Skip to main content
Keeper_of_the_Keys
Keeper_of_the_Keys
New Member
August 12, 2021
Question

DHCP search domain

  • August 12, 2021
  • 2 replies
  • 41925 views

Hi everyone,

 

We have our forti setup as DHCP server for our network, it has a search domain defined in the system DNS settings and the DHCP settings for vlans are set to use system default settings, however the search domain is not being passed to clients.

 

Any ideas?

 

Tech: 2x 1100E A-A

FortiOS: 7.0.0

 

config system dns
    set primary x.x.x.x
    set secondary y.y.y.y
    set domain "our.search.domain"
end

config system dhcp server
    edit x
        set dns-service default
        set default-gateway x.x.x.x
        set netmask 255.255.252.0
        set interface "some-interface"
        config ip-range
            edit 1
                set start-ip x.x.x.16
                set end-ip x.x.x.254
            next
        end
   next
end

    2 replies

    lobstercreed
    lobstercreed
    New Member
    August 14, 2021

    The system domain is not supposed to be passed to DHCP clients.  You need to specify it as a DHCP option just like you do your DNS servers, etc.

     

    The command according to the config guide is this:

     

    config system dhcp server
        edit x
            set domain "our.search.domain"
       next
    end

      Keeper_of_the_Keys
      Keeper_of_the_KeysAuthor
      New Member
      August 15, 2021

      Hey thanks for your reply!

       

      Why is it logical that the search domain should not be passed?

       

      If I set DNS to be "as system" (in the GUI - results in "set dns-service default" as far as I can tell) then I would expect the search domain to be passed with that after all search domain is an integral part of DNS settings.

       

      I think I'll be opening a bug report on this.

      lobstercreed
      lobstercreed
      New Member
      August 15, 2021

      The setting you're referring to is for DNS servers.  I strongly disagree that the search domain (or suffix, in the terminology of DHCP option 15) is an "integral" part of DNS settings. 

       

      I can do everything I want on the Internet without a DNS suffix .  However, I need DNS servers to do almost anything on the Internet.  I can always type the FQDN of the local resource I need and the DNS suffix becomes entirely redundant.

       

      Another reason is you can specify multiple search domains in the FortiGate system settings.  If you had done this, which one should it pass as DHCP option 15 (DNS suffix)?  This is at least one reason why it is not a bug for you to have to specify it in the DHCP server settings.

      Jacob74
      Jacob74
      New Member
      September 9, 2022

      I'm very glad I came across this information. While I am still a beginner and have no ideas, but as they will write.

      Terms & ConditionsAccessibility statement