Technical Tip: Split DNS is not working in FortiSASE using internal DNS Server
| Description | This article describes how to handle a scenario where customer tries to configure Split-DNS with Private IP address when SPA is not configured. |
| Scope | FortiSASE. |
| Solution | In a scenario where ON-NET users wants to resolve internal domain names with an internal DNS server, configuring Split DNS with Private IP address could lead to unreliable outcomes when SPA is not configured. An Alternative is to configure the internal DNS server with public IP address instead. Another option is to configure SPA and reach the internal DNS server through SPA. Only when SPA is configured, the private IP address can be used for the internal Server.
When SPA is configured, the FortiSASE will intercept the DNS traffic and send the DNS requests to the private Internal Server through the tunnel. For that a deep inspection is required to succeed in the interception.
|
