Hello,
Some of the devices in our LAN are relying on hostnames to address other devices, e.g. server-a, server-b, laptop-john.
In our pfSense setup we have DHCP Static Mappings, which are binding MAC addresses to IP addresses and at the same time specifying a hostname.
Is there a way to achieve the same in FortiGate or at least some alternative solution?
Thanks in advance!
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Then your clients need a "searchdomain" setting, set to your local domain name.
Check your settings with "ipconfig -all".
I use single names of local devices all the time. Heck, I even use single hostnames with remote IPs assigned to make my life easier (e.g. "BobsPC 10.121.14.5" where the 10.121.14 subnet is behind a VPN tunnel in a remote network).
You may be able to include Option 119 into your DHCP server setup, have a look here .
In FortiOS, that is 2 different services: DHCP reservation and private DNS zone.
For the first, you can reserve an IP to a MAC address, right in "Network - Interfaces - <your LAN IF> - DHCP server". Very easy if the device is already connected, otherwise enter the MAC and desired IP address.
Then, you can set up the FGT to be a DNS, with A records for your internal hosts. You only have to make sure the FGT is asked - your devices need to have the FGT as their DNS (similar to having the FGT's LAN interface address as gateway, DHCP server, NTP server...).
You would set up the DNS on your LAN interface as "recursive", that is, if the requested hostname is not found in the local DNS zone, it will be forwarded to the FGT's system DNS. This usually is your ISP's DNS address.
Thank you for the extensive reply, Ede!
Indeed, we already have a MAC > IP reservations set up at the DHCP Server of the internal interface.
We also created a DNS Server with a primary shadow non-authoritative DNS Zone for Domain Name "mycompany.com." (dot included). In this zone we have DNS Entries for the local services, e.g. localservice1.mycompany.com. The requests for external services (e.g. publicservice.mycompany.com) and 3rd party domains (e.g. www.yahoo.com) are also resolved, I think by default they are forwarded to the main Fortigate DNS servers. This all works fine.
However, we need to access local devices by their simple hostname (i.e. localservice1, localservice2 - without dotted notation) and it is not possible to create a root DNS Zone without a specified domain (extension).
Is there a way to create simple hostname mappings for the DNS Server?
Thank you!
Then your clients need a "searchdomain" setting, set to your local domain name.
Check your settings with "ipconfig -all".
I use single names of local devices all the time. Heck, I even use single hostnames with remote IPs assigned to make my life easier (e.g. "BobsPC 10.121.14.5" where the 10.121.14 subnet is behind a VPN tunnel in a remote network).
You may be able to include Option 119 into your DHCP server setup, have a look here .
Created on 12-16-2022 08:04 AM Edited on 12-16-2022 08:06 AM
I think this might be exactly what I'm missing. I added an additional DHCP option 119. I used a script to generate the HEX value for localhostname1 & localhostname2 (something like 04:70:6d...). FortiOS complained that the hex string contains an odd number of characters and I prepended a zero, making it 004:70:6d... Then it was accepted by FortiOS.
Howerver, when trying to ping localhostname1 and localhostname2 from a Windows machine they do not get resolved.
Am I doing something wrong? I am doubting if the HEX format is correct and whether this DHCP option can be picked up correctly by Windows clients.
Thank you!
That's why I included a link to a page explaining that Option 119 is working in Win10 and Win11. Please read it (again) to assert that the hex coding still is mandatory.
Thanks Ede,
I just double checked and the DHCP configuration on the FortiGate is correct. And it shows the "Connection-specific DNS Suffix Search List" on the Windows clients when I do "ipconfig /all".
I just don't understand why when I do "ping hostnameX" it doesn't resolve the host even though hostnameX is listed in the "Connection-specific DNS Suffix Search List".
I will take another look at it later.
Thanks again for your help!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
227 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.