Skip to main content
frenaud
frenaud
New Member
November 20, 2013
Question

Local DNS database

  • November 20, 2013
  • 3 replies
  • 13273 views
Is there a way to have a dynamically updatable DNS database on the Fortigate? For example, I' ve set the local domain name to " branch1.local" in the " DNS Server" option and on my DHCP server. How can I resolve local computers through the Fortigate. I can configure a DNs Database, but I don' t want to have to input all the addresses manually.

    3 replies

    Dave_Hall
    Dave_Hall
    New Member
    November 20, 2013
    Keep in mind that the Fortigate' s DNS server (aka DNS database) implementation on fgt devices do not support all DNS record types. And I' m not even sure it supports DNS dynamic updates -- I could not find any CLI options under DNS database nor DHCP server about " registering IP addresses" or dynamic updates. That said, looking at the DNS options on the IP address settings of my Windows 7 workstation' s network connection there are options there for enabling the computer to register the computer' s IP address with DNS. (Help document sort of states this feature is enabled by default, though.) You could try playing around with those settings (perhaps even through group policies). Personally, if your network is already running some sort of Active Directory or DHCP server there should already be some options in the settings for automatic registering of DHCP clients with DNS. (Haven' t play around with newer releases of Windows server to know what can/can not been done since the my old server 2000 days.)
    frenaud
    frenaudAuthor
    New Member
    November 21, 2013
    We don' t have a Windows 2003/2008/2012 since it' s for a branch store. We don' t even need to have the branch1.local " domain" . It' s just for local reference. We just need the A records of the workstations to be held by the Fortigate. Even my $20 Trendnet router has a dynamic internal DNS database....
    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    November 21, 2013
    FortiOS DNS does not have the dynamic update feature. This might be for a good reason: trading security for effort. The MS Windows server OSes do have that feature. The client requesting a DHCP lease offers it' s hostname in the request, the DNS server picks it up and updates the DNS record accordingly. From a security angle this should well be avoided - anyone could hijack an existing hostname. Then again, even entering a couple of dozens of records is no big deal if you use the batch command method. Besides, the DNS still does not support PTR records so there' s no reverse DNS (IP address to hostname). You can have CNAME, even NS but no PTR. This has been nagging me for years now (since 4.3 expanded the DNS records available).
    frenaud
    frenaudAuthor
    New Member
    November 21, 2013
    Thank you for the clarification
    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    February 8, 2014
    Thanks! Now I' m looking for a way to ' nslookup' in the CLI...doesn' t seem to exist. When I ' ping hostname' , I get both the hostname and IP address. When I ' ping 1.2.3.4' , I only get the address twice (with a PTR record configured). Of course, I can test this from a host on the network but I' m not in at the moment. Ideas?
    Terms & ConditionsAccessibility statement