Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Route issue to .local domain

We are currently in the process of removing Talari's from our environment and just having IPSec tunnels for AD traffic on the Fortigates. So far I have a couple offices moved over. We have a couple new offices with the same setup (minus the Talari) with IPSec tunnel(s). When doing a Route Lookup at the new offices to our .local domain, I get "No routes exists to the destination "DOMAIN.local". If I do it on the offices that were moved off the Talari device, it works fine and highlights the IPSec tunnel. I have compared the configurations and they are the same. I've looked at the firewall in our datacenter and everything appears to be identical with the new and old offices. DNS queries for the domain appear to be using the tunnel, but for my sanity I would like to figure why the route lookup at the old office locations but not the new ones. 



I ran a packet capture (not sure what diag debug command to use) and see that the DNS query is coming from which is the DMZ interface. I looked and nothing is using the DMZ interface.



New Contributor

I ended up figuring out the issue. I missed adding a source-ip under dns-database


config system dns-database edit "DOMAIN.local" set domain "DOMAIN.local" set type slave set authoritative disable set forwarder "*DNS server 1*" "*DNS server 2*" set source-ip *FORTIGATE LAN Interface* set ip-master *DNS server 1* next end


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors