Split DNS

Forum|Forum|6 years ago
January 25, 2020
1 reply
3599 views

I read somewhere in order to use Web Filter, I need to use FortiGuard DNS

Let say I have internal dns which host all internal server hostname

I want Fortigate which use default fortiguard dns able to solve internal server name

I came with idea to do split dns

OPTION1

-set Fortigate DNS to Internal DNS

set Internal DNS forwarder to FortiGuard DNS

OPTION2

-set Fortigate DNS to default FortiGuard DNS

then set

config system dns-database edit "company1.com" set domain "company1.com" set authoritative disable set forwarder "10.243.13.1" next end QUESTIONS 1. Can I do OPTION2 and achieve same result as OPTION1 tq

6.2

Yurisk

SuperUser

To use Webfilter you don't need to use Fortinet DNSes. To use DNS Filter you do need to use their DNS servers.

nbctcpAuthor

New Member

https://ibb.co/yNFfcQ8

After seeing Network/DNS/DNS Filter Servers=208.91.112.220

or

# sh full-configuration | grep -f sdns-server-ip

I can see that DNS Filter using FortiGuard

So OPTION1 should be Network/DNS=INTERNAL AD DNS IP INTERNAL AD DNS Forwarder=ISP DNS

but question remain, whether can I use OPTION2 and get same result as OPTION1

UPDATE1: 1. I think this is the answer https://www.youtube.com/watch?v=3Ze3jMAdRTo&feature=emb_logo I need to setup dns server in Fortigate interface facing LAN/DMZ

Yurisk wrote:
To use Webfilter you don't need to use Fortinet DNSes. To use DNS Filter you do need to use their DNS servers.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded