Server Load Balancing - Source IP of Response

Question

I have set up simple Server Load Balancing in hopes to Add load Balancing (or.. fail over..) for DNS. One Server with the Weight of 100 and the other Weight of 0. The hope is to have it 'fail over' when my Internal DNS is offline. 
 The issue is, the Requests go out fine, but the response's "Source IP" is the Server, and not the Virtual IP of the load Balancer - so the windows client is not accepting the DNS response. 
 
 Is there any way for the Load Balancer to send request, with it being the source IP so the Response goes back through the load balancer? So that then the Client Gets a Response from the IP if send it to.

BAlfson · Accepted Answer

Hi Thierry and welcome to the UTM Community! 
 The problem is that the Load Balancer doesn't change the Source address in the request packet from the client. The server sees that the request came from a machine in its subnet, so it doesn't send the response to its default gateway (the UTM). It ARPs for the MAC address of the client and then communicates with it on layer 2. When the client sees an unexpected response packet, it rejects the packet. 
 There are two solutions that come to mind. Best would be to move the servers to a DMZ so that all traffic to them is from a different subnet. A quick Band-Aid might be a NAT rule like: 
 SNAT : Internal (Network) -> Any -> {group of servers} : from Internal (Address) 
 I think that SNAT would work, but I haven't tried it. Please let us know your result. 
 Cheers - Bob