Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fortigate-p
New Contributor II

DHCP Server with Hostname Overrides

Hello,

 

Some of the devices in our LAN are relying on hostnames to address other devices, e.g. server-a, server-b, laptop-john.

In our pfSense setup we have DHCP Static Mappings, which are binding MAC addresses to IP addresses and at the same time specifying a hostname.

 

Is there a way to achieve the same in FortiGate or at least some alternative solution?

 

Thanks in advance!

1 Solution
ede_pfau
Esteemed Contributor III

Then your clients need a "searchdomain" setting, set to your local domain name.

Check your settings with "ipconfig -all".

 

I use single names of local devices all the time. Heck, I even use single hostnames with remote IPs assigned to make my life easier (e.g. "BobsPC  10.121.14.5" where the 10.121.14 subnet is behind a VPN tunnel in a remote network).

 

You may be able to include Option 119 into your DHCP server setup, have a look here .


Ede

"Kernel panic: Aiee, killing interrupt handler!"

View solution in original post

Ede"Kernel panic: Aiee, killing interrupt handler!"
6 REPLIES 6
ede_pfau
Esteemed Contributor III

In FortiOS, that is 2 different services: DHCP reservation and private DNS zone.

For the first, you can reserve an IP to a MAC address, right in "Network - Interfaces - <your LAN IF> - DHCP server". Very easy if the device is already connected, otherwise enter the MAC and desired IP address.

Then, you can set up the FGT to be a DNS, with A records for your internal hosts. You only have to make sure the FGT is asked - your devices need to have the FGT as their DNS (similar to having the FGT's LAN interface address as gateway, DHCP server, NTP server...).

You would set up the DNS on your LAN interface as "recursive", that is, if the requested hostname is not found in the local DNS zone, it will be forwarded to the FGT's system DNS. This usually is your ISP's DNS address.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
fortigate-p

Thank you for the extensive reply, Ede!

 

Indeed, we already have a MAC > IP reservations set up at the DHCP Server of the internal interface.

 

We also created a DNS Server with a primary shadow non-authoritative DNS Zone for Domain Name "mycompany.com." (dot included). In this zone we have DNS Entries for the local services, e.g. localservice1.mycompany.com. The requests for external services (e.g. publicservice.mycompany.com) and 3rd party domains (e.g. www.yahoo.com) are also resolved, I think by default they are forwarded to the main Fortigate DNS servers. This all works fine.

 

However, we need to access local devices by their simple hostname (i.e. localservice1, localservice2 - without dotted notation) and it is not possible to create a root DNS Zone without a specified domain (extension).

 

Is there a way to create simple hostname mappings for the DNS Server?

 

Thank you!

ede_pfau
Esteemed Contributor III

Then your clients need a "searchdomain" setting, set to your local domain name.

Check your settings with "ipconfig -all".

 

I use single names of local devices all the time. Heck, I even use single hostnames with remote IPs assigned to make my life easier (e.g. "BobsPC  10.121.14.5" where the 10.121.14 subnet is behind a VPN tunnel in a remote network).

 

You may be able to include Option 119 into your DHCP server setup, have a look here .


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
fortigate-p

I think this might be exactly what I'm missing. I added an additional DHCP option 119. I used a script to generate the HEX value for localhostname1 & localhostname2 (something like 04:70:6d...). FortiOS complained that the hex string contains an odd number of characters and I prepended a zero, making it 004:70:6d... Then it was accepted by FortiOS.

 

Howerver, when trying to ping localhostname1 and localhostname2 from a Windows machine they do not get resolved.

 

Am I doing something wrong? I am doubting if the HEX format is correct and whether this DHCP option can be picked up correctly by Windows clients.

 

Thank you!

ede_pfau
Esteemed Contributor III

That's why I included a link to a page explaining that Option 119 is working in Win10 and Win11. Please read it (again) to assert that the hex coding still is mandatory.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
fortigate-p

Thanks Ede,

 

I just double checked and the DHCP configuration on the FortiGate is correct. And it shows the "Connection-specific DNS Suffix Search List" on the Windows clients when I do "ipconfig /all".

 

I just don't understand why when I do "ping hostnameX" it doesn't resolve the host even though hostnameX is listed in the "Connection-specific DNS Suffix Search List".

 

I will take another look at it later.

Thanks again for your help!

Top Kudoed Authors