Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
martyyy
New Contributor III

Created on ‎10-30-2024 10:43 PM

DNS Server in the Interface set as Interface IP

Hi,

In one of our Interface (Explorer Data), the DNS Server was set as "Same as Interface IP".
1. What DNS will the end device will be getting? We would like to know what DNS it was using if the end device uses FQDN, how it resolves its FQDN to IP Address.

 

DNS Servers - Specify
Primary DNS server - 1.1.1.1
Secondary DNS - 8.8.8.8

 

2. For the "dynamically obtained DNS server", what is its purpose? Is it the "same as interface IP", and would this be used to rely on the DNS server or FortiGuard?"

 

Appreciate your comments and Thank you in advance.Same as Interface IP.jpg

Labels:
403
0 Kudos
5 REPLIES 5
pminarik
Staff
Staff

Created on ‎10-31-2024 01:47 AM

The client will get the IP of that interface.

E.g. if you are editing interface "port1" with IP 192.168.123.45 and select DNS='same as interface IP', DHCP will give 192.168.123.45 as the DNS server IP.
Warning: There is no verificaction if the DNS server is enabled on this interface/IP. That is up you you to do separately.

 

Thus the three options are:

"same as interface IP": Client's DNS IP will be the IP of this FGT interface.

"same as system DNS": Client's DNS IPs will be the IPs configured in Network > DNS (in FGT GUI)

"specify": manually set here to anything you want.

 

-----------------------------

 

"Dynamically obtained DNS servers": This is a list of DNS servers learned from upstream DHCP/PPPoE. It only shows when one of your FGT interfaces is a DHCP/PPPoE client and it received a DNS IP from there. You may or may not use it, depending on the interface's setting. ("override internal DNS = enable" => use the DHCP/PPPoE-learned DNS IP)

[ corrections always welcome ]
382
martyyy
New Contributor III
In response to pminarik

Created on ‎11-03-2024 05:02 PM

Hi @pminarik ,

Appreciate your response.

 

Just to add, Client's DNS IP will be the IP of this FGT interface.

how or what is the process to resolve FQDNs if the DNS is the FGT interface?

Thank you!

328
0 Kudos
pminarik
Staff
Staff
In response to martyyy

Created on ‎11-04-2024 12:20 AM Edited on ‎11-04-2024 12:20 AM

You need to enable and configure DNS resolver on that interface/IP.
1, System > Feature Visibility > make sure "DNS Database" is enabled (to see the options in the GUI)

2, Network > DNS Servers > DNS Service on Interface

[ corrections always welcome ]
300
martyyy
New Contributor III
In response to pminarik

Created on ‎11-11-2024 02:23 PM

Hi @pminarik ,

 

Yes, we have enabled that.

221
0 Kudos
kwcheng__FTNT
Staff
Staff
In response to martyyy

Created on ‎11-11-2024 03:40 PM

It should be the same as the standard DNS resolution process, whether your FortiGate is a reclusive or non-reclusive DNS. 

Do you need to configure a static route when passing an apple from left hand to right hand?
213
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.