rule 100 source group address-group '!DNS'
set nat destination rule 100 translation address '172.16.0.250'
set nat destination rule 100 translation port 'domain'
set nat source rule 100 outbound-interface 'eth0'
set nat source rule 100 translation address 'masquerade'
All internal requests to port 53 are translation to IP 172.16.0.250
Firewall is not used!
As client doing the DNS request and the internal server are on the same LAN, you need to add a sNAT rule for this traffic.
Without, the internal server replies directly, and DNS request isn’t translated back. So the client sends a request to 18.104.22.168 and gets reply back from 192.168.1.1 , which will be ignored.
I did manage to fix this although encountered a wierd bug on 1.4 where it was nating to a destination that wasnt even defined. The behaviour broke all understanding of how dnat/snat works and reverted to 1.3.2 and issue is sorted. Thanks for your reply.