Which DNS settings make more sense? Passthrough fortigate or configure DNS server?

DNS resolving at a client's site is currently as follows:

Windows Client --> AD (samba) --> dnsmasq --> ISP DNS

Currently dnsmasq is running on a linux cluster that doubles as firewall/router between local lan and external network.

We are going to replace the linux clusters firewall/router capabilities with a fortigate.

There are two variants for DNS in this new setting (clients requirements are to still have a dnsmasq server):

Windows Client --> AD (samba) --> dnsmasq --> (passthrough fortigate) --> ISP DNS

or

Windows Client --> AD (samba) --> dnsmasq --> (fortigate as DNS server, recursive) --> ISP DNS

Does it make sense to use the fortigate as DNS server in this setup?

dnsmasq will be moved to another cluster anyway and will still be there.

Dan

Sign up