Skip to main content
Stuart_Mitchell
Stuart_Mitchell
New Member
October 30, 2017
Solved

Internal DNS Multiple Subnets

  • October 30, 2017
  • 2 replies
  • 29883 views

Hi guys!

 

On our FortiWiFi unit, we're having trouble getting DNS resolving across two internal subnets. Internet works fine on the WiFi and the LAN, and we can access the LAN subnet from the WiFi and vice versa, but cannot resolve DNS.

 

I've tried searching through the Cookbook, watching videos, but can't find any clear guide as to how to set this up.

 

Our FortiWiFi is running firmware v5.6.2, and I've already enabled DNS Server from the Features.

 

Port1 (LAN) = 10.0.0.1/24 WiFi = 192.168.0.1/24 We're not running a corporate domain in our office, and have no on-prem servers (only small, no need). I've tried setting up the DNS Server a few different ways, but cannot get this to work. I know I can add entries in there manually, but that won't be practical to manage, as IP addresses and Hostnames will change. Can someone please assist? Kind regards,

Stuart Mitchell

Best answer by rwpatterson

OK, I believe there are two issues at play here.

1) Name resolution

2) DNS resolution

 

The reason people feel they are resolving names on the local subnet is due to Windows or other servers ability to resolve names on the local LAN via NetBIOS. The result is the same though the mechanism is far different. Though the DNS is set up correctly, as posted above, the Fortigate needs to be set up as a DNS server, either master (primary) or slave (secondary) and have access to a valid table with all local entries of all subnets installed within. If there is no table, the Fortigate has no information about any local hosts.

 

So back to the issue...inability to resolve hosts on a different subnet. Skip adding 'Same as system DNS' because Google has zero knowledge of your server situation. You need to run a local DNS server, either on the Fortigate or on Windows, or BIND. (or any appliance that's capable) Personally on my network, I run my primary DNS server on a Windows server, but hosts use my two NAS servers as their DNS servers. They are secondary servers retrieving their zone data from the primary Windows server. I make one zone change and it gets propagated through to both secondary boxes and the Windows box isn't too heavily taxed.

 

That being said, what is your primary DNS server?

2 replies

MikePruett
MikePruett
New Member
October 30, 2017

You need to bridge the wifi and LAN (if they are both work networks) into a software switch that way they are the same subnet). Without a true DNS server you are relying on broadcast traffic for resolution. Two different subnets wont broadcast to one another so you need to bridge them so that it is one subnet and one broadcast domain.

Stuart_Mitchell
Stuart_MitchellAuthor
New Member
October 31, 2017

Hi Mike,

 

For argument's sake, let's pretend that the networks cannot be on the same subnet, but need to be able to communicate with one another (including DNS resolution).

 

Are you saying there's no way to do this on a FortiGate without changing the subnet mask? For such a feature-filled device, I find that hard to believe, but I guess I'll see what other people come back with.

 

Kind regards,

Stuart Mitchell

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
October 30, 2017

What DNS server IPs are you handing over DHCP? A public one, like 8.8.8.8, or internal one somewhere inside of your network? In either case, as long as the client machine has reachability to the DNS server it should work fine.

Stuart_Mitchell
Stuart_MitchellAuthor
New Member
October 30, 2017

Hi Toshi,

 

The FortiWiFi system DNS is set to 8.8.8.8

The LAN DHCP is set to Interface IP for DNS server (10.0.0.1)

The WiFi DHCP is set to Interface IP for DNS server (192.168.0.1)

 

Under DNS Server, I've configured both interfaces (LAN & WiFi) to be Recursive

 

Should I be changing my WiFi DHCP to give out 10.0.0.1 as the DNS server?

 

Thanks in advance,

Stuart Mitchell

Terms & ConditionsAccessibility statement