DNS Setup in Fortigate with Windows Domain not Working Right.
I have a Fortigate 201F (firmware 7.0.10) with a LAN with a windows domain with 2 windows servers acting as DNS servers. All clients inside my LAN, laptops, desktops and servers all use the 2 Windows DNS servers for DNS.
The DNS settings in my Fortigate 201F are causing me a headache.
1. If I have the Network -> DNS -> DNS Settings set to the FortiGuard servers, benign websites such as cnn.com get blocked and https sites do not respond.
2. If I have one of my Windows servers set as the primary DNS and a FortiGuard server as the secondary DNS, websites display normally. 3. If I set the DNS Settings to use both of my internal Windows DNS servers, then I get a message about not being able to reach the FortiGuard servers and the safe websites get blocked again and https sites do not respond.
My workaround is to keep the primary DNS in the Fortigate as one of my Windows DNS servers and the secondary as a FortiGuard server. I would like to get to where I can use the Fortiguard servers only.
Under Network -> DNS Servers -> DNS Service on Interface: I have the LAN in recursive mode. I think this may be my problem as I think I may have the FortiGate as well as the 2 Windows servers trying to serve DNS to the LAN all at once. If I remove the DNS Server on Interface for the LAN, could this help my DNS issue?
FWIW I have a similar set up to your own. I do not use FortiGuard DNS servers. I use quad9. What you probably want to be doing is set up a DNS server on your LAN interface that acts as a BIND secondary to your AD server, though.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.