Skip to main content
AshenCrow
AshenCrow
New Member
May 29, 2017
Solved

Multiple DNS Servers

  • May 29, 2017
  • 1 reply
  • 19370 views

Hello,

 

I currently have a setup with our Domain Controller's DNS Server which forwards all external queries to a FortiGate 60C. To allow network computers to lookup each other, I have assigned the DNS server for our internal network interface to point to the DNS Server which sits on our Domain Controller. Hence, all connected machines will use the Domain Controller's Internal DNS initially to find network resources and on the instance it can't for external resources, it forwards all requests to FortiGate to query the ISP DNS servers.

 

For expansion purposes, I am looking at placing a Domain Controller at branch offices which are currently segmented by different subnet zones i.e.

 

Main Office DNS Zone = 10.0.0.0

Branch Office 1# DNS Zone 10.0.30.0

Branch Office 2# DNS Zone = 10.0.70.0

 

Each office is linked together via IPSec Tunnels hence, resources are visible to one another despite being on different locations. Given that Domain Controllers require DNS to work, I was wondering if there was a way to specify fallback/multiple Internal DNS lookup servers for network interfaces? I.e. Main office Domain Controller server goes down due to unexpected failure or maintenance, all traffic is routed to one of the two branch offices Servers.

 

Regards,

 

AshenCrow

    Best answer by Agent_1994

    What about configuring a Virtual Server with, let's say, 10.0.0.99 that redirects 53/udp traffic to each "real" server (the DC's on the other branch offices)?

     

    You could use a TCP health check in order to see if the service is still up and, of course, "Least RTT" as the LB method.

     

    1 reply

    Agent_1994
    Agent_1994Answer
    New Member
    May 29, 2017

    What about configuring a Virtual Server with, let's say, 10.0.0.99 that redirects 53/udp traffic to each "real" server (the DC's on the other branch offices)?

     

    You could use a TCP health check in order to see if the service is still up and, of course, "Least RTT" as the LB method.

     

    AshenCrow
    AshenCrowAuthor
    New Member
    May 31, 2017

    Hello Agent 1994,

     

    Thanks for your input on this matter. I've had a look at the Virtual Server/Load Balancing function of FortiOS (not supported on ours since we run FortiOS 2.5.7, Virtual Servers need FortiOS 2.5.8+ it seems) and it looks promising. I'd ideally like to try playing with this but I need to do some more research first.

     

    Using FortiGate Virtual Servers, would it be possible theoretically to configure the said virtual server to link to multiple real servers and then set that as the internal DNS server for the interfaces at each office? On an unrelated topic, I see that there are VMs available for testing, we don't have VMWare but is it possible to install FortiOS on virtual box for a lab environment?

    Agent_1994
    Agent_1994
    New Member
    May 31, 2017

    Though i didn't try it, i believe it's possible. After creating the virtual servers, you'd modify the DHCP server for each interface and pass the vs IP as a DNS server. I already have a lab setup here in my notebook, i'll give it a try today if i can.

     

    About VirtualBox, i dont kow and i barely used it. My lab is running on VMWare Workstation, but if you find a way to convert the vmdk (disk) file it should work.

     

    Another option is to download vmware workstation as a trial, or just use the free esxi server.

     

    Anyway, i'll try to do the test myself, cross your fingers.

     

     

    Terms & ConditionsAccessibility statement