Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
bb101
New Contributor

DNS Server Same as System DNS

Hello, I have a FortiWiFi 61E and I am wondering if it is possible to set the DNS Server to Same as System DNS? On the Wan side (Network -> Interfaces -> Wan1) Retrieve default gateway from server is set on and Override internal DNS is on. I do not want to use the FortiGuard servers. I prefer to use those of the ISP. On the Lan side (Network -> Interfaces -> Lan) Default Gateway is set to Same as Interfance IP and if DNS Server set to Same as System DNS everything works fine. My issue with having DNS Server set to Same as System DNS is that if I change the ISP on Wan1 the DNS properties on client PCs do not update to reflect the DNS of the new ISP and I have to run the command ipconfig /renew on the client machines to receive the new DNS information.

 

However if I set DNS Server to Same as Interface IP, the internet stops working.

Is there any way to be able to set DNS Server to Same as Interface IP and have the internet to work? Alternatively is there a way to specific a DNS Server IP of 192.168.1.X and have that forward the requests to current System DNS?

 

TIA

FortiWiFi 61E
5 REPLIES 5
oheigl
Contributor II

Go to Network > DNS Servers > Create New DNS Service on Interface. Chose the internal interface like you mentioned with the IP 192.168.1.x and OK 

Or with the CLI:

config system dns-server

edit "port1"

set mode forward-only

next

end

bb101
New Contributor

Worked like a charm. You made my year.

FortiWiFi 61E
oheigl
Contributor II

Glad I could help!

haazy1
New Contributor

Any reason why the internet stops working when the DNS server is set to same as interface IP?

Toshi_Esumi
Esteemed Contributor II

Because the FGT is not acting as DNS server. It just drops all DNS queries if you point them to the FGT.

The "forward" setting would just forward those queries to the real DNS servers either learned from ISP via DHCP or the system DNS you have in the FGT's config.

If you have paid enough attention to the WAN interface config GUI, you would  have noticed a sliding button labeled "Override internal DNS" in the address mode setting. By default, it's enabled. That's why the FGT forwards those queries to the ISP provided DNS servers instead of the FortiGuard DNS servers.

 

Toshi