Description

This article describes how to add static DNS entries to resolve domains that are hosted internally and have FortiGate to act as a DHCP and DNS server to provide range of IPs to workstations.

In this scenario, there is an internally hosted website that users need to resolve its domain name to a local IP when trying to access the website. It is possible to configure FortiGate as a DNS server and add a static DNS entry in the DNS server database.

Scope

FortiGate.

Solution

Make sure that in Feature visibility, DNS Database is enabled as shown below. Go to System -> Feature Visibility -> Additional Features -> DNS Database.

 

Example configuration in the CLI: 

 

config system dns-server
    edit "port2"

    set mode recursive
    next
end

 

Create  the DNS Database, and within the DNS database to create the DNS static entry as shown below:

 

 

 

Example configuration in the CLI: 

 

config system dns-database
    edit "test"
        set domain "example.com"
        set authoritative disable
        config dns-entry
            edit 1
                set hostname "test"
                set ip 1.1.1.1
            next
        end
        set contact "hostmaster"
    next
end

 

Once 'OK' is selected, save the settings in DNS, and create a DHCP Server configuration under port2.

 

 

config system dhcp server

    edit 5

        set default-gateway 172.31.131.2
        set netmask 255.255.240.0
        set interface "port2"
        config ip-range
            edit 1
                set start-ip 172.31.128.2
                set end-ip 172.31.143.254
            next
        end
        set dns-server1 172.31.131.2
    next
end

 

The workstations behind this interface will get IP from this DHCP range, and also with DNS IP which will resolve the static DNS entry in the DNS database as below:

 

 

When trying to resolve the domain test.example.com:

 

 

It is possible to resolve the domain with a private IP from FortiGate.