Technical Tip: Behavior of the FortiGate configured as a DNS server when different DNS filters are applied on different interfaces
| Description | This article describes the exact behavior of the FortiGate configured as a DNS server when different DNS filters are applied and a client tries to query an interface they are not on. |
| Scope | FortiOS. |
| Solution | The FortiGate is set up as a DNS server, and is listening in on 'port9' and 'port10'.
'port10' has a DNS filter configured to block all queries, but the DNS filter on 'port9' lets all queries through.
The 'default' filter:
'block-ALL' filter:
   When doing an nslookup from a PC behind 'port10', the DNS filter for 'port10' will be applied no matter which IP on the FortiGate it tried to query.
 
It is also possible to see that in a 'dnsproxy' debug, the 'block-ALL' filter is being applied:
 |