Split DNS

nbctcp · ‎01-24-2020

I read somewhere in order to use Web Filter, I need to use FortiGuard DNS

Let say I have internal dns which host all internal server hostname

I want Fortigate which use default fortiguard dns able to solve internal server name

I came with idea to do split dns

OPTION1

-set Fortigate DNS to Internal DNS

set Internal DNS forwarder to FortiGuard DNS

OPTION2

-set Fortigate DNS to default FortiGuard DNS

then set

config system dns-database edit "company1.com" set domain "company1.com" set authoritative disable set forwarder "10.243.13.1" next end QUESTIONS 1. Can I do OPTION2 and achieve same result as OPTION1 tq

http://goo.gl/lhQjmU
http://nbctcp.wordpress.com

Yurisk · ‎01-25-2020

To use Webfilter you don't need to use Fortinet DNSes. To use DNS Filter you do need to use their DNS servers.

Yuri Slobodyanyuk

nbctcp · ‎01-25-2020

https://ibb.co/yNFfcQ8

After seeing Network/DNS/DNS Filter Servers=208.91.112.220

or

# sh full-configuration | grep -f sdns-server-ip

I can see that DNS Filter using FortiGuard

So OPTION1 should be Network/DNS=INTERNAL AD DNS IP INTERNAL AD DNS Forwarder=ISP DNS

but question remain, whether can I use OPTION2 and get same result as OPTION1

UPDATE1: 1. I think this is the answer https://www.youtube.com/watch?v=3Ze3jMAdRTo&feature=emb_logo I need to setup dns server in Fortigate interface facing LAN/DMZ

Yurisk wrote:
To use Webfilter you don't need to use Fortinet DNSes. To use DNS Filter you do need to use their DNS servers.

http://goo.gl/lhQjmU
http://nbctcp.wordpress.com

Split DNS

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website