Hi!
I wanted to use a Fortigate firewall as a secondary DNS server. It works, but it can't be registered in the RIPE database because it does not support TCP queries. Also when I start using DNSSEC, it will break due to long answers.
Can DNS over TCP be enabled somehow? Is there a fix planned for this?
Tomas
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
As far as I am aware, if you want to use the Fortigate as a secondary server, you have to copy the zone information to it. It cannot be a slave and read/store the records from a primary DNS server. The best it can do is forward request to the primary, which is useless if you want to take the primary offline for maintenance or rebuilding. I created scripts to do just that since I ran into that same issue not too long ago. Just before taking the primary down, I converted and loaded the scripts into the Fortigate. I don't work for Fortinet, so I don't know what future plans they have (if any) to make the DNS server fully secondary capable. See my signature for the location of the DNS conversion scripts if you are interested.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Dear rwpatterson,
sorry, but your reply does not apply to FortiOS version 5.2. It actually works as a slave, although the synchronization freezes up a lot. I've got it monitored and when it stops returning good results, I edit a zone and it restarts. I'm pretty sure I've seen an AXFR after I did it last time.
"As far as I can recall". I haven't delved deeply into version 5 as of yet. If the function was introduced, then you can ignore my prior post.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.