Domain name resolution site to site tunnel

Forum|Forum|3 years ago
October 27, 2022
3 replies
4221 views

Hi. I have two offices, in office A (Argentina) I have a Forti with a domain network, Windows server with DNS. In Office B (Mexico) I only have one Forti, I don't have any datacenter to replicate my domain. The issue is that in the DNS of the Internal and Wifi interfaces we put the Server that I have in Office A as the name server.
This is apparently causing problems, because all the name resolution queries travel from Office B to Office A.
We have performance issues between ISPs in each country through Site to Site. What I need, is that the DNS resolution of my domain Domain.local travels through the VPN, but then everything that is browsing the internet, uses the public DNS. I hope you can guide me.  Thank yo

FortiGate

Sheikh

Staff

Hi EduFon,

You can achieve this by enabling and configuring split DNS on the branch FortiGate firewall. At first you need to enable DNS Database in "Feature Visibility" of FortiGate.

Login to FortiGate>>>>System>>>Feature Visibility>>>DNS Database. After it is enabled, then go to DNS Servers under Network in FortiGate. Then you need to configure DNS service and attach it to an Interface. Please ensure to check "Recursive". You can/may also apply DNS filter on it.

After that you need to configure DNS Database and add your local DNS Zone and Domain name. As branch FortiGate is not a the master DNS for your internal DNS Zone on active directory, so you need to select type as "Slave". Enter the required information and click OK.

You may need to create a policy "or you may already have" to allow communication from the remote branch office network to your domain controllers in Site A. If the FortiGate is also acting as a DHCP server for your Branch network, then you might need to select "Same as Interface IP" for DNS Server under Network interface.

regards,

Sheikh

If you have found a solution, please like and mark it as solved to make it easily accessible for everyone.