FortiGate as remote site DNS for Domain Clients

Hello all,

So we are testing using fortigates as DNS servers for remote sites. Our test site is as follows.

A Windows Domain Server Hosted in Azure 192.168.1.10 (HQ Server)

Site to Site VPN

FortiGate 60D in the remote site 192.168.10.254

The DNS Server on the Domain controller is configured to use the fortigate as a Second Name server. Zone Transfer is set to use the Name servers of the Zone and so is Notify

DNS Database is turned on, on the 60D

A salve database is configured on the DNS Server settings below:

Type: salve

View: Shadow

DNS Zone: company.local

Domain: company.local

IP of Master: 192.168.1.10

Authoritative: Enabled

Interface Services configured for the internal interface

I also added in the Set Source-ip to the internal interface and set forwarder to the HQ DC

But users could not long on and where getting no name servers found. I then also configured the _msdcs Zone

Type: salve

View: Shadow

DNS Zone: _msdcs.company.locall

Domain: _msdcs.company.local <-- I had to do this as it will not allow me to have company.local as the above database is using it

IP of Master: 192.168.1.10

Authoritative: Enabled

But still no signons. Anyone any thoughts?

CLI config:

config system dns-database

    edit "company.local"

        set domain "company.local"

        set type slave

        set forwarder "192.168.1.10" 

        set source-ip 192.168.10.254

        set ip-master 192.168.1.10

    next

    edit "_msdcs.company.local"

        set domain "_msdcs.company.local"

        set type slave

        set forwarder "192.168.1.10" 

        set source-ip 192.168.10.254

        set ip-master 192.168.1.10

    next

end