I have the following use case with Fortigate 6.4.12:
I have a DNS domain hosted with my ISP for internet facing service say myorg.com. Therein I have several hostnames for services. I need to split-brain only specific hostnames under this domain internally on my corporate LAN. For example
Internally on my corporate we use Windows DNS servers. Whilst these support conditional forwarding catering for 2 and 3 is messy and requires multiple upstream DNS servers.
Can the Fortigate DNS servers setup with non-authoritative zones simply answer for specific records and forward for all others in a zone?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Yes sir!
https://docs.fortinet.com/document/fortigate/7.2.4/administration-guide/960561/fortigate-dns-server
I assume #2 you mean to say "When www.web.myorg.com is resolved internally I wish to return 2.2.2.2"
Basically configure a DNS server for the domain in question. Have a host record DNS entry for www and point it to 2.2.2.2.
Configure the DNS Forwarder to be the server(s) you want to use to resolve anything else in the web.myorg.com domain.
Enable the DNS Service on the relevant interface(s).
Done!
Yes sir!
https://docs.fortinet.com/document/fortigate/7.2.4/administration-guide/960561/fortigate-dns-server
I assume #2 you mean to say "When www.web.myorg.com is resolved internally I wish to return 2.2.2.2"
Basically configure a DNS server for the domain in question. Have a host record DNS entry for www and point it to 2.2.2.2.
Configure the DNS Forwarder to be the server(s) you want to use to resolve anything else in the web.myorg.com domain.
Enable the DNS Service on the relevant interface(s).
Done!
Can you have the SRV records hosted on the downstream DNS server?
Yes I can but trying to not introduce more 'things' on my datacentre and reuse existing kit/capbilty. This one look like I'll have to use some lightweight dnssec or bind instances.
I have asked our TAM to raise a feature request to support SRV DNS records on the Fortigate DNS Server. ;)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.