Technical Tip: DNS database SRV record query failure with FortiGate as a secondary to a Windows AD DNS primary

yangw · ‎05-18-2022

Description

This article describes the causes of DNS database SRV record query failure with FortiGate as a secondary.

Scope

Versions 7.0.x, 7.2.x.

Solution

The authoritative DNS, in this case, should be the primary DNS server.

DNS database with FortiGate as a secondary configuration below:

FG-1 # config system dns-database

FG-1 (dns-database) # sh fu

# config system dns-database

edit "twtac.lab"

set status enable

set domain "twtac.lab"

set type secondary

set view shadow

set authoritative enable <----- Default enabled, the SRV record will fail to query.

set forwarder "172.16.1.5"

set source-ip 0.0.0.0

set ip-primary 172.16.1.5

Sent DNS query with 'nslookup' command on windows.

> set type=all

> server 10.1.218.5

default server: [10.1.218.5]

Address: 10.1.218.5

> _ldap._tcp.twtac.lab <-------- SRV record

server: [10.1.218.10]

Address: 10.1.218.10

*** [10.1.218.10] not found _ldap._tcp.twtac.lab: Non-existent domain.

Modified the DNS database configuration below.

# config system dns-database

edit "twtac.lab"

set status enable

set domain "twtac.lab"

set type secondary

set view shadow

set authoritative disable

Result:

> _ldap._tcp.twtac.lab

伺服器: [10.1.218.10]

Address: 10.1.218.10

_ldap._tcp.twtac.lab SRV service location:

priority = 0

weight = 100

port = 389

svr hostname = WIN-3NFPIL98G2N.twtac.lab

WIN-3NFPIL98G2N.twtac.lab internet address = 10.1.218.5

>

Technical Tip: DNS database SRV record query failure with FortiGate as a secondary to a Windows AD DNS primary

You are leaving our website