- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiOS DNS Server not resolving domains
Hi
I'm running FortiOS v7.2.0,build1157,220331 on FortiGate-200E
I enabled DNS Database in Feature Visibility and configured it like this:
config system dns
set primary 1.1.1.1
set secondary 1.0.0.1
set protocol cleartext dot doh
set server-hostname "one.one.one.one"
set domain "test.local"
end
config system dns-server
edit "port3"
set mode forward-only
next
end
config system dns-database
edit "Test"
set domain "test.local"
set view public
set authoritative enable
config dns-entry
edit 1
set hostname "@"
set ip 192.168.5.15
next
edit 2
set hostname "asd"
set ip 192.168.5.15
next
end
set primary-name "dns1"
set contact "host@test.local"
next
end
(The IP Address of port3 is 192.168.5.1)
The firewall doesn't respond to DNS for this domain and forwards the request to other DNS servers instead of resolving it from the local database
I tried dig for these domains and all of them failed to resolve:
- asd.test.local
- asd (should work because test.local is set in the Local domain name in DNS)
- test.local
How can I fix this?
Solved! Go to Solution.
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Your DNS server seems to be set to forward-only, which will only forward to the public DNS configured, without checking the local database.
- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok, I set the view to shadow (in addition to DNS server mod), and it works now.
But I can't understand what does internal and public users mean
Zone view (public to serve public clients, shadow to serve internal clients).
shadow: Shadow DNS zone to serve internal clients.
public: Public DNS zone to serve public clients.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Your DNS server seems to be set to forward-only, which will only forward to the public DNS configured, without checking the local database.
- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for your reply
It works in non-recursive mode but doesn't work in recursive mode.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok, I set the view to shadow (in addition to DNS server mod), and it works now.
But I can't understand what does internal and public users mean
Zone view (public to serve public clients, shadow to serve internal clients).
shadow: Shadow DNS zone to serve internal clients.
public: Public DNS zone to serve public clients.
