|
Consider the scenario:
1) DHCP relay is configured on the interface where the DHCP server is also configured:
# config system interface
edit "port3"
--truncated--
set dhcp-relay-interface-select-method auto
set dhcp-relay-service enable
set ip 192.168.32.11 255.255.255.0
--truncated--
set dhcp-relay-ip "10.100.45.111" "10.100.45.112"
--truncated--
# config system dhcp server
edit 1
set dns-service default
set default-gateway 192.168.32.11
set netmask 255.255.255.0
set interface "port3"
# config ip-range
edit 1
set start-ip 192.168.32.191
set end-ip 192.168.32.191
next
end
# config reserved-address
edit 1
set ip 192.168.32.191
set mac xx:xx:xx:e1:00:00
next
end
next
FortiGate system DNS:
FGT1 # get system dns
primary : 208.91.112.53
secondary : 208.91.112.52
The correct IP address for the user:
IP: 192.168.32.126.
DNS: 10.100.45.111 and 10.100.45.112.
Sometimes the user can get FortiGate system DNS server, which is unintended:
IP: 192.168.32.126.
DNS: 208.91.112.53 and 208.91.112.52.
This could happen because of a dual conflicting config at port3.
Port3 acts as a 'DHCP server' which offers a DNS server, at the same time it acts as a 'DHCP relay' and makes a DHCP request to an external DHCP server to obtain an IP address and DNS server address for the user.
Solution:
# config system dhcp server
edit 1
set dns-service specify --> change 'default' to 'specify' and specify dns-server address.
set dns-server1 10.100.45.111
set dns-server2 10.100.45.112
Related Documentation:
https://docs.fortinet.com/document/fortiswitch/7.2.3/administration-guide/559601/configuring-a-dhcp-...
https://docs.fortinet.com/document/fortigate/7.2.4/administration-guide/783526/dhcp-servers-and-rela...
https://docs.fortinet.com/document/fortigate/6.2.1/cli-reference/59620/system-dhcp-server
|
