Hi everyone, I need help with the DNS server on Fortigate. I'm using Forti as a DNS server and currently, I'm using the recursive mode because we have a DNS database. As I understand it, the recursive mode will query the DNS database first, and if it doesn't find the record, it will forward the query to the DNS system (I've set the DNS system to 8.8.8.8). The problem is that I have some domains mapped to private IPs, and when using Forti as the DNS server in recursive mode, it cannot resolve those domains. Is there any way to fix this issue?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
The concept of "not in the database" is valid for the whole domain only, not for the subdomains. As long as the domain is present in the database every request for it's subdomains will not be forwarded. If the entry is not found locally it will respond with non existing domain. Take a look at this simple test:
I think this is a DNS server behavior, if the domain exist locally all the subdomains for that domain will be searched locally, the requests will not be forwarded to the external DNS server. As a workaround you can create another/similar domain for the local DNS database.
Hi thanks for your answer,
I have also thought about that method, but if there are too many domains mapped to private IPs and they change frequently, that approach is not practical because it requires too much manual work
As I know this is a limit for the standard DNS server not only a limitation of FGT.
If the network has a private DNS server configured with all this private domains you can choose to forward all the request without specifying domains in the local database of the FGT.
But as far as I know about the recursive mode, when it is not in the database, it will search the external DNS. Is this correct?
The concept of "not in the database" is valid for the whole domain only, not for the subdomains. As long as the domain is present in the database every request for it's subdomains will not be forwarded. If the entry is not found locally it will respond with non existing domain. Take a look at this simple test:
thanks for your support, i got it with your explain
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1640 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.