when the cpe is in NAT mode, and you've got a public or private address ranged DNS server delived to the radio via DHCP, the radio will not resolve hosts with private IPs.
example, our dns X.X.X.12 (public IP) will answer billpay.FQDN as a private 10. address, the CPE will not proxy with that information. if that same DNS server is manually entered into the device, the site will respond normally. this happens with any private address resolved by the epmp CPE with the DNS proxy.