Skip to main content
miko
miko
New Member
May 15, 2015
Solved

DNS zone forwarding

  • May 15, 2015
  • 2 replies
  • 9164 views

Hi,

 

We have FortiGate 200D (fw v5.2.3,build670 (GA)) and I was wondering if I could setup DNS zone forwarding on this device.

 

Please advise! Thanks!

    Best answer by emnoc

    Yes, just set the  forwarder address in the domain for the domain you want forwarding request. I don't know if you can do a wildcard forwader statement

     

    eg ( for forwarding request for domain XYZ )

     

     

    config system dns-database     edit "dns1"         set domain "xyz.com"         set view public         set forwarder "208.109.255.51"     next end

    Use the diag test app dnsproxy  2 command to see the fwd counters  increases.

     

    The above will forward all request for domain xyz to 208.109.255.51, if some one knows how to do a wildcard forwarder, that would  be nice if they can share.

     

     

     

     

     

    2 replies

    emnoc
    emnocAnswer
    New Member
    May 15, 2015

    Yes, just set the  forwarder address in the domain for the domain you want forwarding request. I don't know if you can do a wildcard forwader statement

     

    eg ( for forwarding request for domain XYZ )

     

     

    config system dns-database     edit "dns1"         set domain "xyz.com"         set view public         set forwarder "208.109.255.51"     next end

    Use the diag test app dnsproxy  2 command to see the fwd counters  increases.

     

    The above will forward all request for domain xyz to 208.109.255.51, if some one knows how to do a wildcard forwarder, that would  be nice if they can share.

     

     

     

     

     

    miko
    mikoAuthor
    New Member
    May 19, 2015

    This is exactly what I need, but I need to use wildcards. We have a remote location with a local domain and I want to forward DNS requests for that domain only. Without wildcards it will be really hard to maintain all those entries. I've tried different combinations, but no luck so far. If anyone knows how to make those wildcard statements, please share!

    emnoc
    emnoc
    New Member
    May 22, 2015

    i set down and played with this b4 but never got to work. What you could do but not sure if this is what you want;

     

     

    config sys dns-server

          edit wifi

              set mode forward-only

          end

     

     

    That would forward everything to your local defined dns server entries. The local system dns-db is never queried. AFAIK, FTNT does not have a means to set a domain for local query with a forward for anything else & to a defined dns-server

     

    What we need is a bind like forwarder;

     

     

    acl myforwardlist { 

                      192.0.2.1/32;                   192.0.2.2/32;                   127.0.0.1/32;                  };

     

    zone  example.com {

              type forward;

              forwarders { myforwardlist; };

     

    }

     

    I believe the above is what you want? & per each zone ?

     

    Terms & ConditionsAccessibility statement