Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Heshmatkhah
New Contributor II

Created on ‎04-27-2022 10:54 PM

FortiOS DNS Server not resolving domains

Hi

I'm running FortiOS v7.2.0,build1157,220331 on FortiGate-200E

I enabled DNS Database in Feature Visibility and configured it like this:

 

config system dns
    set primary 1.1.1.1
    set secondary 1.0.0.1
    set protocol cleartext dot doh
    set server-hostname "one.one.one.one"
    set domain "test.local"
end

config system dns-server
    edit "port3"
        set mode forward-only
    next
end

config system dns-database
    edit "Test"
        set domain "test.local"
        set view public
        set authoritative enable
        config dns-entry
            edit 1
                set hostname "@"
                set ip 192.168.5.15
            next
            edit 2
                set hostname "asd"
                set ip 192.168.5.15
            next
        end
        set primary-name "dns1"
        set contact "host@test.local"
    next
end

 

(The IP Address of port3 is 192.168.5.1) 

The firewall doesn't respond to DNS for this domain and forwards the request to other DNS servers instead of resolving it from the local database

Heshmatkhah_1-1651124316558.png

I tried dig for these domains and all of them failed to resolve:

  • asd.test.local
  • asd (should work because test.local is set in the Local domain name in DNS)
  • test.local

How can I fix this?

Labels:
10327
0 Kudos
2 Solutions
AlexC-FTNT
Staff
Staff

Created on ‎04-28-2022 02:46 AM

Your DNS server seems to be set to forward-only, which will only forward to the public DNS configured, without checking the local database.

https://community.fortinet.com/t5/Fortinet-Forum/What-s-difference-between-recursive-non-recursive-a...


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -

View solution in original post

10318
Heshmatkhah
New Contributor II
In response to Heshmatkhah

Created on ‎04-28-2022 06:57 AM

Ok, I set the view to shadow (in addition to DNS server mod), and it works now.

But I can't understand what does internal and public users mean

 

Zone view (public to serve public clients, shadow to serve internal clients).
shadow: Shadow DNS zone to serve internal clients.
public: Public DNS zone to serve public clients.

View solution in original post

10306
0 Kudos
3 REPLIES 3
AlexC-FTNT
Staff
Staff

Created on ‎04-28-2022 02:46 AM

Your DNS server seems to be set to forward-only, which will only forward to the public DNS configured, without checking the local database.

https://community.fortinet.com/t5/Fortinet-Forum/What-s-difference-between-recursive-non-recursive-a...


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
10319
Heshmatkhah
New Contributor II
In response to AlexC-FTNT

Created on ‎04-28-2022 06:39 AM

Thanks for your reply

It works in non-recursive mode but doesn't work in recursive mode.

10271
0 Kudos
Heshmatkhah
New Contributor II
In response to Heshmatkhah

Created on ‎04-28-2022 06:57 AM

Ok, I set the view to shadow (in addition to DNS server mod), and it works now.

But I can't understand what does internal and public users mean

 

Zone view (public to serve public clients, shadow to serve internal clients).
shadow: Shadow DNS zone to serve internal clients.
public: Public DNS zone to serve public clients.
10307
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.