I'm having issues configuring a split DNS server on a Fortigate 60D (5.2.2). This will be for a remote branch office with no local DNS server. The goal is to have DNS requests first query a public server (8.8.8.8), then query the internal server (10.1.2.3). This way the vast majority of DNS requests will be going via the internet link, with minimal requests going over an IPsec link.
Below is my DNS server config:
config system dns-server
edit "internal"
set mode recursive
set webfilter-profile ''
next
end
config system dns-database
edit "Internal_DNS"
set status enable
set domain "company.domain.com"
set type slave
set view shadow
set authoritative disable
unset forwarder
set source-ip 0.0.0.0
set ip-master 10.1.2.3
next
edit "Reverse-Subnet"
set status enable
set domain "2.1.10-in-addr.arpa"
set type slave
set view shadow
set authoritative disable
unset forwarder
set source-ip 0.0.0.0
set ip-master 10.1.2.3
next
end
This was taken directly from this thread, but I've been unsuccessful in getting it to work for me. With the above config, DNS requests for internet hosts (www.google.com) work, but DNS requests that should be directed to the internal server are still going to the public server.
It should also be noted that running an nslookup company.domain.com 10.1.2.3 from a client on the internal interface successfully returns successful results, so I don't think policy/routing is the issue here.
I've also tried using a Master configuration with manual host entries pointing to local file servers. This works successfully, but ultimately I'd prefer to use our existing internal DNS.
Happy to post some debugs or further configs if required.
Cheers.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Think I've sorted this out, I used "set forwarder 10.1.2.3" to point to our internal DNS.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.