Hello all,
So we are testing using fortigates as DNS servers for remote sites. Our test site is as follows.
A Windows Domain Server Hosted in Azure 192.168.1.10 (HQ Server)
Site to Site VPN
FortiGate 60D in the remote site 192.168.10.254
The DNS Server on the Domain controller is configured to use the fortigate as a Second Name server. Zone Transfer is set to use the Name servers of the Zone and so is Notify
DNS Database is turned on, on the 60D
A salve database is configured on the DNS Server settings below:
Type: salve
View: Shadow
DNS Zone: company.local
Domain: company.local
IP of Master: 192.168.1.10
Authoritative: Enabled
Interface Services configured for the internal interface
I also added in the Set Source-ip to the internal interface and set forwarder to the HQ DC
But users could not long on and where getting no name servers found. I then also configured the _msdcs Zone
Type: salve
View: Shadow
DNS Zone: _msdcs.company.locall
Domain: _msdcs.company.local <-- I had to do this as it will not allow me to have company.local as the above database is using it
IP of Master: 192.168.1.10
Authoritative: Enabled
But still no signons. Anyone any thoughts?
CLI config:
config system dns-database
edit "company.local"
set domain "company.local"
set type slave
set forwarder "192.168.1.10"
set source-ip 192.168.10.254
set ip-master 192.168.1.10
next
edit "_msdcs.company.local"
set domain "_msdcs.company.local"
set type slave
set forwarder "192.168.1.10"
set source-ip 192.168.10.254
set ip-master 192.168.1.10
next
end
FCNSA, FCNSP (NSE4), NSE5
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Wow, no one's answered you in almost two years! I had this same issue today and was looking for a solution. I eventually resolved it by marking FortiGate DNS database as not authoritative. This makes sense because it should query the Windows DNS server if it's not found in the FortiGate database.
Wow, no one's answered you in almost two years! I had this same issue today and was looking for a solution. I eventually resolved it by marking FortiGate DNS database as not authoritative. This makes sense because it should query the Windows DNS server if it's not found in the FortiGate database.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1713 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.