Fortigate DNS Server reverse lookup

Rider · ‎09-09-2021

Hi,

my Foritgate is acting as a DNS server with static entrys. However a revrese lookup (ip to name) on a client which have fortigate as a DNS server configured gives no result.

Is there an additional setting which have to be configured for DNS reverse lookup?

Kind Regards,

Juergen

ede_pfau · ‎09-09-2021

In short (as I am on holidays and not at my desk):

1- You need to create an additional zone, aptly named like a reverse zone.

2- Populate it with PTR records instead of A records.

Then the FGT will do reverse lookups. It is clumsy, and PTR records are not created automatically, but it works.

Ede Kernel panic: Aiee, killing interrupt handler!

jpveen · ‎09-17-2021

did you configure PTR records for every A record you want the reverse lookup to work for? That's required to get reverse lookups working as far as I know.

rik-e · ‎04-13-2022

Hi Juergen,

are you using an active directory by an chance?

If so you could forward these requests to the domain dns servers.

I did it this way and it works fine:

conf system dns-database

edit "10.in-addr.arpa"
set domain "10.in-addr.arpa"
set ttl 28800
set authoritative disable
set forwarder "[DC1]" "[DC2]"

This way every PTR request for IPs of 10.0.0.0/8 gets forwarded.

Fortigate DNS Server reverse lookup

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website